1.3
---
http:
user_agent: Arachni/v1.3
request_timeout: 10000
request_redirect_limit: 5
request_concurrency: 20
request_queue_size: 100
request_headers: {}
response_max_size: 500000
cookies: {}
audit:
parameter_values: true
exclude_vector_patterns: []
include_vector_patterns: []
link_templates: []
links: true
forms: true
cookies: true
ui_inputs: true
ui_forms: true
jsons: true
xmls: true
input:
values: {}
default_values:
"(?i-mx:name)": arachni_name
"(?i-mx:user)": arachni_user
"(?i-mx:usr)": arachni_user
"(?i-mx:pass)": 5543!%arachni_secret
"(?i-mx:txt)": arachni_text
"(?i-mx:num)": '132'
"(?i-mx:amount)": '100'
"(?i-mx:mail)": arachni@email.gr
"(?i-mx:account)": '12'
"(?i-mx:id)": '1'
without_defaults: false
force: false
datastore:
report_path:
browser_cluster:
local_storage: {}
wait_for_elements: {}
pool_size: 6
job_timeout: 25
worker_time_to_live: 100
ignore_images: false
screen_width: 1600
screen_height: 1200
scope:
redundant_path_patterns: {}
dom_depth_limit: 5
exclude_path_patterns: []
exclude_content_patterns: []
include_path_patterns: []
restrict_paths: []
extend_paths: []
url_rewrites: {}
session: {}
checks:
- csrf
- xss_tag
- code_injection_timing
- trainer
- os_cmd_injection
- xss_dom_script_context
- xss_dom
- xss_script_context
- no_sql_injection
- xpath_injection
- session_fixation
- no_sql_injection_differential
- sql_injection_timing
- sql_injection
- file_inclusion
- source_code_disclosure
- xss_path
- os_cmd_injection_timing
- code_injection_php_input_wrapper
- path_traversal
- rfi
- xxe
- unvalidated_redirect_dom
- xss_event
- code_injection
- unvalidated_redirect
- ldap_injection
- xss
- sql_injection_differential
- response_splitting
- insecure_cross_domain_policy_access
- common_files
- webdav
- common_directories
- localstart_asp
- backup_files
- unencrypted_password_forms
- hsts
- form_upload
- ssn
- captcha
- http_only_cookies
- private_ip
- cookie_set_for_parent_domain
- insecure_cookies
- x_frame_options
- cvs_svn_users
- html_objects
- mixed_resource
- emails
- credit_card
- password_autocomplete
- insecure_cors_policy
- origin_spoof_access_restriction_bypass
- backup_directories
- http_put
- interesting_responses
- allowed_methods
- insecure_client_access_policy
- htaccess_limit
- backdoors
- directory_listing
- common_admin_interfaces
- xst
- insecure_cross_domain_policy_headers
platforms: []
plugins: {}
no_fingerprinting: false
authorized_by:
url: http://testhtml5.vulnweb.com/
2015-10-01T17:37:14+03:00
2015-10-01T17:42:30+03:00
Cross-Site Request Forgery
In the majority of today's web applications, clients are required to submit forms
which can perform sensitive operations.
An example of such a form being used would be when an administrator wishes to
create a new user for the application.
In the simplest version of the form, the administrator would fill-in:
* Name
* Password
* Role (level of access)
Continuing with this example, Cross Site Request Forgery (CSRF) would occur when
the administrator is tricked into clicking on a link, which if logged into the
application, would automatically submit the form without any further interaction.
Cyber-criminals will look for sites where sensitive functions are performed in
this manner and then craft malicious requests that will be used against clients
via a social engineering attack.
There are 3 things that are required for a CSRF attack to occur:
1. The form must perform some sort of sensitive action.
2. The victim (the administrator the example above) must have an active session.
3. Most importantly, all parameter values must be **known** or **guessable**.
Arachni discovered that all parameters within the form were known or predictable
and therefore the form could be vulnerable to CSRF.
_Manual verification may be required to check whether the submission will then
perform a sensitive action, such as reset a password, modify user profiles, post
content on a forum, etc._
Based on the risk (determined by manual verification) of whether the form submission
performs a sensitive action, the addition of anti-CSRF tokens may be required.
These tokens can be configured in such a way that each session generates a new
anti-CSRF token or such that each individual request requires a new token.
It is important that the server track and maintain the status of each token (in
order to reject requests accompanied by invalid ones) and therefore prevent
cyber-criminals from knowing, guessing or reusing them.
_For examples of framework specific remediation options, please refer to the references._
high
CSRF
It uses differential analysis to determine which forms affect business logic and
checks them for lack of anti-CSRF tokens.
(Works best with a valid session.)
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.3.5
csrf
352
889065924
Arachni::Element::Form
form
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/contact
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="-88160834"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
<style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class=""><a href="#/popular" data-arachni-id="1270713017">Popular</a></li>
<li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li>
<li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li>
<li><a href="#/archive" data-arachni-id="916551842">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about" data-arachni-id="63058797">About</a></li>
<li class="active"><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view=""><form class="well span10 ng-scope ng-pristine ng-valid" action="/contact" method="POST">
<div class="row-fluid">
<div class="span6">
<label>First Name</label>
<input type="text" class="span8" placeholder="Your First Name" name="firstName">
<label>Last Name</label>
<input type="text" class="span8" placeholder="Your Last Name" name="lastName">
<label>Email Address</label>
<input type="text" class="span8" placeholder="Your email address" name="address">
<label>Subject</label>
<select id="subject" name="subject" class="span8">
<option value="na" selected="">Choose One:</option>
<option value="service">General Customer Service</option>
<option value="suggestions">Suggestions</option>
<option value="product">Product Support</option>
</select>
</div>
<div class="span6">
<label>Message</label>
<textarea name="message" id="message" class="input-xlarge span10" rows="10"></textarea>
</div>
</div>
<button id="butonul" type="submit" class="btn btn-primary pull-left">Send</button>
</form>
</div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>4</b> times.</div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/#/popular"></div>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/#/popular&" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body></html>
http://testhtml5.vulnweb.com/
get
GET http://testhtml5.vulnweb.com/ HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/#/contact
page
load
http://testhtml5.vulnweb.com/
request
http://bxss.s3.amazonaws.com/ad.js
request
http://testhtml5.vulnweb.com/ajax/popular?offset=0
request
<a href="#/contact" data-arachni-id="-1678787584">
click
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="-88160834"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
<style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class=""><a href="#/popular" data-arachni-id="1270713017">Popular</a></li>
<li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li>
<li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li>
<li><a href="#/archive" data-arachni-id="916551842">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about" data-arachni-id="63058797">About</a></li>
<li class="active"><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view=""><form class="well span10 ng-scope ng-pristine ng-valid" action="/contact" method="POST">
<div class="row-fluid">
<div class="span6">
<label>First Name</label>
<input type="text" class="span8" placeholder="Your First Name" name="firstName">
<label>Last Name</label>
<input type="text" class="span8" placeholder="Your Last Name" name="lastName">
<label>Email Address</label>
<input type="text" class="span8" placeholder="Your email address" name="address">
<label>Subject</label>
<select id="subject" name="subject" class="span8">
<option value="na" selected="">Choose One:</option>
<option value="service">General Customer Service</option>
<option value="suggestions">Suggestions</option>
<option value="product">Product Support</option>
</select>
</div>
<div class="span6">
<label>Message</label>
<textarea name="message" id="message" class="input-xlarge span10" rows="10"></textarea>
</div>
</div>
<button id="butonul" type="submit" class="btn btn-primary pull-left">Send</button>
</form>
</div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>4</b> times.</div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/#/popular"></div>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/#/popular&" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body></html>
http://testhtml5.vulnweb.com/
get
GET http://testhtml5.vulnweb.com/ HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/#/contact
page
load
http://testhtml5.vulnweb.com/
request
http://bxss.s3.amazonaws.com/ad.js
request
http://testhtml5.vulnweb.com/ajax/popular?offset=0
request
<a href="#/contact" data-arachni-id="-1678787584">
click
<form class="well span10 ng-scope ng-pristine ng-valid" action="/contact" method="POST">
<div class="row-fluid">
<div class="span6">
<label>First Name</label>
<input type="text" class="span8" placeholder="Your First Name" name="firstName">
<label>Last Name</label>
<input type="text" class="span8" placeholder="Your Last Name" name="lastName">
<label>Email Address</label>
<input type="text" class="span8" placeholder="Your email address" name="address">
<label>Subject</label>
<select id="subject" name="subject" class="span8">
<option value="na" selected>Choose One:</option>
<option value="service">General Customer Service</option>
<option value="suggestions">Suggestions</option>
<option value="product">Product Support</option>
</select>
</div>
<div class="span6">
<label>Message</label>
<textarea name="message" id="message" class="input-xlarge span10" rows="10"></textarea>
</div>
</div>
<button id="butonul" type="submit" class="btn btn-primary pull-left">Send</button>
</form>
true
Unvalidated DOM redirect
Web applications occasionally use DOM input values to store the address of the
page to which the client will be redirected -- for example:
`yoursite.com/#/?redirect=www.yoursite.com/404.asp`
An unvalidated redirect occurs when the client is able to modify the affected
parameter value and thus control the location of the redirection.
