1.3 --- http: user_agent: Arachni/v1.3 request_timeout: 10000 request_redirect_limit: 5 request_concurrency: 20 request_queue_size: 100 request_headers: {} response_max_size: 500000 cookies: {} audit: parameter_values: true exclude_vector_patterns: [] include_vector_patterns: [] link_templates: [] links: true forms: true cookies: true ui_inputs: true ui_forms: true jsons: true xmls: true input: values: {} default_values: "(?i-mx:name)": arachni_name "(?i-mx:user)": arachni_user "(?i-mx:usr)": arachni_user "(?i-mx:pass)": 5543!%arachni_secret "(?i-mx:txt)": arachni_text "(?i-mx:num)": '132' "(?i-mx:amount)": '100' "(?i-mx:mail)": arachni@email.gr "(?i-mx:account)": '12' "(?i-mx:id)": '1' without_defaults: false force: false datastore: report_path: browser_cluster: local_storage: {} wait_for_elements: {} pool_size: 6 job_timeout: 25 worker_time_to_live: 100 ignore_images: false screen_width: 1600 screen_height: 1200 scope: redundant_path_patterns: {} dom_depth_limit: 5 exclude_path_patterns: [] exclude_content_patterns: [] include_path_patterns: [] restrict_paths: [] extend_paths: [] url_rewrites: {} session: {} checks: - csrf - xss_tag - code_injection_timing - trainer - os_cmd_injection - xss_dom_script_context - xss_dom - xss_script_context - no_sql_injection - xpath_injection - session_fixation - no_sql_injection_differential - sql_injection_timing - sql_injection - file_inclusion - source_code_disclosure - xss_path - os_cmd_injection_timing - code_injection_php_input_wrapper - path_traversal - rfi - xxe - unvalidated_redirect_dom - xss_event - code_injection - unvalidated_redirect - ldap_injection - xss - sql_injection_differential - response_splitting - insecure_cross_domain_policy_access - common_files - webdav - common_directories - localstart_asp - backup_files - unencrypted_password_forms - hsts - form_upload - ssn - captcha - http_only_cookies - private_ip - cookie_set_for_parent_domain - insecure_cookies - x_frame_options - cvs_svn_users - html_objects - mixed_resource - emails - credit_card - password_autocomplete - insecure_cors_policy - origin_spoof_access_restriction_bypass - backup_directories - http_put - interesting_responses - allowed_methods - insecure_client_access_policy - htaccess_limit - backdoors - directory_listing - common_admin_interfaces - xst - insecure_cross_domain_policy_headers platforms: [] plugins: {} no_fingerprinting: false authorized_by: url: http://testhtml5.vulnweb.com/ 2015-10-01T17:37:14+03:00 2015-10-01T17:42:30+03:00 Cross-Site Request Forgery In the majority of today's web applications, clients are required to submit forms which can perform sensitive operations. An example of such a form being used would be when an administrator wishes to create a new user for the application. In the simplest version of the form, the administrator would fill-in: * Name * Password * Role (level of access) Continuing with this example, Cross Site Request Forgery (CSRF) would occur when the administrator is tricked into clicking on a link, which if logged into the application, would automatically submit the form without any further interaction. Cyber-criminals will look for sites where sensitive functions are performed in this manner and then craft malicious requests that will be used against clients via a social engineering attack. There are 3 things that are required for a CSRF attack to occur: 1. The form must perform some sort of sensitive action. 2. The victim (the administrator the example above) must have an active session. 3. Most importantly, all parameter values must be **known** or **guessable**. Arachni discovered that all parameters within the form were known or predictable and therefore the form could be vulnerable to CSRF. _Manual verification may be required to check whether the submission will then perform a sensitive action, such as reset a password, modify user profiles, post content on a forum, etc._ Based on the risk (determined by manual verification) of whether the form submission performs a sensitive action, the addition of anti-CSRF tokens may be required. These tokens can be configured in such a way that each session generates a new anti-CSRF token or such that each individual request requires a new token. It is important that the server track and maintain the status of each token (in order to reject requests accompanied by invalid ones) and therefore prevent cyber-criminals from knowing, guessing or reusing them. _For examples of framework specific remediation options, please refer to the references._ high CSRF It uses differential analysis to determine which forms affect business logic and checks them for lack of anti-CSRF tokens. (Works best with a valid session.) Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.3.5 csrf 352 889065924 Arachni::Element::Form form http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/contact <form class="well span10 ng-scope ng-pristine ng-valid" action="/contact" method="POST"> <div class="row-fluid"> <div class="span6"> <label>First Name</label> <input type="text" class="span8" placeholder="Your First Name" name="firstName"> <label>Last Name</label> <input type="text" class="span8" placeholder="Your Last Name" name="lastName"> <label>Email Address</label> <input type="text" class="span8" placeholder="Your email address" name="address"> <label>Subject</label> <select id="subject" name="subject" class="span8"> <option value="na" selected>Choose One:</option> <option value="service">General Customer Service</option> <option value="suggestions">Suggestions</option> <option value="product">Product Support</option> </select> </div> <div class="span6"> <label>Message</label> <textarea name="message" id="message" class="input-xlarge span10" rows="10"></textarea> </div> </div> <button id="butonul" type="submit" class="btn btn-primary pull-left">Send</button> </form> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="-88160834"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css"> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> <style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class=""><a href="#/popular" data-arachni-id="1270713017">Popular</a></li> <li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li> <li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li> <li><a href="#/archive" data-arachni-id="916551842">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about" data-arachni-id="63058797">About</a></li> <li class="active"><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view=""><form class="well span10 ng-scope ng-pristine ng-valid" action="/contact" method="POST"> <div class="row-fluid"> <div class="span6"> <label>First Name</label> <input type="text" class="span8" placeholder="Your First Name" name="firstName"> <label>Last Name</label> <input type="text" class="span8" placeholder="Your Last Name" name="lastName"> <label>Email Address</label> <input type="text" class="span8" placeholder="Your email address" name="address"> <label>Subject</label> <select id="subject" name="subject" class="span8"> <option value="na" selected="">Choose One:</option> <option value="service">General Customer Service</option> <option value="suggestions">Suggestions</option> <option value="product">Product Support</option> </select> </div> <div class="span6"> <label>Message</label> <textarea name="message" id="message" class="input-xlarge span10" rows="10"></textarea> </div> </div> <button id="butonul" type="submit" class="btn btn-primary pull-left">Send</button> </form> </div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>4</b> times.</div> </div> <footer> <p class="pull-left">© Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/#/popular"></div> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&amp;ad_client=723898932&amp;u_h=768&amp;u_w=1024&amp;pn=&amp;ref=&amp;url=http://testhtml5.vulnweb.com/#/popular&amp;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body></html> http://testhtml5.vulnweb.com/ get

GET http://testhtml5.vulnweb.com/ HTTP/1.1 User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12 Connection: Keep-Alive Accept-Encoding: gzip Accept-Language: en-US,* Host: testhtml5.vulnweb.com http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/#/contact page load 1.0635 http://testhtml5.vulnweb.com/ request 0.0007 http://bxss.s3.amazonaws.com/ad.js request 0.5265 http://testhtml5.vulnweb.com/ajax/popular?offset=0 request 0.226 <a href="#/contact" data-arachni-id="-1678787584"> click 1.1728 <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="-88160834"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css"> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> <style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class=""><a href="#/popular" data-arachni-id="1270713017">Popular</a></li> <li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li> <li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li> <li><a href="#/archive" data-arachni-id="916551842">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about" data-arachni-id="63058797">About</a></li> <li class="active"><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view=""><form class="well span10 ng-scope ng-pristine ng-valid" action="/contact" method="POST"> <div class="row-fluid"> <div class="span6"> <label>First Name</label> <input type="text" class="span8" placeholder="Your First Name" name="firstName"> <label>Last Name</label> <input type="text" class="span8" placeholder="Your Last Name" name="lastName"> <label>Email Address</label> <input type="text" class="span8" placeholder="Your email address" name="address"> <label>Subject</label> <select id="subject" name="subject" class="span8"> <option value="na" selected="">Choose One:</option> <option value="service">General Customer Service</option> <option value="suggestions">Suggestions</option> <option value="product">Product Support</option> </select> </div> <div class="span6"> <label>Message</label> <textarea name="message" id="message" class="input-xlarge span10" rows="10"></textarea> </div> </div> <button id="butonul" type="submit" class="btn btn-primary pull-left">Send</button> </form> </div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>4</b> times.</div> </div> <footer> <p class="pull-left">© Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/#/popular"></div> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&amp;ad_client=723898932&amp;u_h=768&amp;u_w=1024&amp;pn=&amp;ref=&amp;url=http://testhtml5.vulnweb.com/#/popular&amp;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body></html> http://testhtml5.vulnweb.com/ get

