Rapid7 probably found this vulnerability on October 23 2002http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE- 2002-1167
They don't show the output and specify it is error message but the injection method is the same. The update is it works on IBM Edge Components Caching Proxy - International English Edition 6.0.2
Reproduce by request nonexistant host and seeing it reflected in error message -
GET http://server/";<script>alert('NOHUGS')</script> HTTP/1.0