For example, the following URL `yoursite.com/#/?redirect=www.anothersite.com`
will redirect to `www.anothersite.com`.
Cyber-criminals will abuse these vulnerabilities in social engineering attacks
to get users to unknowingly visit malicious web sites.
Arachni has discovered that the web page does not validate the parameter value prior
to redirecting the client to the injected value.
The application should ensure that the supplied value for a redirect is permitted.
This can be achieved by performing whitelisting on the parameter value.
The whitelist should contain a list of pages or sites that the application is
permitted to redirect users to. If the supplied value does not match any value
in the whitelist then the server should redirect to a standard error page.
high
Unvalidated DOM redirect
Injects URLs and checks the browser URL to determine whether the attack was successful.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.1.2
unvalidated_redirect_dom
819
707201679
Arachni::Element::Link::DOM
link_dom
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/
http://www.88fc8f0ec9141866cb14f3125be901b4.com/
get
url
http://www.88fc8f0ec9141866cb14f3125be901b4.com/
get
http://www.88fc8f0ec9141866cb14f3125be901b4.com/
0
http://www.88fc8f0ec9141866cb14f3125be901b4.com/
page
load
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="1732833613"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
<style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li>
<li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li>
<li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li>
<li><a href="#/archive" data-arachni-id="916551842">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about" data-arachni-id="63058797">About</a></li>
<li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view=""><div id="loader" class="ng-scope" style="display: none; ">
Loading ...
<i class="icon-spinner icon-spin icon-2x pull-left"></i>
</div>
<div data-ng-include="'/static/app/partials/itemsList.html'" class="ng-scope"><div class="row-fluid ng-scope">
<div class="pull-left">
<input type="text" placeholder="Filter results" ng-model="searchText" class="ng-pristine ng-valid" data-arachni-id="0">
</div>
<div class="pull-right">
<div ng-show="filter==''">Page
<span ng-bind-html-unsafe="pageStr" style="font-weight: bold;" class="ng-binding">0</span>
</div>
</div>
<div class="pull-right">
<div ng-show="filter!=''" style="display: none; ">Filtering for host <b class="ng-binding"></b></div>
</div>
</div>
<!-- ngRepeat: item in items | filter:filter | filter:searchText --><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://javahacker.com/the-first-javascript-misdirection-contest/" target="_blank" href="http://javahacker.com/the-first-javascript-misdirection-contest/" data-arachni-id="638179893"><img ng-src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png" class="img-rounded" src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/javahacker.com" class="ng-binding" href="#/all/filter/javahacker.com" data-arachni-id="1120821955">javahacker.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">4</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/irsdl" target="_blank" class="ng-binding" href="http://twitter.com/irsdl" data-arachni-id="1932745266">@irsdl</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/WisecWisec" target="_blank" class="ng-binding" href="http://twitter.com/WisecWisec" data-arachni-id="1159424928">@WisecWisec</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/adam_baldwin" target="_blank" class="ng-binding" href="http://twitter.com/adam_baldwin" data-arachni-id="-575155691">@adam_baldwin</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/irsdl" target="_blank" href="http://twitter.com/irsdl" data-arachni-id="-1386142063"><b class="ng-binding">@irsdl</b></a><br>
RT @peterjaric: The winner of the JavaScript Misdirection Contest:
@aymericbeaumet!
Check out all entries at http://t.co/r38tRSqfo3 http:/… <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" target="_blank" href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" data-arachni-id="-482669131"><img ng-src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png" class="img-rounded" src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/www.wired.com" class="ng-binding" href="#/all/filter/www.wired.com" data-arachni-id="1436533755">www.wired.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/"><div class="detailsboxTitle ng-binding">This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/titanous" target="_blank" class="ng-binding" href="http://twitter.com/titanous" data-arachni-id="-1592843519">@titanous</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/stefant" target="_blank" class="ng-binding" href="http://twitter.com/stefant" data-arachni-id="-2023154779">@stefant</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/titanous" target="_blank" href="http://twitter.com/titanous" data-arachni-id="2124267712"><b class="ng-binding">@titanous</b></a><br>
RT @csoghoian: This is excellent. http://t.co/L1YY4g87OI http://t.co/wQ5XsgFYWD <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" target="_blank" href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" data-arachni-id="-535118315"><img ng-src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png" class="img-rounded" src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/labs.bromium.com" class="ng-binding" href="#/all/filter/labs.bromium.com" data-arachni-id="5534590">labs.bromium.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/"><div class="detailsboxTitle ng-binding">An interesting detail about Control Flow Guard | Bromium Labs</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/ABazhaniuk" target="_blank" class="ng-binding" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1031551260">@ABazhaniuk</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/matrosov" target="_blank" class="ng-binding" href="http://twitter.com/matrosov" data-arachni-id="598024477">@matrosov</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/ABazhaniuk" target="_blank" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1743479005"><b class="ng-binding">@ABazhaniuk</b></a><br>
RT @ClausHoumann: An interesting detail about Control Flow Guard http://t.co/XIuaRMABnH <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" target="_blank" href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" data-arachni-id="351646421"><img ng-src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png" class="img-rounded" src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/securityaffairs.co" class="ng-binding" href="#/all/filter/securityaffairs.co" data-arachni-id="2114659152">securityaffairs.co</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=7906144d5b0e85adfdf752593fdc3da6" href="/like?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=7906144d5b0e85adfdf752593fdc3da6" href="/report?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html"><div class="detailsboxTitle ng-binding">Are you still using TrueCrypt? Beware of these 2 critical flaws!Security Affairs</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/stamparm" target="_blank" class="ng-binding" href="http://twitter.com/stamparm" data-arachni-id="1599093753">@stamparm</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/seecurity" target="_blank" href="http://twitter.com/seecurity" data-arachni-id="1187679520"><b class="ng-binding">@seecurity</b></a><br>
RT @HenkvanRoest: "Are you still using TrueCrypt? Beware of these 2 critical flaws!" http://t.co/gWMlyvog24 #security #feedly <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" target="_blank" href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" data-arachni-id="-1241260543"><img ng-src="/static/scr/default.png" class="img-rounded" src="/static/scr/default.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/blog.cobaltstrike.com" class="ng-binding" href="#/all/filter/blog.cobaltstrike.com" data-arachni-id="-1467443516">blog.cobaltstrike.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/"><div class="detailsboxTitle ng-binding">untitled</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/vegoshin" target="_blank" class="ng-binding" href="http://twitter.com/vegoshin" data-arachni-id="-2016345391">@vegoshin</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/roo7break" target="_blank" class="ng-binding" href="http://twitter.com/roo7break" data-arachni-id="1992343354">@roo7break</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/vegoshin" target="_blank" href="http://twitter.com/vegoshin" data-arachni-id="1858812048"><b class="ng-binding">@vegoshin</b></a><br>
Advanced Threat Tactics – Course and Notes http://t.co/zx2C8gN6LT <br><br>
</div>
</div>
</div>
</div>
<ul class="pager ng-scope">
<li><a ng-href="#/popular/page/-1" ng-show="page>0" href="#/popular/page/-1" style="display: none; ">Previous</a></li>
<li><a ng-href="#/popular/page/1" ng-show="filter==''" href="#/popular/page/1" data-arachni-id="2424595">Next</a></li>
</ul></div></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>1</b> times.</div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/"></div>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/&" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body></html>
http://testhtml5.vulnweb.com/
get
GET http://testhtml5.vulnweb.com/ HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/#/popular
page
load
http://testhtml5.vulnweb.com/
request
http://bxss.s3.amazonaws.com/ad.js
request
http://testhtml5.vulnweb.com/ajax/popular?offset=0
request
true
Cross-Site Scripting (XSS)
Client-side scripts are used extensively by modern web applications.