GET http://testhtml5.vulnweb.com/ HTTP/1.1 User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12 Connection: Keep-Alive Accept-Encoding: gzip Accept-Language: en-US,* Host: testhtml5.vulnweb.com http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/#/contact page load 1.0635 http://testhtml5.vulnweb.com/ request 0.0007 http://bxss.s3.amazonaws.com/ad.js request 0.5265 http://testhtml5.vulnweb.com/ajax/popular?offset=0 request 0.226 <a href="#/contact" data-arachni-id="-1678787584"> click 1.1728 <form class="well span10 ng-scope ng-pristine ng-valid" action="/contact" method="POST"> <div class="row-fluid"> <div class="span6"> <label>First Name</label> <input type="text" class="span8" placeholder="Your First Name" name="firstName"> <label>Last Name</label> <input type="text" class="span8" placeholder="Your Last Name" name="lastName"> <label>Email Address</label> <input type="text" class="span8" placeholder="Your email address" name="address"> <label>Subject</label> <select id="subject" name="subject" class="span8"> <option value="na" selected>Choose One:</option> <option value="service">General Customer Service</option> <option value="suggestions">Suggestions</option> <option value="product">Product Support</option> </select> </div> <div class="span6"> <label>Message</label> <textarea name="message" id="message" class="input-xlarge span10" rows="10"></textarea> </div> </div> <button id="butonul" type="submit" class="btn btn-primary pull-left">Send</button> </form> true Unvalidated DOM redirect Web applications occasionally use DOM input values to store the address of the page to which the client will be redirected -- for example: `yoursite.com/#/?redirect=www.yoursite.com/404.asp` An unvalidated redirect occurs when the client is able to modify the affected parameter value and thus control the location of the redirection. For example, the following URL `yoursite.com/#/?redirect=www.anothersite.com` will redirect to `www.anothersite.com`. Cyber-criminals will abuse these vulnerabilities in social engineering attacks to get users to unknowingly visit malicious web sites. Arachni has discovered that the web page does not validate the parameter value prior to redirecting the client to the injected value. The application should ensure that the supplied value for a redirect is permitted. This can be achieved by performing whitelisting on the parameter value. The whitelist should contain a list of pages or sites that the application is permitted to redirect users to. If the supplied value does not match any value in the whitelist then the server should redirect to a standard error page. high Unvalidated DOM redirect Injects URLs and checks the browser URL to determine whether the attack was successful. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.1.2 unvalidated_redirect_dom 819 707201679 Arachni::Element::Link::DOM link_dom http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/ <a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a> http://www.88fc8f0ec9141866cb14f3125be901b4.com/ get url http://www.88fc8f0ec9141866cb14f3125be901b4.com/ get http://www.88fc8f0ec9141866cb14f3125be901b4.com/ 0 0.0 http://www.88fc8f0ec9141866cb14f3125be901b4.com/ page load 0.4715 <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="1732833613"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css"> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> <style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li> <li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li> <li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li> <li><a href="#/archive" data-arachni-id="916551842">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about" data-arachni-id="63058797">About</a></li> <li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view=""><div id="loader" class="ng-scope" style="display: none; "> Loading ... <i class="icon-spinner icon-spin icon-2x pull-left"></i> </div> <div data-ng-include="'/static/app/partials/itemsList.html'" class="ng-scope"><div class="row-fluid ng-scope"> <div class="pull-left"> <input type="text" placeholder="Filter results" ng-model="searchText" class="ng-pristine ng-valid" data-arachni-id="0"> </div> <div class="pull-right"> <div ng-show="filter==''">Page <span ng-bind-html-unsafe="pageStr" style="font-weight: bold;" class="ng-binding">0</span> </div> </div> <div class="pull-right"> <div ng-show="filter!=''" style="display: none; ">Filtering for host <b class="ng-binding"></b></div> </div> </div> <!-- ngRepeat: item in items | filter:filter | filter:searchText --><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://javahacker.com/the-first-javascript-misdirection-contest/" target="_blank" href="http://javahacker.com/the-first-javascript-misdirection-contest/" data-arachni-id="638179893"><img ng-src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png" class="img-rounded" src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/javahacker.com" class="ng-binding" href="#/all/filter/javahacker.com" data-arachni-id="1120821955">javahacker.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">4</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/irsdl" target="_blank" class="ng-binding" href="http://twitter.com/irsdl" data-arachni-id="1932745266">@irsdl</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/WisecWisec" target="_blank" class="ng-binding" href="http://twitter.com/WisecWisec" data-arachni-id="1159424928">@WisecWisec</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/adam_baldwin" target="_blank" class="ng-binding" href="http://twitter.com/adam_baldwin" data-arachni-id="-575155691">@adam_baldwin</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/irsdl" target="_blank" href="http://twitter.com/irsdl" data-arachni-id="-1386142063"><b class="ng-binding">@irsdl</b></a><br> RT @peterjaric: The winner of the JavaScript Misdirection Contest: @aymericbeaumet! Check out all entries at http://t.co/r38tRSqfo3 http:/… <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" target="_blank" href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" data-arachni-id="-482669131"><img ng-src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png" class="img-rounded" src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/www.wired.com" class="ng-binding" href="#/all/filter/www.wired.com" data-arachni-id="1436533755">www.wired.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/"><div class="detailsboxTitle ng-binding">This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/titanous" target="_blank" class="ng-binding" href="http://twitter.com/titanous" data-arachni-id="-1592843519">@titanous</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/stefant" target="_blank" class="ng-binding" href="http://twitter.com/stefant" data-arachni-id="-2023154779">@stefant</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/titanous" target="_blank" href="http://twitter.com/titanous" data-arachni-id="2124267712"><b class="ng-binding">@titanous</b></a><br> RT @csoghoian: This is excellent. http://t.co/L1YY4g87OI http://t.co/wQ5XsgFYWD <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" target="_blank" href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" data-arachni-id="-535118315"><img ng-src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png" class="img-rounded" src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/labs.bromium.com" class="ng-binding" href="#/all/filter/labs.bromium.com" data-arachni-id="5534590">labs.bromium.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/"><div class="detailsboxTitle ng-binding">An interesting detail about Control Flow Guard | Bromium Labs</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" class="ng-binding" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1031551260">@ABazhaniuk</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/matrosov" target="_blank" class="ng-binding" href="http://twitter.com/matrosov" data-arachni-id="598024477">@matrosov</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1743479005"><b class="ng-binding">@ABazhaniuk</b></a><br> RT @ClausHoumann: An interesting detail about Control Flow Guard http://t.co/XIuaRMABnH <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" target="_blank" href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" data-arachni-id="351646421"><img ng-src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png" class="img-rounded" src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/securityaffairs.co" class="ng-binding" href="#/all/filter/securityaffairs.co" data-arachni-id="2114659152">securityaffairs.co</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=7906144d5b0e85adfdf752593fdc3da6" href="/like?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=7906144d5b0e85adfdf752593fdc3da6" href="/report?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html"><div class="detailsboxTitle ng-binding">Are you still using TrueCrypt? Beware of these 2 critical flaws!Security Affairs</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/stamparm" target="_blank" class="ng-binding" href="http://twitter.com/stamparm" data-arachni-id="1599093753">@stamparm</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/seecurity" target="_blank" href="http://twitter.com/seecurity" data-arachni-id="1187679520"><b class="ng-binding">@seecurity</b></a><br> RT @HenkvanRoest: "Are you still using TrueCrypt? Beware of these 2 critical flaws!" http://t.co/gWMlyvog24 #security #feedly <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" target="_blank" href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" data-arachni-id="-1241260543"><img ng-src="/static/scr/default.png" class="img-rounded" src="/static/scr/default.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/blog.cobaltstrike.com" class="ng-binding" href="#/all/filter/blog.cobaltstrike.com" data-arachni-id="-1467443516">blog.cobaltstrike.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/"><div class="detailsboxTitle ng-binding">untitled</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/vegoshin" target="_blank" class="ng-binding" href="http://twitter.com/vegoshin" data-arachni-id="-2016345391">@vegoshin</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/roo7break" target="_blank" class="ng-binding" href="http://twitter.com/roo7break" data-arachni-id="1992343354">@roo7break</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/vegoshin" target="_blank" href="http://twitter.com/vegoshin" data-arachni-id="1858812048"><b class="ng-binding">@vegoshin</b></a><br> Advanced Threat Tactics – Course and Notes http://t.co/zx2C8gN6LT <br><br> </div> </div> </div> </div> <ul class="pager ng-scope"> <li><a ng-href="#/popular/page/-1" ng-show="page&gt;0" href="#/popular/page/-1" style="display: none; ">Previous</a></li> <li><a ng-href="#/popular/page/1" ng-show="filter==''" href="#/popular/page/1" data-arachni-id="2424595">Next</a></li> </ul></div></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>1</b> times.</div> </div> <footer> <p class="pull-left">© Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/"></div> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&amp;ad_client=723898932&amp;u_h=768&amp;u_w=1024&amp;pn=&amp;ref=&amp;url=http://testhtml5.vulnweb.com/&amp;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body></html> http://testhtml5.vulnweb.com/ get

GET http://testhtml5.vulnweb.com/ HTTP/1.1 User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12 Connection: Keep-Alive Accept-Encoding: gzip Accept-Language: en-US,* Host: testhtml5.vulnweb.com http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/#/popular page load 1.0635 http://testhtml5.vulnweb.com/ request 0.0007 http://bxss.s3.amazonaws.com/ad.js request 0.5265 http://testhtml5.vulnweb.com/ajax/popular?offset=0 request 0.226 true Cross-Site Scripting (XSS) Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting (XSS) allows clients to inject scripts into a request and have the server return the script to the client in the response. This occurs because the application is taking untrusted data (in this example, from the client) and reusing it without performing any validation or sanitisation. If the injected script is returned immediately this is known as reflected XSS. If the injected script is stored by the server and returned to any client visiting the affected page, then this is known as persistent XSS (also stored XSS). Arachni has discovered that it is possible to insert script content directly into HTML element content. To remedy XSS vulnerabilities, it is important to never use untrusted or unfiltered data within the code of a HTML page. Untrusted data can originate not only form the client but potentially a third party or previously uploaded file etc. Filtering of untrusted data typically involves converting special characters to their HTML entity encoded counterparts (however, other methods do exist, see references). These special characters include: * `&` * `<` * `>` * `"` * `'` * `/` An example of HTML entity encoding is converting `<` to `&lt;`. Although it is possible to filter untrusted input, there are five locations within an HTML page where untrusted input (even if it has been filtered) should never be placed: 1. Directly in a script. 2. Inside an HTML comment. 3. In an attribute name. 4. In a tag name. 5. Directly in CSS. Each of these locations have their own form of escaping and filtering. _Because many browsers attempt to implement XSS protection, any manual verification of this finding should be conducted using multiple different browsers and browser versions._ high XSS Injects an HTML element into page inputs and then parses the HTML markup of tainted responses to look for proof of vulnerability. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.4.4 xss 79 1696823749 Arachni::Element::Link link http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/report <a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> get id <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">--> <link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> HTML5 test website for Acunetix Web Vulnerability Scanner. </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Action</li> <li class="active"><a href="#/response">Response</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> Your report was submitted, thanks. <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> --> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <footer> <p>&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <script src="/static/app/app.js"></script> </body> </html> http://testhtml5.vulnweb.com/report get

GET /report?id=24e47eb911c4d9526f32bf4f7db3e47b%3C%2Ftextarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4%2F%3E%3C%21--%3Ctextarea%3E HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/report?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E 200 176.28.50.165 0.1066 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">--> <link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> HTML5 test website for Acunetix Web Vulnerability Scanner. </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Action</li> <li class="active"><a href="#/response">Response</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> Your report was submitted, thanks. <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> --> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <footer> <p>&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <script src="/static/app/app.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:37:19 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip http://testhtml5.vulnweb.com/report?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="1732833613"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css"> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> <style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li> <li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li> <li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li> <li><a href="#/archive" data-arachni-id="916551842">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about" data-arachni-id="63058797">About</a></li> <li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view=""><div id="loader" class="ng-scope" style="display: none; "> Loading ... <i class="icon-spinner icon-spin icon-2x pull-left"></i> </div> <div data-ng-include="'/static/app/partials/itemsList.html'" class="ng-scope"><div class="row-fluid ng-scope"> <div class="pull-left"> <input type="text" placeholder="Filter results" ng-model="searchText" class="ng-pristine ng-valid" data-arachni-id="0"> </div> <div class="pull-right"> <div ng-show="filter==''">Page <span ng-bind-html-unsafe="pageStr" style="font-weight: bold;" class="ng-binding">0</span> </div> </div> <div class="pull-right"> <div ng-show="filter!=''" style="display: none; ">Filtering for host <b class="ng-binding"></b></div> </div> </div> <!-- ngRepeat: item in items | filter:filter | filter:searchText --><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://javahacker.com/the-first-javascript-misdirection-contest/" target="_blank" href="http://javahacker.com/the-first-javascript-misdirection-contest/" data-arachni-id="638179893"><img ng-src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png" class="img-rounded" src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/javahacker.com" class="ng-binding" href="#/all/filter/javahacker.com" data-arachni-id="1120821955">javahacker.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">4</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/irsdl" target="_blank" class="ng-binding" href="http://twitter.com/irsdl" data-arachni-id="1932745266">@irsdl</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/WisecWisec" target="_blank" class="ng-binding" href="http://twitter.com/WisecWisec" data-arachni-id="1159424928">@WisecWisec</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/adam_baldwin" target="_blank" class="ng-binding" href="http://twitter.com/adam_baldwin" data-arachni-id="-575155691">@adam_baldwin</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/irsdl" target="_blank" href="http://twitter.com/irsdl" data-arachni-id="-1386142063"><b class="ng-binding">@irsdl</b></a><br> RT @peterjaric: The winner of the JavaScript Misdirection Contest: @aymericbeaumet! Check out all entries at http://t.co/r38tRSqfo3 http:/… <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" target="_blank" href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" data-arachni-id="-482669131"><img ng-src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png" class="img-rounded" src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/www.wired.com" class="ng-binding" href="#/all/filter/www.wired.com" data-arachni-id="1436533755">www.wired.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/"><div class="detailsboxTitle ng-binding">This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/titanous" target="_blank" class="ng-binding" href="http://twitter.com/titanous" data-arachni-id="-1592843519">@titanous</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/stefant" target="_blank" class="ng-binding" href="http://twitter.com/stefant" data-arachni-id="-2023154779">@stefant</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/titanous" target="_blank" href="http://twitter.com/titanous" data-arachni-id="2124267712"><b class="ng-binding">@titanous</b></a><br> RT @csoghoian: This is excellent. http://t.co/L1YY4g87OI http://t.co/wQ5XsgFYWD <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" target="_blank" href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" data-arachni-id="-535118315"><img ng-src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png" class="img-rounded" src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/labs.bromium.com" class="ng-binding" href="#/all/filter/labs.bromium.com" data-arachni-id="5534590">labs.bromium.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/"><div class="detailsboxTitle ng-binding">An interesting detail about Control Flow Guard | Bromium Labs</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" class="ng-binding" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1031551260">@ABazhaniuk</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/matrosov" target="_blank" class="ng-binding" href="http://twitter.com/matrosov" data-arachni-id="598024477">@matrosov</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1743479005"><b class="ng-binding">@ABazhaniuk</b></a><br> RT @ClausHoumann: An interesting detail about Control Flow Guard http://t.co/XIuaRMABnH <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" target="_blank" href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" data-arachni-id="351646421"><img ng-src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png" class="img-rounded" src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/securityaffairs.co" class="ng-binding" href="#/all/filter/securityaffairs.co" data-arachni-id="2114659152">securityaffairs.co</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=7906144d5b0e85adfdf752593fdc3da6" href="/like?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=7906144d5b0e85adfdf752593fdc3da6" href="/report?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html"><div class="detailsboxTitle ng-binding">Are you still using TrueCrypt? Beware of these 2 critical flaws!Security Affairs</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/stamparm" target="_blank" class="ng-binding" href="http://twitter.com/stamparm" data-arachni-id="1599093753">@stamparm</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/seecurity" target="_blank" href="http://twitter.com/seecurity" data-arachni-id="1187679520"><b class="ng-binding">@seecurity</b></a><br> RT @HenkvanRoest: "Are you still using TrueCrypt? Beware of these 2 critical flaws!" http://t.co/gWMlyvog24 #security #feedly <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" target="_blank" href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" data-arachni-id="-1241260543"><img ng-src="/static/scr/default.png" class="img-rounded" src="/static/scr/default.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/blog.cobaltstrike.com" class="ng-binding" href="#/all/filter/blog.cobaltstrike.com" data-arachni-id="-1467443516">blog.cobaltstrike.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/"><div class="detailsboxTitle ng-binding">untitled</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/vegoshin" target="_blank" class="ng-binding" href="http://twitter.com/vegoshin" data-arachni-id="-2016345391">@vegoshin</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/roo7break" target="_blank" class="ng-binding" href="http://twitter.com/roo7break" data-arachni-id="1992343354">@roo7break</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/vegoshin" target="_blank" href="http://twitter.com/vegoshin" data-arachni-id="1858812048"><b class="ng-binding">@vegoshin</b></a><br> Advanced Threat Tactics – Course and Notes http://t.co/zx2C8gN6LT <br><br> </div> </div> </div> </div> <ul class="pager ng-scope"> <li><a ng-href="#/popular/page/-1" ng-show="page&gt;0" href="#/popular/page/-1" style="display: none; ">Previous</a></li> <li><a ng-href="#/popular/page/1" ng-show="filter==''" href="#/popular/page/1" data-arachni-id="2424595">Next</a></li> </ul></div></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>1</b> times.</div> </div> <footer> <p class="pull-left">© Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/"></div> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&amp;ad_client=723898932&amp;u_h=768&amp;u_w=1024&amp;pn=&amp;ref=&amp;url=http://testhtml5.vulnweb.com/&amp;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body></html> http://testhtml5.vulnweb.com/ get

GET http://testhtml5.vulnweb.com/ HTTP/1.1 User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12 Connection: Keep-Alive Accept-Encoding: gzip Accept-Language: en-US,* Host: testhtml5.vulnweb.com http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/#/popular page load 1.0635 http://testhtml5.vulnweb.com/ request 0.0007 http://bxss.s3.amazonaws.com/ad.js request 0.5265 http://testhtml5.vulnweb.com/ajax/popular?offset=0 request 0.226 <some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/> true Cross-Site Scripting (XSS) Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting (XSS) allows clients to inject scripts into a request and have the server return the script to the client in the response. This occurs because the application is taking untrusted data (in this example, from the client) and reusing it without performing any validation or sanitisation. If the injected script is returned immediately this is known as reflected XSS. If the injected script is stored by the server and returned to any client visiting the affected page, then this is known as persistent XSS (also stored XSS). Arachni has discovered that it is possible to insert script content directly into HTML element content. To remedy XSS vulnerabilities, it is important to never use untrusted or unfiltered data within the code of a HTML page. Untrusted data can originate not only form the client but potentially a third party or previously uploaded file etc. Filtering of untrusted data typically involves converting special characters to their HTML entity encoded counterparts (however, other methods do exist, see references). These special characters include: * `&` * `<` * `>` * `"` * `'` * `/` An example of HTML entity encoding is converting `<` to `&lt;`. Although it is possible to filter untrusted input, there are five locations within an HTML page where untrusted input (even if it has been filtered) should never be placed: 1. Directly in a script. 2. Inside an HTML comment. 3. In an attribute name. 4. In a tag name. 5. Directly in CSS. Each of these locations have their own form of escaping and filtering. _Because many browsers attempt to implement XSS protection, any manual verification of this finding should be conducted using multiple different browsers and browser versions._ high XSS Injects an HTML element into page inputs and then parses the HTML markup of tainted responses to look for proof of vulnerability. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.4.4 xss 79 2500734820 Arachni::Element::Link link http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/comment <a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> </textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> get id <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">--> <link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> HTML5 test website for Acunetix Web Vulnerability Scanner. </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Action</li> <li class="active"><a href="#/response">Response</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> Sorry, but commenting is currently disabled! <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> --> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <footer> <p>&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <script src="/static/app/app.js"></script> </body> </html> http://testhtml5.vulnweb.com/comment get

GET /comment?id=24e47eb911c4d9526f32bf4f7db3e47b%3C%2Ftextarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4%2F%3E%3C%21--%3Ctextarea%3E HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/comment?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E 200 176.28.50.165 0.1021 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">--> <link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> HTML5 test website for Acunetix Web Vulnerability Scanner. </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Action</li> <li class="active"><a href="#/response">Response</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> Sorry, but commenting is currently disabled! <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> --> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <footer> <p>&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <script src="/static/app/app.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:37:19 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip http://testhtml5.vulnweb.com/comment?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="1732833613"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css"> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> <style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li> <li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li> <li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li> <li><a href="#/archive" data-arachni-id="916551842">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about" data-arachni-id="63058797">About</a></li> <li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view=""><div id="loader" class="ng-scope" style="display: none; "> Loading ... <i class="icon-spinner icon-spin icon-2x pull-left"></i> </div> <div data-ng-include="'/static/app/partials/itemsList.html'" class="ng-scope"><div class="row-fluid ng-scope"> <div class="pull-left"> <input type="text" placeholder="Filter results" ng-model="searchText" class="ng-pristine ng-valid" data-arachni-id="0"> </div> <div class="pull-right"> <div ng-show="filter==''">Page <span ng-bind-html-unsafe="pageStr" style="font-weight: bold;" class="ng-binding">0</span> </div> </div> <div class="pull-right"> <div ng-show="filter!=''" style="display: none; ">Filtering for host <b class="ng-binding"></b></div> </div> </div> <!-- ngRepeat: item in items | filter:filter | filter:searchText --><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://javahacker.com/the-first-javascript-misdirection-contest/" target="_blank" href="http://javahacker.com/the-first-javascript-misdirection-contest/" data-arachni-id="638179893"><img ng-src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png" class="img-rounded" src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/javahacker.com" class="ng-binding" href="#/all/filter/javahacker.com" data-arachni-id="1120821955">javahacker.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">4</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/irsdl" target="_blank" class="ng-binding" href="http://twitter.com/irsdl" data-arachni-id="1932745266">@irsdl</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/WisecWisec" target="_blank" class="ng-binding" href="http://twitter.com/WisecWisec" data-arachni-id="1159424928">@WisecWisec</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/adam_baldwin" target="_blank" class="ng-binding" href="http://twitter.com/adam_baldwin" data-arachni-id="-575155691">@adam_baldwin</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/irsdl" target="_blank" href="http://twitter.com/irsdl" data-arachni-id="-1386142063"><b class="ng-binding">@irsdl</b></a><br> RT @peterjaric: The winner of the JavaScript Misdirection Contest: @aymericbeaumet! Check out all entries at http://t.co/r38tRSqfo3 http:/… <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" target="_blank" href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" data-arachni-id="-482669131"><img ng-src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png" class="img-rounded" src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/www.wired.com" class="ng-binding" href="#/all/filter/www.wired.com" data-arachni-id="1436533755">www.wired.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/"><div class="detailsboxTitle ng-binding">This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/titanous" target="_blank" class="ng-binding" href="http://twitter.com/titanous" data-arachni-id="-1592843519">@titanous</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/stefant" target="_blank" class="ng-binding" href="http://twitter.com/stefant" data-arachni-id="-2023154779">@stefant</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/titanous" target="_blank" href="http://twitter.com/titanous" data-arachni-id="2124267712"><b class="ng-binding">@titanous</b></a><br> RT @csoghoian: This is excellent. http://t.co/L1YY4g87OI http://t.co/wQ5XsgFYWD <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" target="_blank" href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" data-arachni-id="-535118315"><img ng-src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png" class="img-rounded" src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/labs.bromium.com" class="ng-binding" href="#/all/filter/labs.bromium.com" data-arachni-id="5534590">labs.bromium.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/"><div class="detailsboxTitle ng-binding">An interesting detail about Control Flow Guard | Bromium Labs</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" class="ng-binding" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1031551260">@ABazhaniuk</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/matrosov" target="_blank" class="ng-binding" href="http://twitter.com/matrosov" data-arachni-id="598024477">@matrosov</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1743479005"><b class="ng-binding">@ABazhaniuk</b></a><br> RT @ClausHoumann: An interesting detail about Control Flow Guard http://t.co/XIuaRMABnH <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" target="_blank" href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" data-arachni-id="351646421"><img ng-src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png" class="img-rounded" src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/securityaffairs.co" class="ng-binding" href="#/all/filter/securityaffairs.co" data-arachni-id="2114659152">securityaffairs.co</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=7906144d5b0e85adfdf752593fdc3da6" href="/like?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=7906144d5b0e85adfdf752593fdc3da6" href="/report?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html"><div class="detailsboxTitle ng-binding">Are you still using TrueCrypt? Beware of these 2 critical flaws!Security Affairs</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/stamparm" target="_blank" class="ng-binding" href="http://twitter.com/stamparm" data-arachni-id="1599093753">@stamparm</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/seecurity" target="_blank" href="http://twitter.com/seecurity" data-arachni-id="1187679520"><b class="ng-binding">@seecurity</b></a><br> RT @HenkvanRoest: "Are you still using TrueCrypt? Beware of these 2 critical flaws!" http://t.co/gWMlyvog24 #security #feedly <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" target="_blank" href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" data-arachni-id="-1241260543"><img ng-src="/static/scr/default.png" class="img-rounded" src="/static/scr/default.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/blog.cobaltstrike.com" class="ng-binding" href="#/all/filter/blog.cobaltstrike.com" data-arachni-id="-1467443516">blog.cobaltstrike.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/"><div class="detailsboxTitle ng-binding">untitled</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/vegoshin" target="_blank" class="ng-binding" href="http://twitter.com/vegoshin" data-arachni-id="-2016345391">@vegoshin</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/roo7break" target="_blank" class="ng-binding" href="http://twitter.com/roo7break" data-arachni-id="1992343354">@roo7break</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/vegoshin" target="_blank" href="http://twitter.com/vegoshin" data-arachni-id="1858812048"><b class="ng-binding">@vegoshin</b></a><br> Advanced Threat Tactics – Course and Notes http://t.co/zx2C8gN6LT <br><br> </div> </div> </div> </div> <ul class="pager ng-scope"> <li><a ng-href="#/popular/page/-1" ng-show="page&gt;0" href="#/popular/page/-1" style="display: none; ">Previous</a></li> <li><a ng-href="#/popular/page/1" ng-show="filter==''" href="#/popular/page/1" data-arachni-id="2424595">Next</a></li> </ul></div></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>1</b> times.</div> </div> <footer> <p class="pull-left">© Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/"></div> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&amp;ad_client=723898932&amp;u_h=768&amp;u_w=1024&amp;pn=&amp;ref=&amp;url=http://testhtml5.vulnweb.com/&amp;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body></html> http://testhtml5.vulnweb.com/ get