They perform from simple functions (such as the formatting of text) up to full
manipulation of client-side data and Operating System interaction.
Cross Site Scripting (XSS) allows clients to inject scripts into a request and
have the server return the script to the client in the response. This occurs
because the application is taking untrusted data (in this example, from the client)
and reusing it without performing any validation or sanitisation.
If the injected script is returned immediately this is known as reflected XSS.
If the injected script is stored by the server and returned to any client visiting
the affected page, then this is known as persistent XSS (also stored XSS).
Arachni has discovered that it is possible to insert script content directly into
HTML element content.
To remedy XSS vulnerabilities, it is important to never use untrusted or unfiltered
data within the code of a HTML page.
Untrusted data can originate not only form the client but potentially a third
party or previously uploaded file etc.
Filtering of untrusted data typically involves converting special characters to
their HTML entity encoded counterparts (however, other methods do exist, see references).
These special characters include:
* `&`
* `<`
* `>`
* `"`
* `'`
* `/`
An example of HTML entity encoding is converting `<` to `<`.
Although it is possible to filter untrusted input, there are five locations
within an HTML page where untrusted input (even if it has been filtered) should
never be placed:
1. Directly in a script.
2. Inside an HTML comment.
3. In an attribute name.
4. In a tag name.
5. Directly in CSS.
Each of these locations have their own form of escaping and filtering.
_Because many browsers attempt to implement XSS protection, any manual verification
of this finding should be conducted using multiple different browsers and browser
versions._
high
XSS
Injects an HTML element into page inputs and then parses the HTML markup of
tainted responses to look for proof of vulnerability.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.4.4
xss
79
1696823749
Arachni::Element::Link
link
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/report
</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea>
get
id
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">-->
<link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
HTML5 test website for Acunetix Web Vulnerability Scanner.
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Action</li>
<li class="active"><a href="#/response">Response</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
Your report was submitted, thanks. <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> -->
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<footer>
<p>© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<script src="/static/app/app.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/report
get
GET /report?id=24e47eb911c4d9526f32bf4f7db3e47b%3C%2Ftextarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4%2F%3E%3C%21--%3Ctextarea%3E HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/report?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">-->
<link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
HTML5 test website for Acunetix Web Vulnerability Scanner.
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Action</li>
<li class="active"><a href="#/response">Response</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
Your report was submitted, thanks. <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> -->
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<footer>
<p>© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<script src="/static/app/app.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:37:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
http://testhtml5.vulnweb.com/report?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="1732833613"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
<style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li>
<li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li>
<li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li>
<li><a href="#/archive" data-arachni-id="916551842">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about" data-arachni-id="63058797">About</a></li>
<li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view=""><div id="loader" class="ng-scope" style="display: none; ">
Loading ...
<i class="icon-spinner icon-spin icon-2x pull-left"></i>
</div>
<div data-ng-include="'/static/app/partials/itemsList.html'" class="ng-scope"><div class="row-fluid ng-scope">
<div class="pull-left">
<input type="text" placeholder="Filter results" ng-model="searchText" class="ng-pristine ng-valid" data-arachni-id="0">
</div>
<div class="pull-right">
<div ng-show="filter==''">Page
<span ng-bind-html-unsafe="pageStr" style="font-weight: bold;" class="ng-binding">0</span>
</div>
</div>
<div class="pull-right">
<div ng-show="filter!=''" style="display: none; ">Filtering for host <b class="ng-binding"></b></div>
</div>
</div>
<!-- ngRepeat: item in items | filter:filter | filter:searchText --><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://javahacker.com/the-first-javascript-misdirection-contest/" target="_blank" href="http://javahacker.com/the-first-javascript-misdirection-contest/" data-arachni-id="638179893"><img ng-src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png" class="img-rounded" src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/javahacker.com" class="ng-binding" href="#/all/filter/javahacker.com" data-arachni-id="1120821955">javahacker.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">4</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/irsdl" target="_blank" class="ng-binding" href="http://twitter.com/irsdl" data-arachni-id="1932745266">@irsdl</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/WisecWisec" target="_blank" class="ng-binding" href="http://twitter.com/WisecWisec" data-arachni-id="1159424928">@WisecWisec</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/adam_baldwin" target="_blank" class="ng-binding" href="http://twitter.com/adam_baldwin" data-arachni-id="-575155691">@adam_baldwin</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/irsdl" target="_blank" href="http://twitter.com/irsdl" data-arachni-id="-1386142063"><b class="ng-binding">@irsdl</b></a><br>
RT @peterjaric: The winner of the JavaScript Misdirection Contest:
@aymericbeaumet!
Check out all entries at http://t.co/r38tRSqfo3 http:/… <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" target="_blank" href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" data-arachni-id="-482669131"><img ng-src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png" class="img-rounded" src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/www.wired.com" class="ng-binding" href="#/all/filter/www.wired.com" data-arachni-id="1436533755">www.wired.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/"><div class="detailsboxTitle ng-binding">This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/titanous" target="_blank" class="ng-binding" href="http://twitter.com/titanous" data-arachni-id="-1592843519">@titanous</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/stefant" target="_blank" class="ng-binding" href="http://twitter.com/stefant" data-arachni-id="-2023154779">@stefant</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/titanous" target="_blank" href="http://twitter.com/titanous" data-arachni-id="2124267712"><b class="ng-binding">@titanous</b></a><br>
RT @csoghoian: This is excellent. http://t.co/L1YY4g87OI http://t.co/wQ5XsgFYWD <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" target="_blank" href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" data-arachni-id="-535118315"><img ng-src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png" class="img-rounded" src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/labs.bromium.com" class="ng-binding" href="#/all/filter/labs.bromium.com" data-arachni-id="5534590">labs.bromium.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/"><div class="detailsboxTitle ng-binding">An interesting detail about Control Flow Guard | Bromium Labs</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/ABazhaniuk" target="_blank" class="ng-binding" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1031551260">@ABazhaniuk</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/matrosov" target="_blank" class="ng-binding" href="http://twitter.com/matrosov" data-arachni-id="598024477">@matrosov</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/ABazhaniuk" target="_blank" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1743479005"><b class="ng-binding">@ABazhaniuk</b></a><br>
RT @ClausHoumann: An interesting detail about Control Flow Guard http://t.co/XIuaRMABnH <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" target="_blank" href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" data-arachni-id="351646421"><img ng-src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png" class="img-rounded" src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/securityaffairs.co" class="ng-binding" href="#/all/filter/securityaffairs.co" data-arachni-id="2114659152">securityaffairs.co</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=7906144d5b0e85adfdf752593fdc3da6" href="/like?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=7906144d5b0e85adfdf752593fdc3da6" href="/report?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html"><div class="detailsboxTitle ng-binding">Are you still using TrueCrypt? Beware of these 2 critical flaws!Security Affairs</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/stamparm" target="_blank" class="ng-binding" href="http://twitter.com/stamparm" data-arachni-id="1599093753">@stamparm</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/seecurity" target="_blank" href="http://twitter.com/seecurity" data-arachni-id="1187679520"><b class="ng-binding">@seecurity</b></a><br>
RT @HenkvanRoest: "Are you still using TrueCrypt? Beware of these 2 critical flaws!" http://t.co/gWMlyvog24 #security #feedly <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" target="_blank" href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" data-arachni-id="-1241260543"><img ng-src="/static/scr/default.png" class="img-rounded" src="/static/scr/default.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/blog.cobaltstrike.com" class="ng-binding" href="#/all/filter/blog.cobaltstrike.com" data-arachni-id="-1467443516">blog.cobaltstrike.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/"><div class="detailsboxTitle ng-binding">untitled</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/vegoshin" target="_blank" class="ng-binding" href="http://twitter.com/vegoshin" data-arachni-id="-2016345391">@vegoshin</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/roo7break" target="_blank" class="ng-binding" href="http://twitter.com/roo7break" data-arachni-id="1992343354">@roo7break</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/vegoshin" target="_blank" href="http://twitter.com/vegoshin" data-arachni-id="1858812048"><b class="ng-binding">@vegoshin</b></a><br>
Advanced Threat Tactics – Course and Notes http://t.co/zx2C8gN6LT <br><br>
</div>
</div>
</div>
</div>
<ul class="pager ng-scope">
<li><a ng-href="#/popular/page/-1" ng-show="page>0" href="#/popular/page/-1" style="display: none; ">Previous</a></li>
<li><a ng-href="#/popular/page/1" ng-show="filter==''" href="#/popular/page/1" data-arachni-id="2424595">Next</a></li>
</ul></div></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>1</b> times.</div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/"></div>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/&" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body></html>
http://testhtml5.vulnweb.com/
get
GET http://testhtml5.vulnweb.com/ HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/#/popular
page
load
http://testhtml5.vulnweb.com/
request
http://bxss.s3.amazonaws.com/ad.js
request
http://testhtml5.vulnweb.com/ajax/popular?offset=0
request
<some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/>
true
Cross-Site Scripting (XSS)
Client-side scripts are used extensively by modern web applications.