GET http://testhtml5.vulnweb.com/ HTTP/1.1 User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12 Connection: Keep-Alive Accept-Encoding: gzip Accept-Language: en-US,* Host: testhtml5.vulnweb.com http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/#/popular page load 1.0635 http://testhtml5.vulnweb.com/ request 0.0007 http://bxss.s3.amazonaws.com/ad.js request 0.5265 http://testhtml5.vulnweb.com/ajax/popular?offset=0 request 0.226 <some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/> true Cross-Site Scripting (XSS) Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting (XSS) allows clients to inject scripts into a request and have the server return the script to the client in the response. This occurs because the application is taking untrusted data (in this example, from the client) and reusing it without performing any validation or sanitisation. If the injected script is returned immediately this is known as reflected XSS. If the injected script is stored by the server and returned to any client visiting the affected page, then this is known as persistent XSS (also stored XSS). Arachni has discovered that it is possible to insert script content directly into HTML element content. To remedy XSS vulnerabilities, it is important to never use untrusted or unfiltered data within the code of a HTML page. Untrusted data can originate not only form the client but potentially a third party or previously uploaded file etc. Filtering of untrusted data typically involves converting special characters to their HTML entity encoded counterparts (however, other methods do exist, see references). These special characters include: * `&` * `<` * `>` * `"` * `'` * `/` An example of HTML entity encoding is converting `<` to `&lt;`. Although it is possible to filter untrusted input, there are five locations within an HTML page where untrusted input (even if it has been filtered) should never be placed: 1. Directly in a script. 2. Inside an HTML comment. 3. In an attribute name. 4. In a tag name. 5. Directly in CSS. Each of these locations have their own form of escaping and filtering. _Because many browsers attempt to implement XSS protection, any manual verification of this finding should be conducted using multiple different browsers and browser versions._ high XSS Injects an HTML element into page inputs and then parses the HTML markup of tainted responses to look for proof of vulnerability. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.4.4 xss 79 1008740572 Arachni::Element::Link link http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/like <a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> </textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> get id <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">--> <link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> HTML5 test website for Acunetix Web Vulnerability Scanner. </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Action</li> <li class="active"><a href="#/response">Response</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> Thank you very much for your feedback! <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> --> <link src='http://localhost/link'> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <footer> <p>&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <script src="/static/app/app.js"></script> </body> </html> http://testhtml5.vulnweb.com/like get

GET /like?id=24e47eb911c4d9526f32bf4f7db3e47b%3C%2Ftextarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4%2F%3E%3C%21--%3Ctextarea%3E HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/like?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E 200 176.28.50.165 0.095 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">--> <link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> HTML5 test website for Acunetix Web Vulnerability Scanner. </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Action</li> <li class="active"><a href="#/response">Response</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> Thank you very much for your feedback! <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> --> <link src='http://localhost/link'> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <footer> <p>&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <script src="/static/app/app.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:37:19 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip http://testhtml5.vulnweb.com/like?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="1732833613"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css"> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> <style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li> <li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li> <li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li> <li><a href="#/archive" data-arachni-id="916551842">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about" data-arachni-id="63058797">About</a></li> <li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view=""><div id="loader" class="ng-scope" style="display: none; "> Loading ... <i class="icon-spinner icon-spin icon-2x pull-left"></i> </div> <div data-ng-include="'/static/app/partials/itemsList.html'" class="ng-scope"><div class="row-fluid ng-scope"> <div class="pull-left"> <input type="text" placeholder="Filter results" ng-model="searchText" class="ng-pristine ng-valid" data-arachni-id="0"> </div> <div class="pull-right"> <div ng-show="filter==''">Page <span ng-bind-html-unsafe="pageStr" style="font-weight: bold;" class="ng-binding">0</span> </div> </div> <div class="pull-right"> <div ng-show="filter!=''" style="display: none; ">Filtering for host <b class="ng-binding"></b></div> </div> </div> <!-- ngRepeat: item in items | filter:filter | filter:searchText --><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://javahacker.com/the-first-javascript-misdirection-contest/" target="_blank" href="http://javahacker.com/the-first-javascript-misdirection-contest/" data-arachni-id="638179893"><img ng-src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png" class="img-rounded" src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/javahacker.com" class="ng-binding" href="#/all/filter/javahacker.com" data-arachni-id="1120821955">javahacker.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">4</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/irsdl" target="_blank" class="ng-binding" href="http://twitter.com/irsdl" data-arachni-id="1932745266">@irsdl</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/WisecWisec" target="_blank" class="ng-binding" href="http://twitter.com/WisecWisec" data-arachni-id="1159424928">@WisecWisec</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/adam_baldwin" target="_blank" class="ng-binding" href="http://twitter.com/adam_baldwin" data-arachni-id="-575155691">@adam_baldwin</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/irsdl" target="_blank" href="http://twitter.com/irsdl" data-arachni-id="-1386142063"><b class="ng-binding">@irsdl</b></a><br> RT @peterjaric: The winner of the JavaScript Misdirection Contest: @aymericbeaumet! Check out all entries at http://t.co/r38tRSqfo3 http:/… <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" target="_blank" href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" data-arachni-id="-482669131"><img ng-src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png" class="img-rounded" src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/www.wired.com" class="ng-binding" href="#/all/filter/www.wired.com" data-arachni-id="1436533755">www.wired.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/"><div class="detailsboxTitle ng-binding">This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/titanous" target="_blank" class="ng-binding" href="http://twitter.com/titanous" data-arachni-id="-1592843519">@titanous</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/stefant" target="_blank" class="ng-binding" href="http://twitter.com/stefant" data-arachni-id="-2023154779">@stefant</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/titanous" target="_blank" href="http://twitter.com/titanous" data-arachni-id="2124267712"><b class="ng-binding">@titanous</b></a><br> RT @csoghoian: This is excellent. http://t.co/L1YY4g87OI http://t.co/wQ5XsgFYWD <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" target="_blank" href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" data-arachni-id="-535118315"><img ng-src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png" class="img-rounded" src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/labs.bromium.com" class="ng-binding" href="#/all/filter/labs.bromium.com" data-arachni-id="5534590">labs.bromium.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/"><div class="detailsboxTitle ng-binding">An interesting detail about Control Flow Guard | Bromium Labs</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" class="ng-binding" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1031551260">@ABazhaniuk</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/matrosov" target="_blank" class="ng-binding" href="http://twitter.com/matrosov" data-arachni-id="598024477">@matrosov</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1743479005"><b class="ng-binding">@ABazhaniuk</b></a><br> RT @ClausHoumann: An interesting detail about Control Flow Guard http://t.co/XIuaRMABnH <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" target="_blank" href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" data-arachni-id="351646421"><img ng-src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png" class="img-rounded" src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/securityaffairs.co" class="ng-binding" href="#/all/filter/securityaffairs.co" data-arachni-id="2114659152">securityaffairs.co</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=7906144d5b0e85adfdf752593fdc3da6" href="/like?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=7906144d5b0e85adfdf752593fdc3da6" href="/report?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html"><div class="detailsboxTitle ng-binding">Are you still using TrueCrypt? Beware of these 2 critical flaws!Security Affairs</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/stamparm" target="_blank" class="ng-binding" href="http://twitter.com/stamparm" data-arachni-id="1599093753">@stamparm</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/seecurity" target="_blank" href="http://twitter.com/seecurity" data-arachni-id="1187679520"><b class="ng-binding">@seecurity</b></a><br> RT @HenkvanRoest: "Are you still using TrueCrypt? Beware of these 2 critical flaws!" http://t.co/gWMlyvog24 #security #feedly <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" target="_blank" href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" data-arachni-id="-1241260543"><img ng-src="/static/scr/default.png" class="img-rounded" src="/static/scr/default.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/blog.cobaltstrike.com" class="ng-binding" href="#/all/filter/blog.cobaltstrike.com" data-arachni-id="-1467443516">blog.cobaltstrike.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/"><div class="detailsboxTitle ng-binding">untitled</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/vegoshin" target="_blank" class="ng-binding" href="http://twitter.com/vegoshin" data-arachni-id="-2016345391">@vegoshin</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/roo7break" target="_blank" class="ng-binding" href="http://twitter.com/roo7break" data-arachni-id="1992343354">@roo7break</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/vegoshin" target="_blank" href="http://twitter.com/vegoshin" data-arachni-id="1858812048"><b class="ng-binding">@vegoshin</b></a><br> Advanced Threat Tactics – Course and Notes http://t.co/zx2C8gN6LT <br><br> </div> </div> </div> </div> <ul class="pager ng-scope"> <li><a ng-href="#/popular/page/-1" ng-show="page&gt;0" href="#/popular/page/-1" style="display: none; ">Previous</a></li> <li><a ng-href="#/popular/page/1" ng-show="filter==''" href="#/popular/page/1" data-arachni-id="2424595">Next</a></li> </ul></div></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>1</b> times.</div> </div> <footer> <p class="pull-left">© Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/"></div> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&amp;ad_client=723898932&amp;u_h=768&amp;u_w=1024&amp;pn=&amp;ref=&amp;url=http://testhtml5.vulnweb.com/&amp;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body></html> http://testhtml5.vulnweb.com/ get

GET http://testhtml5.vulnweb.com/ HTTP/1.1 User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12 Connection: Keep-Alive Accept-Encoding: gzip Accept-Language: en-US,* Host: testhtml5.vulnweb.com http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/#/popular page load 1.0635 http://testhtml5.vulnweb.com/ request 0.0007 http://bxss.s3.amazonaws.com/ad.js request 0.5265 http://testhtml5.vulnweb.com/ajax/popular?offset=0 request 0.226 <some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/> true DOM-based Cross-Site Scripting (XSS) in script context Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction. Unlike traditional Cross-Site Scripting (XSS), where the client is able to inject scripts into a request and have the server return the script to the client, DOM XSS does not require that a request be sent to the server and may be abused entirely within the loaded page. This occurs when elements of the DOM (known as the sources) are able to be manipulated to contain untrusted data, which the client-side scripts (known as the sinks) use or execute an unsafe way. Arachni has discovered that by modifying the affected DOM source, it is possible to insert and execute JavaScript code. Client-side document rewriting, redirection, or other sensitive action, using untrusted data, should be avoided wherever possible, as these may not be inspected by server side filtering. To remedy DOM XSS vulnerabilities where these sensitive document actions must be used, it is essential to: 1. Ensure any untrusted data is treated as text, as opposed to being interpreted as code or mark-up within the page. 2. Escape untrusted data prior to being used within the page. Escaping methods will vary depending on where the untrusted data is being used. (See references for details.) 3. Use `document.createElement`, `element.setAttribute`, `element.appendChild`, etc. to build dynamic interfaces as opposed to HTML rendering methods such as `document.write`, `document.writeIn`, `element.innerHTML`, or `element.outerHTML `etc. high DOM XSS in script context Injects JS taint code and checks to see if it gets executed as proof of vulnerability. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.1.1 xss_dom_script_context 79 2801300685 Arachni::Element::Link::DOM link_dom http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/ <a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a> javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()// get url <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="-1688061881"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize(["window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css"> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> <style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li> <li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li> <li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li> <li><a href="#/archive" data-arachni-id="916551842">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about" data-arachni-id="63058797">About</a></li> <li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view=""><script src="http://javascript.browser.arachni/taint_tracer.js" class="ng-scope"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js" class="ng-scope"></script> <!-- Injected by Arachni::Browser::Javascript --> <script class="ng-scope"> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <title class="ng-scope">Loading ...</title> <script class="ng-scope"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); var redirUrl = decodeURIComponent(window.location.hash.slice(window.location.hash.indexOf("?url=")+5)); if (redirUrl) window.location = redirUrl; </script> <script type="text/javascript" class="ng-scope">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>12</b> times.</div> </div> <footer> <p class="pull-left">© Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"></div> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&amp;ad_client=723898932&amp;u_h=768&amp;u_w=1024&amp;pn=&amp;ref=&amp;url=http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//&amp;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body></html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip Accept-Language: en-US,* Host: testhtml5.vulnweb.com http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.181 ok No error