They perform from simple functions (such as the formatting of text) up to full
manipulation of client-side data and Operating System interaction.
Cross Site Scripting (XSS) allows clients to inject scripts into a request and
have the server return the script to the client in the response. This occurs
because the application is taking untrusted data (in this example, from the client)
and reusing it without performing any validation or sanitisation.
If the injected script is returned immediately this is known as reflected XSS.
If the injected script is stored by the server and returned to any client visiting
the affected page, then this is known as persistent XSS (also stored XSS).
Arachni has discovered that it is possible to insert script content directly into
HTML element content.
To remedy XSS vulnerabilities, it is important to never use untrusted or unfiltered
data within the code of a HTML page.
Untrusted data can originate not only form the client but potentially a third
party or previously uploaded file etc.
Filtering of untrusted data typically involves converting special characters to
their HTML entity encoded counterparts (however, other methods do exist, see references).
These special characters include:
* `&`
* `<`
* `>`
* `"`
* `'`
* `/`
An example of HTML entity encoding is converting `<` to `<`.
Although it is possible to filter untrusted input, there are five locations
within an HTML page where untrusted input (even if it has been filtered) should
never be placed:
1. Directly in a script.
2. Inside an HTML comment.
3. In an attribute name.
4. In a tag name.
5. Directly in CSS.
Each of these locations have their own form of escaping and filtering.
_Because many browsers attempt to implement XSS protection, any manual verification
of this finding should be conducted using multiple different browsers and browser
versions._
high
XSS
Injects an HTML element into page inputs and then parses the HTML markup of
tainted responses to look for proof of vulnerability.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.4.4
xss
79
2500734820
Arachni::Element::Link
link
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/comment
</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea>
get
id
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">-->
<link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
HTML5 test website for Acunetix Web Vulnerability Scanner.
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Action</li>
<li class="active"><a href="#/response">Response</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
Sorry, but commenting is currently disabled! <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> -->
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<footer>
<p>© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<script src="/static/app/app.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/comment
get
GET /comment?id=24e47eb911c4d9526f32bf4f7db3e47b%3C%2Ftextarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4%2F%3E%3C%21--%3Ctextarea%3E HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/comment?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">-->
<link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
HTML5 test website for Acunetix Web Vulnerability Scanner.
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Action</li>
<li class="active"><a href="#/response">Response</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
Sorry, but commenting is currently disabled! <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> -->
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<footer>
<p>© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<script src="/static/app/app.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:37:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
http://testhtml5.vulnweb.com/comment?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="1732833613"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
<style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li>
<li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li>
<li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li>
<li><a href="#/archive" data-arachni-id="916551842">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about" data-arachni-id="63058797">About</a></li>
<li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view=""><div id="loader" class="ng-scope" style="display: none; ">
Loading ...
<i class="icon-spinner icon-spin icon-2x pull-left"></i>
</div>
<div data-ng-include="'/static/app/partials/itemsList.html'" class="ng-scope"><div class="row-fluid ng-scope">
<div class="pull-left">
<input type="text" placeholder="Filter results" ng-model="searchText" class="ng-pristine ng-valid" data-arachni-id="0">
</div>
<div class="pull-right">
<div ng-show="filter==''">Page
<span ng-bind-html-unsafe="pageStr" style="font-weight: bold;" class="ng-binding">0</span>
</div>
</div>
<div class="pull-right">
<div ng-show="filter!=''" style="display: none; ">Filtering for host <b class="ng-binding"></b></div>
</div>
</div>
<!-- ngRepeat: item in items | filter:filter | filter:searchText --><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://javahacker.com/the-first-javascript-misdirection-contest/" target="_blank" href="http://javahacker.com/the-first-javascript-misdirection-contest/" data-arachni-id="638179893"><img ng-src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png" class="img-rounded" src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/javahacker.com" class="ng-binding" href="#/all/filter/javahacker.com" data-arachni-id="1120821955">javahacker.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">4</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/irsdl" target="_blank" class="ng-binding" href="http://twitter.com/irsdl" data-arachni-id="1932745266">@irsdl</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/WisecWisec" target="_blank" class="ng-binding" href="http://twitter.com/WisecWisec" data-arachni-id="1159424928">@WisecWisec</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/adam_baldwin" target="_blank" class="ng-binding" href="http://twitter.com/adam_baldwin" data-arachni-id="-575155691">@adam_baldwin</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/irsdl" target="_blank" href="http://twitter.com/irsdl" data-arachni-id="-1386142063"><b class="ng-binding">@irsdl</b></a><br>
RT @peterjaric: The winner of the JavaScript Misdirection Contest:
@aymericbeaumet!