<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize(["window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:37:17 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()%2F%2F page load 1.0635 http://testhtml5.vulnweb.com/ request 0.0007 http://bxss.s3.amazonaws.com/ad.js request 0.5265 http://testhtml5.vulnweb.com/ajax/popular?offset=0 request 0.226 page load 0.6395 0 <div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"></div> window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink() write function write() { [native code] } "<div class=\"fb-comments\" data-num-posts=\"4\" data-width=\"470\" data-href=\"http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//\"></div>" 122 http://testhtml5.vulnweb.com/static/app/post.js 0 <iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//&" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe> window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink() write function write() { [native code] } "<iframe name=\"ads_ads_frame\" src=\"http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//&\" marginwidth=\"0\" marginheight=\"0\" vspace=\"0\" hspace=\"0\" allowtransparency=\"true\" frameborder=\"0\" height=\"1\" scrolling=\"no\" width=\"1\" style=\"background-color:#FFFFFF;\"></iframe>" function () { var iframe_properties = { zone_id : ads_ad_zone, ad_client : ads_ad_client, u_h : screen.height, u_w : screen.width, pn : ads_ad_pn, ref : document.referrer, url : window.location }; var iframe_url = 'http://ads.bxss.me/ad_server.php?'; for (var x in iframe_properties) { iframe_url += x+'='+iframe_properties[x]+'&'; } document.write('<iframe name="ads_ads_frame" src="'+iframe_url+'" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="'+ads_ad_height+'" scrolling="no" width="'+ads_ad_width+'" style="background-color:#FFFFFF;"></iframe>'); } 33 http://bxss.s3.amazonaws.com/ad.js 34 http://bxss.s3.amazonaws.com/ad.js 0 javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()// window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink() decodeURIComponent function decodeURIComponent() { [native code] } "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" function (b) {b&&(c=b.split("="),d=decodeURIComponent(c[0]),a[d]=y(c[1])?decodeURIComponent(c[1]):!0);} "url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" 0 "[object Array]" 16 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js 0 javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()// window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink() encodeURIComponent function encodeURIComponent() { [native code] } "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" Xa function Xa(b, a) {return encodeURIComponent(b).replace(/%40/gi,"@").replace(/%3A/gi,":").replace(/%24/g,"$").replace(/%2C/gi,",").replace(/%20/g,a?"%20":"+");} "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" true 17 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js function (b, d) {a.push(Xa(d,!0)+(b===!0?"":"="+Xa(b,!0)));} "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" "url" 17 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js n function n(b, a, c) {var d;if(b)if(H(b))for(d in b)d!="prototype"&&d!="length"&&d!="name"&&b.hasOwnProperty(d)&&a.call(c,b[d],d);else if(b.forEach&&b.forEach!==n)b.forEach(a,c);else if(!b||typeof b.length!=="number"?0:typeof b.hasOwnProperty!="function"&&typeof b.constructor!="function"||b instanceof K||ca&&b instanceof ca||xa.call(b)!=="[object Object]"||typeof b.callee==="function")for(d=0;d<b.length;d++)a.call(c,b[d],d);else for(d in b)b.hasOwnProperty(d)&&a.call(c,b[d], d);return b;} "[object Object]" "function (b, d) {a.push(Xa(d,!0)+(b===!0?\"\":\"=\"+Xa(b,!0)));}" 10 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js qb function qb(b) {var a=[];n(b,function(b, d){a.push(Xa(d,!0)+(b===!0?"":"="+Xa(b,!0)))});return a.length?a.join("&"):"";} "[object Object]" 17 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js function () {var b=qb(this.$$search),c=this.$$hash?"#"+Ya(this.$$hash):"";this.$$url=Gb(this.$$path)+(b?"?"+b:"")+c;this.$$absUrl=la(this.$$protocol,this.$$host,this.$$port)+d+(this.$$url?"#"+a+this.$$url:"");} 61 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js function (b) {var c=wa(b,this);if(c.hash&&c.hash.indexOf(a)!==0)throw Error('Invalid url "'+b+'", missing hash prefix "'+a+'" !');d=c.path+(c.search?"?"+c.search:"");c=Hc.exec((c.hash||"").substr(a.length));this.$$path=c[1]?(c[1].charAt(0)=="/"?"":"/")+decodeURIComponent(c[1]):"";this.$$search=Wa(c[3]);this.$$hash=c[5]&&decodeURIComponent(c[5])|| "";this.$$compose();} "http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" 61 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js Ha function Ha(b, a, c) {var d;this.$$parse=function(b){var c=wa(b,this);if(c.hash&&c.hash.indexOf(a)!==0)throw Error('Invalid url "'+b+'", missing hash prefix "'+a+'" !');d=c.path+(c.search?"?"+c.search:"");c=Hc.exec((c.hash||"").substr(a.length));this.$$path=c[1]?(c[1].charAt(0)=="/"?"":"/")+decodeURIComponent(c[1]):"";this.$$search=Wa(c[3]);this.$$hash=c[5]&&decodeURIComponent(c[5])|| "";this.$$compose()};this.$$compose=function(){var b=qb(this.$$search),c=this.$$hash?"#"+Ya(this.$$hash):"";this.$$url=Gb(this.$$path)+(b?"?"+b:"")+c;this.$$absUrl=la(this.$$protocol,this.$$host,this.$$port)+d+(this.$$url?"#"+a+this.$$url:"")};this.$$rewriteAppUrl=function(a){if(a.indexOf(c)==0)return a};this.$$parse(b);} "http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" "" "http://testhtml5.vulnweb.com/#/" 61 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js function (c, d, e, g) {function h(a){c.$broadcast("$locationChangeSuccess",f.absUrl(),a)}var f,j,i,k=d.url(),m=wa(k);a?(j=d.baseHref()||"/",i=j.substr(0,j.lastIndexOf("/")),m=la(m.protocol,m.host,m.port)+i+"/", f=e.history?new ib(Fc(k,j,b),i,m):new Jb(Gc(k,j,b),b,m,j.substr(i.length+1))):(m=la(m.protocol,m.host,m.port)+(m.path||"")+(m.search?"?"+m.search:"")+"#"+b+"/",f=new Ha(k,b,m));g.bind("click",function(a){if(!a.ctrlKey&&!(a.metaKey||a.which==2)){for(var b=u(a.target);A(b[0].nodeName)!=="a";)if(b[0]===g[0]||!(b=b.parent())[0])return;var d=b.prop("href"),e=f.$$rewriteAppUrl(d);d&&!b.attr("target")&&e&&(f.$$parse(e),c.$apply(),a.preventDefault(),N.angular["ff-684208-preventDefault"]=!0)}});f.absUrl()!= k&&d.url(f.absUrl(),!0);d.onUrlChange(function(a){f.absUrl()!=a&&(c.$evalAsync(function(){var b=f.absUrl();f.$$parse(a);h(b)}),c.$$phase||c.$digest())});var l=0;c.$watch(function(){var a=d.url(),b=f.$$replace;if(!l||a!=f.absUrl())l++,c.$evalAsync(function(){c.$broadcast("$locationChangeStart",f.absUrl(),a).defaultPrevented?f.$$parse(a):(d.url(f.absUrl(),b),h(a))});f.$$replace=!1;return l});return f;} "[object Object]" "[object Object]" "[object Object]" "[object Object]" 63 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js d function d(a, b, e) {var f=[],i=Cb(a),g,h,j;h=0;for(g=i.length;h<g;h++)j=i[h],f.push(e&&e.hasOwnProperty(j)?e[j]:c(j));a.$inject||(a=a[g]);switch(b?-1:f.length){case 0:return a();case 1:return a(f[0]);case 2:return a(f[0],f[1]);case 3:return a(f[0],f[1],f[2]);case 4:return a(f[0],f[1],f[2],f[3]);case 5:return a(f[0],f[1],f[2],f[3],f[4]);case 6:return a(f[0],f[1],f[2],f[3],f[4],f[5]);case 7:return a(f[0],f[1],f[2],f[3],f[4],f[5],f[6]);case 8:return a(f[0],f[1],f[2],f[3],f[4],f[5],f[6],f[7]);case 9:return a(f[0], f[1],f[2],f[3],f[4],f[5],f[6],f[7],f[8]);case 10:return a(f[0],f[1],f[2],f[3],f[4],f[5],f[6],f[7],f[8],f[9]);default:return a.apply(b,f)}} "function (c, d, e, g) {function h(a){c.$broadcast(\"$locationChangeSuccess\",f.absUrl(),a)}var f,j,i,k=d.url(),m=wa(k);a?(j=d.baseHref()||\"/\",i=j.substr(0,j.lastIndexOf(\"/\")),m=la(m.protocol,m.host,m.port)+i+\"/\",\nf=e.history?new ib(Fc(k,j,b),i,m):new Jb(Gc(k,j,b),b,m,j.substr(i.length+1))):(m=la(m.protocol,m.host,m.port)+(m.path||\"\")+(m.search?\"?\"+m.search:\"\")+\"#\"+b+\"/\",f=new Ha(k,b,m));g.bind(\"click\",function(a){if(!a.ctrlKey&&!(a.metaKey||a.which==2)){for(var b=u(a.target);A(b[0].nodeName)!==\"a\";)if(b[0]===g[0]||!(b=b.parent())[0])return;var d=b.prop(\"href\"),e=f.$$rewriteAppUrl(d);d&&!b.attr(\"target\")&&e&&(f.$$parse(e),c.$apply(),a.preventDefault(),N.angular[\"ff-684208-preventDefault\"]=!0)}});f.absUrl()!=\nk&&d.url(f.absUrl(),!0);d.onUrlChange(function(a){f.absUrl()!=a&&(c.$evalAsync(function(){var b=f.absUrl();f.$$parse(a);h(b)}),c.$$phase||c.$digest())});var l=0;c.$watch(function(){var a=d.url(),b=f.$$replace;if(!l||a!=f.absUrl())l++,c.$evalAsync(function(){c.$broadcast(\"$locationChangeStart\",f.absUrl(),a).defaultPrevented?f.$$parse(a):(d.url(f.absUrl(),b),h(a))});f.$$replace=!1;return l});return f;}" "[object Object]" 31 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js function (a) {a=m.get(a+f);return t.invoke(a.$get,a);} "[object Object]" 32 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js c function c(d) {if(typeof d!=="string")throw Error("Service name expected");if(a.hasOwnProperty(d)){if(a[d]===h)throw Error("Circular dependency: "+j.join(" <- "));return a[d]}else try{return j.unshift(d),a[d]=h,a[d]=b(d)}finally{j.shift()}} "$location" 29 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js d function d(a, b, e) {var f=[],i=Cb(a),g,h,j;h=0;for(g=i.length;h<g;h++)j=i[h],f.push(e&&e.hasOwnProperty(j)?e[j]:c(j));a.$inject||(a=a[g]);switch(b?-1:f.length){case 0:return a();case 1:return a(f[0]);case 2:return a(f[0],f[1]);case 3:return a(f[0],f[1],f[2]);case 4:return a(f[0],f[1],f[2],f[3]);case 5:return a(f[0],f[1],f[2],f[3],f[4]);case 6:return a(f[0],f[1],f[2],f[3],f[4],f[5]);case 7:return a(f[0],f[1],f[2],f[3],f[4],f[5],f[6]);case 8:return a(f[0],f[1],f[2],f[3],f[4],f[5],f[6],f[7]);case 9:return a(f[0], f[1],f[2],f[3],f[4],f[5],f[6],f[7],f[8]);case 10:return a(f[0],f[1],f[2],f[3],f[4],f[5],f[6],f[7],f[8],f[9]);default:return a.apply(b,f)}} "function (c, d, e, g) {function h(a){c.$broadcast(\"$locationChangeSuccess\",f.absUrl(),a)}var f,j,i,k=d.url(),m=wa(k);a?(j=d.baseHref()||\"/\",i=j.substr(0,j.lastIndexOf(\"/\")),m=la(m.protocol,m.host,m.port)+i+\"/\",\nf=e.history?new ib(Fc(k,j,b),i,m):new Jb(Gc(k,j,b),b,m,j.substr(i.length+1))):(m=la(m.protocol,m.host,m.port)+(m.path||\"\")+(m.search?\"?\"+m.search:\"\")+\"#\"+b+\"/\",f=new Ha(k,b,m));g.bind(\"click\",function(a){if(!a.ctrlKey&&!(a.metaKey||a.which==2)){for(var b=u(a.target);A(b[0].nodeName)!==\"a\";)if(b[0]===g[0]||!(b=b.parent())[0])return;var d=b.prop(\"href\"),e=f.$$rewriteAppUrl(d);d&&!b.attr(\"target\")&&e&&(f.$$parse(e),c.$apply(),a.preventDefault(),N.angular[\"ff-684208-preventDefault\"]=!0)}});f.absUrl()!=\nk&&d.url(f.absUrl(),!0);d.onUrlChange(function(a){f.absUrl()!=a&&(c.$evalAsync(function(){var b=f.absUrl();f.$$parse(a);h(b)}),c.$$phase||c.$digest())});var l=0;c.$watch(function(){var a=d.url(),b=f.$$replace;if(!l||a!=f.absUrl())l++,c.$evalAsync(function(){c.$broadcast(\"$locationChangeStart\",f.absUrl(),a).defaultPrevented?f.$$parse(a):(d.url(f.absUrl(),b),h(a))});f.$$replace=!1;return l});return f;}" "[object Object]" 30 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js function (a) {a=m.get(a+f);return t.invoke(a.$get,a);} "[object Object]" 32 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js c function c(d) {if(typeof d!=="string")throw Error("Service name expected");if(a.hasOwnProperty(d)){if(a[d]===h)throw Error("Circular dependency: "+j.join(" <- "));return a[d]}else try{return j.unshift(d),a[d]=h,a[d]=b(d)}finally{j.shift()}} "$location" 29 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js d function d(a, b, e) {var f=[],i=Cb(a),g,h,j;h=0;for(g=i.length;h<g;h++)j=i[h],f.push(e&&e.hasOwnProperty(j)?e[j]:c(j));a.$inject||(a=a[g]);switch(b?-1:f.length){case 0:return a();case 1:return a(f[0]);case 2:return a(f[0],f[1]);case 3:return a(f[0],f[1],f[2]);case 4:return a(f[0],f[1],f[2],f[3]);case 5:return a(f[0],f[1],f[2],f[3],f[4]);case 6:return a(f[0],f[1],f[2],f[3],f[4],f[5]);case 7:return a(f[0],f[1],f[2],f[3],f[4],f[5],f[6]);case 8:return a(f[0],f[1],f[2],f[3],f[4],f[5],f[6],f[7]);case 9:return a(f[0], f[1],f[2],f[3],f[4],f[5],f[6],f[7],f[8]);case 10:return a(f[0],f[1],f[2],f[3],f[4],f[5],f[6],f[7],f[8],f[9]);default:return a.apply(b,f)}} "function (c, d, e, g) {function h(a){c.$broadcast(\"$locationChangeSuccess\",f.absUrl(),a)}var f,j,i,k=d.url(),m=wa(k);a?(j=d.baseHref()||\"/\",i=j.substr(0,j.lastIndexOf(\"/\")),m=la(m.protocol,m.host,m.port)+i+\"/\",\nf=e.history?new ib(Fc(k,j,b),i,m):new Jb(Gc(k,j,b),b,m,j.substr(i.length+1))):(m=la(m.protocol,m.host,m.port)+(m.path||\"\")+(m.search?\"?\"+m.search:\"\")+\"#\"+b+\"/\",f=new Ha(k,b,m));g.bind(\"click\",function(a){if(!a.ctrlKey&&!(a.metaKey||a.which==2)){for(var b=u(a.target);A(b[0].nodeName)!==\"a\";)if(b[0]===g[0]||!(b=b.parent())[0])return;var d=b.prop(\"href\"),e=f.$$rewriteAppUrl(d);d&&!b.attr(\"target\")&&e&&(f.$$parse(e),c.$apply(),a.preventDefault(),N.angular[\"ff-684208-preventDefault\"]=!0)}});f.absUrl()!=\nk&&d.url(f.absUrl(),!0);d.onUrlChange(function(a){f.absUrl()!=a&&(c.$evalAsync(function(){var b=f.absUrl();f.$$parse(a);h(b)}),c.$$phase||c.$digest())});var l=0;c.$watch(function(){var a=d.url(),b=f.$$replace;if(!l||a!=f.absUrl())l++,c.$evalAsync(function(){c.$broadcast(\"$locationChangeStart\",f.absUrl(),a).defaultPrevented?f.$$parse(a):(d.url(f.absUrl(),b),h(a))});f.$$replace=!1;return l});return f;}" "[object Object]" 30 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js function (a) {a=m.get(a+f);return t.invoke(a.$get,a);} "[object Object]" 39 https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js 0 javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()%2F%2F window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink() decodeURIComponent function decodeURIComponent() { [native code] } "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()%2F%2F" 7 0 http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()%2F%2F <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="1732833613"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css"> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> <style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li> <li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li> <li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li> <li><a href="#/archive" data-arachni-id="916551842">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about" data-arachni-id="63058797">About</a></li> <li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view=""><div id="loader" class="ng-scope" style="display: none; "> Loading ... <i class="icon-spinner icon-spin icon-2x pull-left"></i> </div> <div data-ng-include="'/static/app/partials/itemsList.html'" class="ng-scope"><div class="row-fluid ng-scope"> <div class="pull-left"> <input type="text" placeholder="Filter results" ng-model="searchText" class="ng-pristine ng-valid" data-arachni-id="0"> </div> <div class="pull-right"> <div ng-show="filter==''">Page <span ng-bind-html-unsafe="pageStr" style="font-weight: bold;" class="ng-binding">0</span> </div> </div> <div class="pull-right"> <div ng-show="filter!=''" style="display: none; ">Filtering for host <b class="ng-binding"></b></div> </div> </div> <!-- ngRepeat: item in items | filter:filter | filter:searchText --><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://javahacker.com/the-first-javascript-misdirection-contest/" target="_blank" href="http://javahacker.com/the-first-javascript-misdirection-contest/" data-arachni-id="638179893"><img ng-src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png" class="img-rounded" src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/javahacker.com" class="ng-binding" href="#/all/filter/javahacker.com" data-arachni-id="1120821955">javahacker.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">4</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/irsdl" target="_blank" class="ng-binding" href="http://twitter.com/irsdl" data-arachni-id="1932745266">@irsdl</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/WisecWisec" target="_blank" class="ng-binding" href="http://twitter.com/WisecWisec" data-arachni-id="1159424928">@WisecWisec</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/adam_baldwin" target="_blank" class="ng-binding" href="http://twitter.com/adam_baldwin" data-arachni-id="-575155691">@adam_baldwin</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/irsdl" target="_blank" href="http://twitter.com/irsdl" data-arachni-id="-1386142063"><b class="ng-binding">@irsdl</b></a><br> RT @peterjaric: The winner of the JavaScript Misdirection Contest: @aymericbeaumet! Check out all entries at http://t.co/r38tRSqfo3 http:/… <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" target="_blank" href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" data-arachni-id="-482669131"><img ng-src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png" class="img-rounded" src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/www.wired.com" class="ng-binding" href="#/all/filter/www.wired.com" data-arachni-id="1436533755">www.wired.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/"><div class="detailsboxTitle ng-binding">This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/titanous" target="_blank" class="ng-binding" href="http://twitter.com/titanous" data-arachni-id="-1592843519">@titanous</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/stefant" target="_blank" class="ng-binding" href="http://twitter.com/stefant" data-arachni-id="-2023154779">@stefant</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/titanous" target="_blank" href="http://twitter.com/titanous" data-arachni-id="2124267712"><b class="ng-binding">@titanous</b></a><br> RT @csoghoian: This is excellent. http://t.co/L1YY4g87OI http://t.co/wQ5XsgFYWD <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" target="_blank" href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" data-arachni-id="-535118315"><img ng-src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png" class="img-rounded" src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/labs.bromium.com" class="ng-binding" href="#/all/filter/labs.bromium.com" data-arachni-id="5534590">labs.bromium.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/"><div class="detailsboxTitle ng-binding">An interesting detail about Control Flow Guard | Bromium Labs</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" class="ng-binding" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1031551260">@ABazhaniuk</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/matrosov" target="_blank" class="ng-binding" href="http://twitter.com/matrosov" data-arachni-id="598024477">@matrosov</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1743479005"><b class="ng-binding">@ABazhaniuk</b></a><br> RT @ClausHoumann: An interesting detail about Control Flow Guard http://t.co/XIuaRMABnH <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" target="_blank" href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" data-arachni-id="351646421"><img ng-src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png" class="img-rounded" src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/securityaffairs.co" class="ng-binding" href="#/all/filter/securityaffairs.co" data-arachni-id="2114659152">securityaffairs.co</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=7906144d5b0e85adfdf752593fdc3da6" href="/like?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=7906144d5b0e85adfdf752593fdc3da6" href="/report?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html"><div class="detailsboxTitle ng-binding">Are you still using TrueCrypt? Beware of these 2 critical flaws!Security Affairs</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/stamparm" target="_blank" class="ng-binding" href="http://twitter.com/stamparm" data-arachni-id="1599093753">@stamparm</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/seecurity" target="_blank" href="http://twitter.com/seecurity" data-arachni-id="1187679520"><b class="ng-binding">@seecurity</b></a><br> RT @HenkvanRoest: "Are you still using TrueCrypt? Beware of these 2 critical flaws!" http://t.co/gWMlyvog24 #security #feedly <br><br> </div> </div> </div> </div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope"> <div class="well well-small shadow" style="overflow: hidden;"> <div class="span7"><a ng-href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" target="_blank" href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" data-arachni-id="-1241260543"><img ng-src="/static/scr/default.png" class="img-rounded" src="/static/scr/default.png"></a></div> <div class="span5 well well-small detailsbox"> <div class="row-fluid"> <div class="rating"> </div> </div> <div class="row-fluid"> <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/blog.cobaltstrike.com" class="ng-binding" href="#/all/filter/blog.cobaltstrike.com" data-arachni-id="-1467443516">blog.cobaltstrike.com</a></div> <div class="muted pull-right" style="padding-bottom: 10px;"> <a class="btn btn-mini" ng-href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a> <a class="btn btn-mini" ng-href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a> <a class="btn btn-mini" ng-href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a> </div> </div> <a ng-href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/"><div class="detailsboxTitle ng-binding">untitled</div></a> <hr> <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;"> <div class=""><b class="ng-binding">2</b> tweets from <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/vegoshin" target="_blank" class="ng-binding" href="http://twitter.com/vegoshin" data-arachni-id="-2016345391">@vegoshin</a> </span><span ng-repeat="user in item.value.users" class="ng-scope"> <a ng-href="http://twitter.com/roo7break" target="_blank" class="ng-binding" href="http://twitter.com/roo7break" data-arachni-id="1992343354">@roo7break</a> </span> </div> </div> <div class="ng-binding"> <a ng-href="http://twitter.com/vegoshin" target="_blank" href="http://twitter.com/vegoshin" data-arachni-id="1858812048"><b class="ng-binding">@vegoshin</b></a><br> Advanced Threat Tactics – Course and Notes http://t.co/zx2C8gN6LT <br><br> </div> </div> </div> </div> <ul class="pager ng-scope"> <li><a ng-href="#/popular/page/-1" ng-show="page&gt;0" href="#/popular/page/-1" style="display: none; ">Previous</a></li> <li><a ng-href="#/popular/page/1" ng-show="filter==''" href="#/popular/page/1" data-arachni-id="2424595">Next</a></li> </ul></div></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>1</b> times.</div> </div> <footer> <p class="pull-left">© Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/"></div> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&amp;ad_client=723898932&amp;u_h=768&amp;u_w=1024&amp;pn=&amp;ref=&amp;url=http://testhtml5.vulnweb.com/&amp;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body></html> http://testhtml5.vulnweb.com/ get