Check out all entries at http://t.co/r38tRSqfo3 http:/… <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" target="_blank" href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" data-arachni-id="-482669131"><img ng-src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png" class="img-rounded" src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/www.wired.com" class="ng-binding" href="#/all/filter/www.wired.com" data-arachni-id="1436533755">www.wired.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/"><div class="detailsboxTitle ng-binding">This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/titanous" target="_blank" class="ng-binding" href="http://twitter.com/titanous" data-arachni-id="-1592843519">@titanous</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/stefant" target="_blank" class="ng-binding" href="http://twitter.com/stefant" data-arachni-id="-2023154779">@stefant</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/titanous" target="_blank" href="http://twitter.com/titanous" data-arachni-id="2124267712"><b class="ng-binding">@titanous</b></a><br>
RT @csoghoian: This is excellent. http://t.co/L1YY4g87OI http://t.co/wQ5XsgFYWD <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" target="_blank" href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" data-arachni-id="-535118315"><img ng-src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png" class="img-rounded" src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/labs.bromium.com" class="ng-binding" href="#/all/filter/labs.bromium.com" data-arachni-id="5534590">labs.bromium.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/"><div class="detailsboxTitle ng-binding">An interesting detail about Control Flow Guard | Bromium Labs</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/ABazhaniuk" target="_blank" class="ng-binding" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1031551260">@ABazhaniuk</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/matrosov" target="_blank" class="ng-binding" href="http://twitter.com/matrosov" data-arachni-id="598024477">@matrosov</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/ABazhaniuk" target="_blank" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1743479005"><b class="ng-binding">@ABazhaniuk</b></a><br>
RT @ClausHoumann: An interesting detail about Control Flow Guard http://t.co/XIuaRMABnH <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" target="_blank" href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" data-arachni-id="351646421"><img ng-src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png" class="img-rounded" src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/securityaffairs.co" class="ng-binding" href="#/all/filter/securityaffairs.co" data-arachni-id="2114659152">securityaffairs.co</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=7906144d5b0e85adfdf752593fdc3da6" href="/like?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=7906144d5b0e85adfdf752593fdc3da6" href="/report?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html"><div class="detailsboxTitle ng-binding">Are you still using TrueCrypt? Beware of these 2 critical flaws!Security Affairs</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/stamparm" target="_blank" class="ng-binding" href="http://twitter.com/stamparm" data-arachni-id="1599093753">@stamparm</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/seecurity" target="_blank" href="http://twitter.com/seecurity" data-arachni-id="1187679520"><b class="ng-binding">@seecurity</b></a><br>
RT @HenkvanRoest: "Are you still using TrueCrypt? Beware of these 2 critical flaws!" http://t.co/gWMlyvog24 #security #feedly <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" target="_blank" href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" data-arachni-id="-1241260543"><img ng-src="/static/scr/default.png" class="img-rounded" src="/static/scr/default.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/blog.cobaltstrike.com" class="ng-binding" href="#/all/filter/blog.cobaltstrike.com" data-arachni-id="-1467443516">blog.cobaltstrike.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/"><div class="detailsboxTitle ng-binding">untitled</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/vegoshin" target="_blank" class="ng-binding" href="http://twitter.com/vegoshin" data-arachni-id="-2016345391">@vegoshin</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/roo7break" target="_blank" class="ng-binding" href="http://twitter.com/roo7break" data-arachni-id="1992343354">@roo7break</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/vegoshin" target="_blank" href="http://twitter.com/vegoshin" data-arachni-id="1858812048"><b class="ng-binding">@vegoshin</b></a><br>
Advanced Threat Tactics – Course and Notes http://t.co/zx2C8gN6LT <br><br>
</div>
</div>
</div>
</div>
<ul class="pager ng-scope">
<li><a ng-href="#/popular/page/-1" ng-show="page>0" href="#/popular/page/-1" style="display: none; ">Previous</a></li>
<li><a ng-href="#/popular/page/1" ng-show="filter==''" href="#/popular/page/1" data-arachni-id="2424595">Next</a></li>
</ul></div></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>1</b> times.</div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/"></div>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/&" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body></html>
http://testhtml5.vulnweb.com/
get
GET http://testhtml5.vulnweb.com/ HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/#/popular
page
load
http://testhtml5.vulnweb.com/
request
http://bxss.s3.amazonaws.com/ad.js
request
http://testhtml5.vulnweb.com/ajax/popular?offset=0
request
<some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/>
true
Cross-Site Scripting (XSS)
Client-side scripts are used extensively by modern web applications.
They perform from simple functions (such as the formatting of text) up to full
manipulation of client-side data and Operating System interaction.
Cross Site Scripting (XSS) allows clients to inject scripts into a request and
have the server return the script to the client in the response. This occurs
because the application is taking untrusted data (in this example, from the client)
and reusing it without performing any validation or sanitisation.
If the injected script is returned immediately this is known as reflected XSS.
If the injected script is stored by the server and returned to any client visiting
the affected page, then this is known as persistent XSS (also stored XSS).
Arachni has discovered that it is possible to insert script content directly into
HTML element content.
To remedy XSS vulnerabilities, it is important to never use untrusted or unfiltered
data within the code of a HTML page.
Untrusted data can originate not only form the client but potentially a third
party or previously uploaded file etc.
Filtering of untrusted data typically involves converting special characters to
their HTML entity encoded counterparts (however, other methods do exist, see references).
These special characters include:
* `&`
* `<`
* `>`
* `"`
* `'`
* `/`
An example of HTML entity encoding is converting `<` to `<`.
Although it is possible to filter untrusted input, there are five locations
within an HTML page where untrusted input (even if it has been filtered) should
never be placed:
1. Directly in a script.
2. Inside an HTML comment.
3. In an attribute name.
4. In a tag name.
5. Directly in CSS.
Each of these locations have their own form of escaping and filtering.
_Because many browsers attempt to implement XSS protection, any manual verification
of this finding should be conducted using multiple different browsers and browser
versions._
high
XSS
Injects an HTML element into page inputs and then parses the HTML markup of
tainted responses to look for proof of vulnerability.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.4.4
xss
79
1008740572
Arachni::Element::Link
link
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/like
</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea>
get
id
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">-->
<link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
HTML5 test website for Acunetix Web Vulnerability Scanner.
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Action</li>
<li class="active"><a href="#/response">Response</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
Thank you very much for your feedback! <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> -->
<link src='http://localhost/link'>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<footer>
<p>© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<script src="/static/app/app.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/like
get
GET /like?id=24e47eb911c4d9526f32bf4f7db3e47b%3C%2Ftextarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4%2F%3E%3C%21--%3Ctextarea%3E HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/like?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">-->
<link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
HTML5 test website for Acunetix Web Vulnerability Scanner.
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Action</li>
<li class="active"><a href="#/response">Response</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
Thank you very much for your feedback! <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> -->
<link src='http://localhost/link'>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<footer>
<p>© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<script src="/static/app/app.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:37:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
http://testhtml5.vulnweb.com/like?id=24e47eb911c4d9526f32bf4f7db3e47b%3C/textarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/%3E%3C!--%3Ctextarea%3E
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="1732833613"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
<style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li>
<li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li>
<li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li>
<li><a href="#/archive" data-arachni-id="916551842">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about" data-arachni-id="63058797">About</a></li>
<li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view=""><div id="loader" class="ng-scope" style="display: none; ">
Loading ...
<i class="icon-spinner icon-spin icon-2x pull-left"></i>
</div>
<div data-ng-include="'/static/app/partials/itemsList.html'" class="ng-scope"><div class="row-fluid ng-scope">
<div class="pull-left">
<input type="text" placeholder="Filter results" ng-model="searchText" class="ng-pristine ng-valid" data-arachni-id="0">
</div>
<div class="pull-right">
<div ng-show="filter==''">Page
<span ng-bind-html-unsafe="pageStr" style="font-weight: bold;" class="ng-binding">0</span>
</div>
</div>
<div class="pull-right">
<div ng-show="filter!=''" style="display: none; ">Filtering for host <b class="ng-binding"></b></div>
</div>
</div>
<!-- ngRepeat: item in items | filter:filter | filter:searchText --><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://javahacker.com/the-first-javascript-misdirection-contest/" target="_blank" href="http://javahacker.com/the-first-javascript-misdirection-contest/" data-arachni-id="638179893"><img ng-src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png" class="img-rounded" src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/javahacker.com" class="ng-binding" href="#/all/filter/javahacker.com" data-arachni-id="1120821955">javahacker.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">4</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/irsdl" target="_blank" class="ng-binding" href="http://twitter.com/irsdl" data-arachni-id="1932745266">@irsdl</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/WisecWisec" target="_blank" class="ng-binding" href="http://twitter.com/WisecWisec" data-arachni-id="1159424928">@WisecWisec</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/adam_baldwin" target="_blank" class="ng-binding" href="http://twitter.com/adam_baldwin" data-arachni-id="-575155691">@adam_baldwin</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/irsdl" target="_blank" href="http://twitter.com/irsdl" data-arachni-id="-1386142063"><b class="ng-binding">@irsdl</b></a><br>
RT @peterjaric: The winner of the JavaScript Misdirection Contest:
@aymericbeaumet!