GET http://testhtml5.vulnweb.com/ HTTP/1.1 User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12 Connection: Keep-Alive Accept-Encoding: gzip Accept-Language: en-US,* Host: testhtml5.vulnweb.com http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript --> <script> /* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */ window._arachni_js_namespace = true; /* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */ </script> <!-- Injected by Arachni::Browser::Javascript --> <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <!-- App libs --> <script src="/static/app/app.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/libs/sessvars.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/post.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/controllers/controllers.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="/static/app/services/itemsService.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> <script src="http://bxss.s3.amazonaws.com/ad.js"> // Injected by Arachni::Browser::Javascript _arachni_js_namespaceTaintTracer.update_tracers(); _arachni_js_namespaceDOMMonitor.update_trackers(); </script> <script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript --> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/#/popular page load 1.0635 http://testhtml5.vulnweb.com/ request 0.0007 http://bxss.s3.amazonaws.com/ad.js request 0.5265 http://testhtml5.vulnweb.com/ajax/popular?offset=0 request 0.226 true Common directory Web applications are often made up of multiple files and directories. It is possible that over time some directories may become unreferenced (unused) by the web application and forgotten about by the administrator/developer. Because web applications are built using common frameworks, they contain common directories that can be discovered (independent of server). During the initial recon stages of an attack, cyber-criminals will attempt to locate unreferenced directories in the hope that the directory will assist in further compromise of the web application. To achieve this they will make thousands of requests using word lists containing common names. The response headers from the server will then indicate if the directory exists. Arachni also contains a list of common directory names which it will attempt to access. If directories are unreferenced then they should be removed from the web root and/or the application directory. Preventing access without authentication may also be an option and can stop a client from being able to view the contents of a file, however it is still likely that the directory structure will be able to be discovered. Using obscure directory names is implementing security through obscurity and is not a recommended option. medium Common directories Tries to find common directories on the server. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.2.3 common_directories 538 210636003 Arachni::Element::Server server http://testhtml5.vulnweb.com/samples/ http://testhtml5.vulnweb.com/samples/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Python samples</title> </head> <body> <h3>Simple python programs:</h3> <ul> <li><a href="/getfile?fname=sample1.py">First sample</a></li> <li><a href="/getfile?fname=sample1.py">Second sample</a></li> </ul> </body> </html> http://testhtml5.vulnweb.com/samples/ get

GET /samples/ HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/samples/ 200 176.28.50.165 0.1056 ok No error

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Python samples</title> </head> <body> <h3>Simple python programs:</h3> <ul> <li><a href="/getfile?fname=sample1.py">First sample</a></li> <li><a href="/getfile?fname=sample1.py">Second sample</a></li> </ul> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:44 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip http://testhtml5.vulnweb.com/samples/ <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ HTTP/1.1 200 OK true Unencrypted password form The HTTP protocol by itself is clear text, meaning that any data that is transmitted via HTTP can be captured and the contents viewed. To keep data private, and prevent it from being intercepted, HTTP is often tunnelled through either Secure Sockets Layer (SSL), or Transport Layer Security (TLS). When either of these encryption standards are used it is referred to as HTTPS. Cyber-criminals will often attempt to compromise credentials passed from the client to the server using HTTP. This can be conducted via various different Man-in-The-Middle (MiTM) attacks or through network packet captures. Arachni discovered that the affected page contains a `password` input, however, the value of the field is not sent to the server utilising HTTPS. Therefore it is possible that any submitted credential may become compromised. The affected site should be secured utilising the latest and most secure encryption protocols. These include SSL version 3.0 and TLS version 1.2. While TLS 1.2 is the latest and the most preferred protocol, not all browsers will support this encryption method. Therefore, the more common SSL is included. Older protocols such as SSL version 2, and weak ciphers (< 128 bit) should also be disabled. medium Unencrypted password forms Looks for password inputs that don't submit data over an encrypted channel (HTTPS). Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.2.1 unencrypted_password_forms 319 3752275821 Arachni::Element::Form form http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/login <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> post password <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ true Insecure 'Access-Control-Allow-Origin' header _Cross Origin Resource Sharing (CORS)_ is an HTML5 technology which gives modern web browsers the ability to bypass restrictions implemented by the _Same Origin Policy_. The _Same Origin Policy_ requires that both the JavaScript and the page are loaded from the same domain in order to allow JavaScript to interact with the page. This in turn prevents malicious JavaScript being executed when loaded from external domains. The CORS policy allows the application to specify exceptions to the protections implemented by the browser, and allows the developer to whitelist domains for which external JavaScript is permitted to execute and interact with the page. A weak CORS policy is one which whitelists all domains using a wildcard (`*`), which will allow any externally loaded JavaScript resource to interact with the affected page. This can severely increase the risk of attacks such as Cross Site Scripting etc. Arachni detected that the CORS policy being set by the server was weak, and used a wildcard value. This is evident by the `Access-Control-Allow-Origin` header being set to `*`. It is important that weak CORS policies are not used. Policies can be hardened by removing the wildcard and individually specifying the domains where the trusted JavaScript resources are located. If the list of hosts for externally hosted JavaScript resources is excessive, then a whole top level domain can be whitelisted by using a combination of the wildcard and the domain (example: `*.arachni-scanner.com`). low Insecure CORS policy Checks the host for a wildcard (`*`) `Access-Control-Allow-Origin` header. Tasos Laskos <tasos.laskos@arachni-scanner.com> 0.1.1 insecure_cors_policy 3223695087 Arachni::Element::Server server http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/ <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ Access-Control-Allow-Origin: * true Password field with auto-complete In typical form-based web applications, it is common practice for developers to allow `autocomplete` within the HTML form to improve the usability of the page. With `autocomplete` enabled (default), the browser is allowed to cache previously entered form values. For legitimate purposes, this allows the user to quickly re-enter the same data when completing the form multiple times. When `autocomplete` is enabled on either/both the username and password fields, this could allow a cyber-criminal with access to the victim's computer the ability to have the victim's credentials automatically entered as the cyber-criminal visits the affected page. Arachni has discovered that the affected page contains a form containing a password field that has not disabled `autocomplete`. The `autocomplete` value can be configured in two different locations. The first and most secure location is to disable the `autocomplete` attribute on the `<form>` HTML tag. This will disable `autocomplete` for all inputs within that form. An example of disabling `autocomplete` within the form tag is `<form autocomplete=off>`. The second slightly less desirable option is to disable the `autocomplete` attribute for a specific `<input>` HTML tag. While this may be the less desired solution from a security perspective, it may be preferred method for usability reasons, depending on size of the form. An example of disabling the `autocomplete` attribute within a password input tag is `<input type=password autocomplete=off>`. low Password field with auto-complete Greps pages for forms which have password fields without explicitly disabling auto-complete. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.3.1 password_autocomplete 41748423 Arachni::Element::Form form http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/login <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ true Missing 'X-Frame-Options' header Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. The server didn't return an `X-Frame-Options` header which means that this website could be at risk of a clickjacking attack. The `X-Frame-Options` HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. Configure your web server to include an `X-Frame-Options` header. low Missing X-Frame-Options header Checks the host for a missing `X-Frame-Options` header. Tasos Laskos <tasos.laskos@arachni-scanner.com> 0.1.1 x_frame_options 693 3951068234 Arachni::Element::Server server http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/ <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ HTTP/1.1 200 OK true Interesting response The server responded with a non 200 (OK) nor 404 (Not Found) status code. This is a non-issue, however exotic HTTP response status codes can provide useful insights into the behavior of the web application and assist with the penetration test. informational Interesting responses Logs all non 200 (OK) server responses. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.2.1 interesting_responses 215417069 Arachni::Element::Server server http://testhtml5.vulnweb.com/static/css/?%3Cmy_tag_88fc8f0ec9141866cb14f3125be901b4/%3E= http://testhtml5.vulnweb.com/static/css/?%3Cmy_tag_88fc8f0ec9141866cb14f3125be901b4/%3E= <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.4.1</center> </body> </html> http://testhtml5.vulnweb.com/static/css/ get