Check out all entries at http://t.co/r38tRSqfo3 http:/… <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" target="_blank" href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" data-arachni-id="-482669131"><img ng-src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png" class="img-rounded" src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/www.wired.com" class="ng-binding" href="#/all/filter/www.wired.com" data-arachni-id="1436533755">www.wired.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/"><div class="detailsboxTitle ng-binding">This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/titanous" target="_blank" class="ng-binding" href="http://twitter.com/titanous" data-arachni-id="-1592843519">@titanous</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/stefant" target="_blank" class="ng-binding" href="http://twitter.com/stefant" data-arachni-id="-2023154779">@stefant</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/titanous" target="_blank" href="http://twitter.com/titanous" data-arachni-id="2124267712"><b class="ng-binding">@titanous</b></a><br>
RT @csoghoian: This is excellent. http://t.co/L1YY4g87OI http://t.co/wQ5XsgFYWD <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" target="_blank" href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" data-arachni-id="-535118315"><img ng-src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png" class="img-rounded" src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/labs.bromium.com" class="ng-binding" href="#/all/filter/labs.bromium.com" data-arachni-id="5534590">labs.bromium.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/"><div class="detailsboxTitle ng-binding">An interesting detail about Control Flow Guard | Bromium Labs</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/ABazhaniuk" target="_blank" class="ng-binding" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1031551260">@ABazhaniuk</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/matrosov" target="_blank" class="ng-binding" href="http://twitter.com/matrosov" data-arachni-id="598024477">@matrosov</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/ABazhaniuk" target="_blank" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1743479005"><b class="ng-binding">@ABazhaniuk</b></a><br>
RT @ClausHoumann: An interesting detail about Control Flow Guard http://t.co/XIuaRMABnH <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" target="_blank" href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" data-arachni-id="351646421"><img ng-src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png" class="img-rounded" src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/securityaffairs.co" class="ng-binding" href="#/all/filter/securityaffairs.co" data-arachni-id="2114659152">securityaffairs.co</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=7906144d5b0e85adfdf752593fdc3da6" href="/like?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=7906144d5b0e85adfdf752593fdc3da6" href="/report?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html"><div class="detailsboxTitle ng-binding">Are you still using TrueCrypt? Beware of these 2 critical flaws!Security Affairs</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/stamparm" target="_blank" class="ng-binding" href="http://twitter.com/stamparm" data-arachni-id="1599093753">@stamparm</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/seecurity" target="_blank" href="http://twitter.com/seecurity" data-arachni-id="1187679520"><b class="ng-binding">@seecurity</b></a><br>
RT @HenkvanRoest: "Are you still using TrueCrypt? Beware of these 2 critical flaws!" http://t.co/gWMlyvog24 #security #feedly <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" target="_blank" href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" data-arachni-id="-1241260543"><img ng-src="/static/scr/default.png" class="img-rounded" src="/static/scr/default.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/blog.cobaltstrike.com" class="ng-binding" href="#/all/filter/blog.cobaltstrike.com" data-arachni-id="-1467443516">blog.cobaltstrike.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/"><div class="detailsboxTitle ng-binding">untitled</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/vegoshin" target="_blank" class="ng-binding" href="http://twitter.com/vegoshin" data-arachni-id="-2016345391">@vegoshin</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/roo7break" target="_blank" class="ng-binding" href="http://twitter.com/roo7break" data-arachni-id="1992343354">@roo7break</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/vegoshin" target="_blank" href="http://twitter.com/vegoshin" data-arachni-id="1858812048"><b class="ng-binding">@vegoshin</b></a><br>
Advanced Threat Tactics – Course and Notes http://t.co/zx2C8gN6LT <br><br>
</div>
</div>
</div>
</div>
<ul class="pager ng-scope">
<li><a ng-href="#/popular/page/-1" ng-show="page>0" href="#/popular/page/-1" style="display: none; ">Previous</a></li>
<li><a ng-href="#/popular/page/1" ng-show="filter==''" href="#/popular/page/1" data-arachni-id="2424595">Next</a></li>
</ul></div></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>1</b> times.</div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/"></div>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/&" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body></html>
http://testhtml5.vulnweb.com/
get
GET http://testhtml5.vulnweb.com/ HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/#/popular
page
load
http://testhtml5.vulnweb.com/
request
http://bxss.s3.amazonaws.com/ad.js
request
http://testhtml5.vulnweb.com/ajax/popular?offset=0
request
<some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/>
true
DOM-based Cross-Site Scripting (XSS) in script context
Client-side scripts are used extensively by modern web applications.
They perform from simple functions (such as the formatting of text) up to full
manipulation of client-side data and Operating System interaction.
Unlike traditional Cross-Site Scripting (XSS), where the client is able to inject
scripts into a request and have the server return the script to the client, DOM
XSS does not require that a request be sent to the server and may be abused entirely
within the loaded page.
This occurs when elements of the DOM (known as the sources) are able to be
manipulated to contain untrusted data, which the client-side scripts (known as the
sinks) use or execute an unsafe way.
Arachni has discovered that by modifying the affected DOM source, it is possible
to insert and execute JavaScript code.
Client-side document rewriting, redirection, or other sensitive action, using
untrusted data, should be avoided wherever possible, as these may not be inspected
by server side filtering.
To remedy DOM XSS vulnerabilities where these sensitive document actions must be
used, it is essential to:
1. Ensure any untrusted data is treated as text, as opposed to being interpreted
as code or mark-up within the page.
2. Escape untrusted data prior to being used within the page. Escaping methods
will vary depending on where the untrusted data is being used.
(See references for details.)
3. Use `document.createElement`, `element.setAttribute`, `element.appendChild`,
etc. to build dynamic interfaces as opposed to HTML rendering methods such as
`document.write`, `document.writeIn`, `element.innerHTML`, or `element.outerHTML `etc.
high
DOM XSS in script context
Injects JS taint code and checks to see if it gets executed as proof of vulnerability.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.1.1
xss_dom_script_context
79
2801300685
Arachni::Element::Link::DOM
link_dom
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/
javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//
get
url
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="-1688061881"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize(["window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
<style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li>
<li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li>
<li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li>
<li><a href="#/archive" data-arachni-id="916551842">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about" data-arachni-id="63058797">About</a></li>
<li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view=""><script src="http://javascript.browser.arachni/taint_tracer.js" class="ng-scope"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js" class="ng-scope"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script class="ng-scope">
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<title class="ng-scope">Loading ...</title>
<script class="ng-scope">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
var redirUrl = decodeURIComponent(window.location.hash.slice(window.location.hash.indexOf("?url=")+5));
if (redirUrl) window.location = redirUrl;
</script>
<script type="text/javascript" class="ng-scope">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>12</b> times.</div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"></div>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//&" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body></html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize(["window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:37:17 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()%2F%2F