GET /static/css/?%3Cmy_tag_88fc8f0ec9141866cb14f3125be901b4%2F%3E= HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/static/css/?%3Cmy_tag_88fc8f0ec9141866cb14f3125be901b4/%3E= 403 176.28.50.165 0.1077 ok No error

<html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> <hr><center>nginx/1.4.1</center> </body> </html> HTTP/1.1 403 Forbidden Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:39:20 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip http://testhtml5.vulnweb.com/static/css/?%3Cmy_tag_88fc8f0ec9141866cb14f3125be901b4/%3E= <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ HTTP/1.1 403 Forbidden true Interesting response The server responded with a non 200 (OK) nor 404 (Not Found) status code. This is a non-issue, however exotic HTTP response status codes can provide useful insights into the behavior of the web application and assist with the penetration test. informational Interesting responses Logs all non 200 (OK) server responses. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.2.1 interesting_responses 3196565494 Arachni::Element::Server server http://testhtml5.vulnweb.com/contact http://testhtml5.vulnweb.com/contact <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <title>405 Method Not Allowed</title> <h1>Method Not Allowed</h1> <p>The method GET is not allowed for the requested URL.</p> http://testhtml5.vulnweb.com/contact get

GET /contact HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/contact 405 176.28.50.165 0.1096 ok No error

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <title>405 Method Not Allowed</title> <h1>Method Not Allowed</h1> <p>The method GET is not allowed for the requested URL.</p> HTTP/1.1 405 METHOD NOT ALLOWED Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:39:13 GMT Content-Type: text/html Content-Length: 182 Connection: keep-alive Allow: POST, OPTIONS http://testhtml5.vulnweb.com/contact <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ HTTP/1.1 405 METHOD NOT ALLOWED true Interesting response The server responded with a non 200 (OK) nor 404 (Not Found) status code. This is a non-issue, however exotic HTTP response status codes can provide useful insights into the behavior of the web application and assist with the penetration test. informational Interesting responses Logs all non 200 (OK) server responses. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.2.1 interesting_responses 1177367154 Arachni::Element::Server server http://testhtml5.vulnweb.com/login http://testhtml5.vulnweb.com/login <html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.4.1</center> </body> </html> http://testhtml5.vulnweb.com/login post

username=%2Fproc%2Fself%2Fenviron%00.&password=5543%21%25arachni_secret&loginFormSubmit=1 POST /login HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Content-Length: 89 Content-Type: application/x-www-form-urlencoded username=%2Fproc%2Fself%2Fenviron%00.&password=5543%21%25arachni_secret&loginFormSubmit=1 http://testhtml5.vulnweb.com/login 502 176.28.50.165 0.1879 ok No error

<html> <head><title>502 Bad Gateway</title></head> <body bgcolor="white"> <center><h1>502 Bad Gateway</h1></center> <hr><center>nginx/1.4.1</center> </body> </html> HTTP/1.1 502 Bad Gateway Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:51 GMT Content-Type: text/html Content-Length: 172 Connection: keep-alive http://testhtml5.vulnweb.com/login <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ HTTP/1.1 502 Bad Gateway true Interesting response The server responded with a non 200 (OK) nor 404 (Not Found) status code. This is a non-issue, however exotic HTTP response status codes can provide useful insights into the behavior of the web application and assist with the penetration test. informational Interesting responses Logs all non 200 (OK) server responses. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.2.1 interesting_responses 1528656611 Arachni::Element::Server server http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/ <html> <head><title>405 Not Allowed</title></head> <body bgcolor="white"> <center><h1>405 Not Allowed</h1></center> <hr><center>nginx/1.4.1</center> </body> </html> http://testhtml5.vulnweb.com/ trace

TRACE / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 405 176.28.50.165 0.1097 ok No error

<html> <head><title>405 Not Allowed</title></head> <body bgcolor="white"> <center><h1>405 Not Allowed</h1></center> <hr><center>nginx/1.4.1</center> </body> </html> HTTP/1.1 405 Not Allowed Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:47 GMT Content-Type: text/html Content-Length: 172 Connection: close http://testhtml5.vulnweb.com/ <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ HTTP/1.1 405 Not Allowed true Allowed HTTP methods There are a number of HTTP methods that can be used on a webserver (`OPTIONS`, `HEAD`, `GET`, `POST`, `PUT`, `DELETE` etc.). Each of these methods perform a different function and each have an associated level of risk when their use is permitted on the webserver. A client can use the `OPTIONS` method within a request to query a server to determine which methods are allowed. Cyber-criminals will almost always perform this simple test as it will give a very quick indication of any high-risk methods being permitted by the server. Arachni discovered that several methods are supported by the server. It is recommended that a whitelisting approach be taken to explicitly permit the HTTP methods required by the application and block all others. Typically the only HTTP methods required for most applications are `GET` and `POST`. All other methods perform actions that are rarely required or perform actions that are inherently risky. These risky methods (such as `PUT`, `DELETE`, etc) should be protected by strict limitations, such as ensuring that the channel is secure (SSL/TLS enabled) and only authorised and trusted clients are permitted to use them. informational Allowed methods Checks for supported HTTP methods. Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com> 0.2 allowed_methods 529892463 Arachni::Element::Server server http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/ options

OPTIONS / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.0904 ok No error

HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:46 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive Allow: HEAD, OPTIONS, GET http://testhtml5.vulnweb.com/ <!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> http://testhtml5.vulnweb.com/ get

GET / HTTP/1.1 Host: testhtml5.vulnweb.com Accept-Encoding: gzip, deflate User-Agent: Arachni/v1.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 http://testhtml5.vulnweb.com/ 200 176.28.50.165 0.1832 ok No error

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp"> <head> <meta charset="utf-8"> <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le styles --> <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet"> <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'> <link href="/static/css/style.css" rel="stylesheet"> <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico"> <style type="text/css"> body { padding-top: 60px; padding-bottom: 40px; } .sidebar-nav { padding: 9px 0; } @media (max-width: 980px) { /* Enable use of floated navbar text */ .navbar-text.pull-right { float: none; padding-left: 5px; padding-right: 5px; } } </style> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container-fluid"> <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a> <p class="navbar-text pull-left"> Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>. </p> <p class="navbar-text pull-right"> <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a> </p> </div> </div> </div> <div class="container-fluid"> <div class="row-fluid"> <div class="span2"> <div class="well sidebar-nav"> <ul class="nav nav-list"> <li class="nav-header">Views</li> <li id="popularLi" class="active"><a href="#/popular">Popular</a></li> <li><a href="#/latest">Latest</a></li> <li><a href="#/carousel">Carousel</a></li> <li><a href="#/archive">Archive</a></li> <li class="nav-header">Website</li> <li><a href="#/about">About</a></li> <li><a href="#/contact">Contact</a></li> <li class="nav-header">Acunetix</li> <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li> <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li> <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li> <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="span10"> <div class="row-fluid"> <div ng-view></div> </div><!--/row--> </div><!--/span--> </div><!--/row--> <hr> <div class="row-fluid"> <div class="pull-left" style="font-size: xx-small;" id="refId"></div> </div> <footer> <p class="pull-left">&copy; Acunetix Ltd. 2013</p> </footer> </div><!--/.fluid-container--> <!-- Modal --> <div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true"> <form class="modal-body" action="/login" method="POST" id="loginForm"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button> <h3 id="myModalLabel">Login</h3> </div> <div class="modal-body"> <div class="control-group"> <!-- Username --> <label class="control-label" for="username">Username</label> <div class="controls"> <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin"> </div> </div> <div class="control-group"> <!-- Password--> <label class="control-label" for="password">Password</label> <div class="controls"> <input type="password" id="password" name="password" placeholder="" class="input-xlarge"> </div> </div> <div class="control-group"> <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a> </div> </div> <div class="modal-footer"> <button class="btn btn-primary" id="loginFormSubmit">Login</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button> </div> </form> </div> <!-- Le javascript ================================================== --> <!-- Placed at the end of the document so the pages load faster --> <script src="http://code.jquery.com/jquery-1.9.1.min.js"></script> <script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script> <!-- App libs --> <script src="/static/app/app.js"></script> <script src="/static/app/libs/sessvars.js"></script> <script src="/static/app/post.js"></script> <script src="/static/app/controllers/controllers.js"></script> <script src="/static/app/services/itemsService.js"></script> <script src="http://bxss.s3.amazonaws.com/ad.js"></script> </body> </html> HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Thu, 01 Oct 2015 14:36:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Access-Control-Allow-Origin: * Content-Encoding: gzip http://testhtml5.vulnweb.com/ HEAD, OPTIONS, GET true Health map Generates a simple list of safe/unsafe URLs. 52 8 44 15 Uniformity (Lack of central sanitization) Analyzes the scan results and logs issues which persist across different pages. This is usually a sign for a lack of a central/single point of input sanitization, a bad coding practise. 1696823749 2500734820 1008740572