page
load
http://testhtml5.vulnweb.com/
request
http://bxss.s3.amazonaws.com/ad.js
request
http://testhtml5.vulnweb.com/ajax/popular?offset=0
request
page
load
0
<div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"></div>
window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()
write
"<div class=\"fb-comments\" data-num-posts=\"4\" data-width=\"470\" data-href=\"http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//\"></div>"
122
http://testhtml5.vulnweb.com/static/app/post.js
0
<iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//&" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()
write
"<iframe name=\"ads_ads_frame\" src=\"http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//&\" marginwidth=\"0\" marginheight=\"0\" vspace=\"0\" hspace=\"0\" allowtransparency=\"true\" frameborder=\"0\" height=\"1\" scrolling=\"no\" width=\"1\" style=\"background-color:#FFFFFF;\"></iframe>"
33
http://bxss.s3.amazonaws.com/ad.js
34
http://bxss.s3.amazonaws.com/ad.js
0
javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//
window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()
decodeURIComponent
"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"
"url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"
0
"[object Array]"
16
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
0
javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//
window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()
encodeURIComponent
"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"
Xa
"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"
true
17
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"
"url"
17
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
n
"[object Object]"
"function (b, d) {a.push(Xa(d,!0)+(b===!0?\"\":\"=\"+Xa(b,!0)));}"
10
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
qb
"[object Object]"
17
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
61
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
"http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"
61
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
Ha
"http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"
""
"http://testhtml5.vulnweb.com/#/"
61
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
"[object Object]"
"[object Object]"
"[object Object]"
"[object Object]"
63
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
d
"function (c, d, e, g) {function h(a){c.$broadcast(\"$locationChangeSuccess\",f.absUrl(),a)}var f,j,i,k=d.url(),m=wa(k);a?(j=d.baseHref()||\"/\",i=j.substr(0,j.lastIndexOf(\"/\")),m=la(m.protocol,m.host,m.port)+i+\"/\",\nf=e.history?new ib(Fc(k,j,b),i,m):new Jb(Gc(k,j,b),b,m,j.substr(i.length+1))):(m=la(m.protocol,m.host,m.port)+(m.path||\"\")+(m.search?\"?\"+m.search:\"\")+\"#\"+b+\"/\",f=new Ha(k,b,m));g.bind(\"click\",function(a){if(!a.ctrlKey&&!(a.metaKey||a.which==2)){for(var b=u(a.target);A(b[0].nodeName)!==\"a\";)if(b[0]===g[0]||!(b=b.parent())[0])return;var d=b.prop(\"href\"),e=f.$$rewriteAppUrl(d);d&&!b.attr(\"target\")&&e&&(f.$$parse(e),c.$apply(),a.preventDefault(),N.angular[\"ff-684208-preventDefault\"]=!0)}});f.absUrl()!=\nk&&d.url(f.absUrl(),!0);d.onUrlChange(function(a){f.absUrl()!=a&&(c.$evalAsync(function(){var b=f.absUrl();f.$$parse(a);h(b)}),c.$$phase||c.$digest())});var l=0;c.$watch(function(){var a=d.url(),b=f.$$replace;if(!l||a!=f.absUrl())l++,c.$evalAsync(function(){c.$broadcast(\"$locationChangeStart\",f.absUrl(),a).defaultPrevented?f.$$parse(a):(d.url(f.absUrl(),b),h(a))});f.$$replace=!1;return l});return f;}"
"[object Object]"
31
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
"[object Object]"
32
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
c
"$location"
29
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
d
"function (c, d, e, g) {function h(a){c.$broadcast(\"$locationChangeSuccess\",f.absUrl(),a)}var f,j,i,k=d.url(),m=wa(k);a?(j=d.baseHref()||\"/\",i=j.substr(0,j.lastIndexOf(\"/\")),m=la(m.protocol,m.host,m.port)+i+\"/\",\nf=e.history?new ib(Fc(k,j,b),i,m):new Jb(Gc(k,j,b),b,m,j.substr(i.length+1))):(m=la(m.protocol,m.host,m.port)+(m.path||\"\")+(m.search?\"?\"+m.search:\"\")+\"#\"+b+\"/\",f=new Ha(k,b,m));g.bind(\"click\",function(a){if(!a.ctrlKey&&!(a.metaKey||a.which==2)){for(var b=u(a.target);A(b[0].nodeName)!==\"a\";)if(b[0]===g[0]||!(b=b.parent())[0])return;var d=b.prop(\"href\"),e=f.$$rewriteAppUrl(d);d&&!b.attr(\"target\")&&e&&(f.$$parse(e),c.$apply(),a.preventDefault(),N.angular[\"ff-684208-preventDefault\"]=!0)}});f.absUrl()!=\nk&&d.url(f.absUrl(),!0);d.onUrlChange(function(a){f.absUrl()!=a&&(c.$evalAsync(function(){var b=f.absUrl();f.$$parse(a);h(b)}),c.$$phase||c.$digest())});var l=0;c.$watch(function(){var a=d.url(),b=f.$$replace;if(!l||a!=f.absUrl())l++,c.$evalAsync(function(){c.$broadcast(\"$locationChangeStart\",f.absUrl(),a).defaultPrevented?f.$$parse(a):(d.url(f.absUrl(),b),h(a))});f.$$replace=!1;return l});return f;}"
"[object Object]"
30
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
"[object Object]"
32
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
c
"$location"
29
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
d
"function (c, d, e, g) {function h(a){c.$broadcast(\"$locationChangeSuccess\",f.absUrl(),a)}var f,j,i,k=d.url(),m=wa(k);a?(j=d.baseHref()||\"/\",i=j.substr(0,j.lastIndexOf(\"/\")),m=la(m.protocol,m.host,m.port)+i+\"/\",\nf=e.history?new ib(Fc(k,j,b),i,m):new Jb(Gc(k,j,b),b,m,j.substr(i.length+1))):(m=la(m.protocol,m.host,m.port)+(m.path||\"\")+(m.search?\"?\"+m.search:\"\")+\"#\"+b+\"/\",f=new Ha(k,b,m));g.bind(\"click\",function(a){if(!a.ctrlKey&&!(a.metaKey||a.which==2)){for(var b=u(a.target);A(b[0].nodeName)!==\"a\";)if(b[0]===g[0]||!(b=b.parent())[0])return;var d=b.prop(\"href\"),e=f.$$rewriteAppUrl(d);d&&!b.attr(\"target\")&&e&&(f.$$parse(e),c.$apply(),a.preventDefault(),N.angular[\"ff-684208-preventDefault\"]=!0)}});f.absUrl()!=\nk&&d.url(f.absUrl(),!0);d.onUrlChange(function(a){f.absUrl()!=a&&(c.$evalAsync(function(){var b=f.absUrl();f.$$parse(a);h(b)}),c.$$phase||c.$digest())});var l=0;c.$watch(function(){var a=d.url(),b=f.$$replace;if(!l||a!=f.absUrl())l++,c.$evalAsync(function(){c.$broadcast(\"$locationChangeStart\",f.absUrl(),a).defaultPrevented?f.$$parse(a):(d.url(f.absUrl(),b),h(a))});f.$$replace=!1;return l});return f;}"
"[object Object]"
30
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
"[object Object]"
39
https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js
0
javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()%2F%2F
window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()
decodeURIComponent
"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()%2F%2F"
7
0
http://testhtml5.vulnweb.com/#/redir?url=javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()%2F%2F
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="1732833613"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
<style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li>
<li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li>
<li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li>
<li><a href="#/archive" data-arachni-id="916551842">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about" data-arachni-id="63058797">About</a></li>
<li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view=""><div id="loader" class="ng-scope" style="display: none; ">
Loading ...
<i class="icon-spinner icon-spin icon-2x pull-left"></i>
</div>
<div data-ng-include="'/static/app/partials/itemsList.html'" class="ng-scope"><div class="row-fluid ng-scope">
<div class="pull-left">
<input type="text" placeholder="Filter results" ng-model="searchText" class="ng-pristine ng-valid" data-arachni-id="0">
</div>
<div class="pull-right">
<div ng-show="filter==''">Page
<span ng-bind-html-unsafe="pageStr" style="font-weight: bold;" class="ng-binding">0</span>
</div>
</div>
<div class="pull-right">
<div ng-show="filter!=''" style="display: none; ">Filtering for host <b class="ng-binding"></b></div>
</div>
</div>
<!-- ngRepeat: item in items | filter:filter | filter:searchText --><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://javahacker.com/the-first-javascript-misdirection-contest/" target="_blank" href="http://javahacker.com/the-first-javascript-misdirection-contest/" data-arachni-id="638179893"><img ng-src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png" class="img-rounded" src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/javahacker.com" class="ng-binding" href="#/all/filter/javahacker.com" data-arachni-id="1120821955">javahacker.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">4</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/irsdl" target="_blank" class="ng-binding" href="http://twitter.com/irsdl" data-arachni-id="1932745266">@irsdl</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/WisecWisec" target="_blank" class="ng-binding" href="http://twitter.com/WisecWisec" data-arachni-id="1159424928">@WisecWisec</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/adam_baldwin" target="_blank" class="ng-binding" href="http://twitter.com/adam_baldwin" data-arachni-id="-575155691">@adam_baldwin</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/irsdl" target="_blank" href="http://twitter.com/irsdl" data-arachni-id="-1386142063"><b class="ng-binding">@irsdl</b></a><br>
RT @peterjaric: The winner of the JavaScript Misdirection Contest:
@aymericbeaumet!
Check out all entries at http://t.co/r38tRSqfo3 http:/… <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" target="_blank" href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" data-arachni-id="-482669131"><img ng-src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png" class="img-rounded" src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/www.wired.com" class="ng-binding" href="#/all/filter/www.wired.com" data-arachni-id="1436533755">www.wired.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/"><div class="detailsboxTitle ng-binding">This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/titanous" target="_blank" class="ng-binding" href="http://twitter.com/titanous" data-arachni-id="-1592843519">@titanous</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/stefant" target="_blank" class="ng-binding" href="http://twitter.com/stefant" data-arachni-id="-2023154779">@stefant</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/titanous" target="_blank" href="http://twitter.com/titanous" data-arachni-id="2124267712"><b class="ng-binding">@titanous</b></a><br>
RT @csoghoian: This is excellent. http://t.co/L1YY4g87OI http://t.co/wQ5XsgFYWD <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" target="_blank" href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" data-arachni-id="-535118315"><img ng-src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png" class="img-rounded" src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/labs.bromium.com" class="ng-binding" href="#/all/filter/labs.bromium.com" data-arachni-id="5534590">labs.bromium.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/"><div class="detailsboxTitle ng-binding">An interesting detail about Control Flow Guard | Bromium Labs</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/ABazhaniuk" target="_blank" class="ng-binding" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1031551260">@ABazhaniuk</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/matrosov" target="_blank" class="ng-binding" href="http://twitter.com/matrosov" data-arachni-id="598024477">@matrosov</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/ABazhaniuk" target="_blank" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1743479005"><b class="ng-binding">@ABazhaniuk</b></a><br>
RT @ClausHoumann: An interesting detail about Control Flow Guard http://t.co/XIuaRMABnH <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" target="_blank" href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" data-arachni-id="351646421"><img ng-src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png" class="img-rounded" src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/securityaffairs.co" class="ng-binding" href="#/all/filter/securityaffairs.co" data-arachni-id="2114659152">securityaffairs.co</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=7906144d5b0e85adfdf752593fdc3da6" href="/like?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=7906144d5b0e85adfdf752593fdc3da6" href="/report?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html"><div class="detailsboxTitle ng-binding">Are you still using TrueCrypt? Beware of these 2 critical flaws!Security Affairs</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/stamparm" target="_blank" class="ng-binding" href="http://twitter.com/stamparm" data-arachni-id="1599093753">@stamparm</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/seecurity" target="_blank" href="http://twitter.com/seecurity" data-arachni-id="1187679520"><b class="ng-binding">@seecurity</b></a><br>
RT @HenkvanRoest: "Are you still using TrueCrypt? Beware of these 2 critical flaws!" http://t.co/gWMlyvog24 #security #feedly <br><br>
</div>
</div>
</div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
<div class="well well-small shadow" style="overflow: hidden;">
<div class="span7"><a ng-href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" target="_blank" href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" data-arachni-id="-1241260543"><img ng-src="/static/scr/default.png" class="img-rounded" src="/static/scr/default.png"></a></div>
<div class="span5 well well-small detailsbox">
<div class="row-fluid">
<div class="rating">
</div>
</div>
<div class="row-fluid">
<div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/blog.cobaltstrike.com" class="ng-binding" href="#/all/filter/blog.cobaltstrike.com" data-arachni-id="-1467443516">blog.cobaltstrike.com</a></div>
<div class="muted pull-right" style="padding-bottom: 10px;">
<a class="btn btn-mini" ng-href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
<a class="btn btn-mini" ng-href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
<a class="btn btn-mini" ng-href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
</div>
</div>
<a ng-href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/"><div class="detailsboxTitle ng-binding">untitled</div></a>
<hr>
<div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
<div class=""><b class="ng-binding">2</b> tweets from
<!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/vegoshin" target="_blank" class="ng-binding" href="http://twitter.com/vegoshin" data-arachni-id="-2016345391">@vegoshin</a>
</span><span ng-repeat="user in item.value.users" class="ng-scope">
<a ng-href="http://twitter.com/roo7break" target="_blank" class="ng-binding" href="http://twitter.com/roo7break" data-arachni-id="1992343354">@roo7break</a>
</span>
</div>
</div>
<div class="ng-binding">
<a ng-href="http://twitter.com/vegoshin" target="_blank" href="http://twitter.com/vegoshin" data-arachni-id="1858812048"><b class="ng-binding">@vegoshin</b></a><br>
Advanced Threat Tactics – Course and Notes http://t.co/zx2C8gN6LT <br><br>
</div>
</div>
</div>
</div>
<ul class="pager ng-scope">
<li><a ng-href="#/popular/page/-1" ng-show="page>0" href="#/popular/page/-1" style="display: none; ">Previous</a></li>
<li><a ng-href="#/popular/page/1" ng-show="filter==''" href="#/popular/page/1" data-arachni-id="2424595">Next</a></li>
</ul></div></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>1</b> times.</div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/"></div>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&ad_client=723898932&u_h=768&u_w=1024&pn=&ref=&url=http://testhtml5.vulnweb.com/&" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body></html>
http://testhtml5.vulnweb.com/
get
GET http://testhtml5.vulnweb.com/ HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;
/* arachni_js_namespace_code_start */ /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<!-- App libs -->
<script src="/static/app/app.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/libs/sessvars.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/post.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/controllers/controllers.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="/static/app/services/itemsService.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://bxss.s3.amazonaws.com/ad.js">
// Injected by Arachni::Browser::Javascript
_arachni_js_namespaceTaintTracer.update_tracers();
_arachni_js_namespaceDOMMonitor.update_trackers();
</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/#/popular
page
load
http://testhtml5.vulnweb.com/
request
http://bxss.s3.amazonaws.com/ad.js
request
http://testhtml5.vulnweb.com/ajax/popular?offset=0
request
true
Common directory
Web applications are often made up of multiple files and directories.
It is possible that over time some directories may become unreferenced (unused)
by the web application and forgotten about by the administrator/developer.
Because web applications are built using common frameworks, they contain common
directories that can be discovered (independent of server).
During the initial recon stages of an attack, cyber-criminals will attempt to
locate unreferenced directories in the hope that the directory will assist in further
compromise of the web application.
To achieve this they will make thousands of requests using word lists containing
common names.
The response headers from the server will then indicate if the directory exists.
Arachni also contains a list of common directory names which it will attempt to access.
If directories are unreferenced then they should be removed from the web root
and/or the application directory.
Preventing access without authentication may also be an option and can stop a
client from being able to view the contents of a file, however it is still likely
that the directory structure will be able to be discovered.
Using obscure directory names is implementing security through obscurity and is
not a recommended option.
medium
Common directories
Tries to find common directories on the server.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.2.3
common_directories
538
210636003
Arachni::Element::Server
server
http://testhtml5.vulnweb.com/samples/
http://testhtml5.vulnweb.com/samples/
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Python samples</title>
</head>
<body>
<h3>Simple python programs:</h3>
<ul>
<li><a href="/getfile?fname=sample1.py">First sample</a></li>
<li><a href="/getfile?fname=sample1.py">Second sample</a></li>
</ul>
</body>
</html>
http://testhtml5.vulnweb.com/samples/
get
GET /samples/ HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/samples/
200
176.28.50.165
ok
No error
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Python samples</title>
</head>
<body>
<h3>Simple python programs:</h3>
<ul>
<li><a href="/getfile?fname=sample1.py">First sample</a></li>
<li><a href="/getfile?fname=sample1.py">Second sample</a></li>
</ul>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:44 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
http://testhtml5.vulnweb.com/samples/
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
HTTP/1.1 200 OK
true
Unencrypted password form
The HTTP protocol by itself is clear text, meaning that any data that is
transmitted via HTTP can be captured and the contents viewed.
To keep data private, and prevent it from being intercepted, HTTP is often
tunnelled through either Secure Sockets Layer (SSL), or Transport Layer Security
(TLS).
When either of these encryption standards are used it is referred to as HTTPS.
Cyber-criminals will often attempt to compromise credentials passed from the
client to the server using HTTP.
This can be conducted via various different Man-in-The-Middle (MiTM) attacks or
through network packet captures.
Arachni discovered that the affected page contains a `password` input, however,
the value of the field is not sent to the server utilising HTTPS. Therefore it
is possible that any submitted credential may become compromised.
The affected site should be secured utilising the latest and most secure encryption
protocols.
These include SSL version 3.0 and TLS version 1.2. While TLS 1.2 is the latest
and the most preferred protocol, not all browsers will support this encryption
method. Therefore, the more common SSL is included. Older protocols such as SSL
version 2, and weak ciphers (< 128 bit) should also be disabled.
medium
Unencrypted password forms
Looks for password inputs that don't submit data
over an encrypted channel (HTTPS).
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.2.1
unencrypted_password_forms
319
3752275821
Arachni::Element::Form
form
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/login
post
password
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
true
Insecure 'Access-Control-Allow-Origin' header
_Cross Origin Resource Sharing (CORS)_ is an HTML5 technology which gives modern
web browsers the ability to bypass restrictions implemented by the _Same Origin Policy_.
The _Same Origin Policy_ requires that both the JavaScript and the page are loaded
from the same domain in order to allow JavaScript to interact with the page. This
in turn prevents malicious JavaScript being executed when loaded from external domains.
The CORS policy allows the application to specify exceptions to the protections
implemented by the browser, and allows the developer to whitelist domains for
which external JavaScript is permitted to execute and interact with the page.
A weak CORS policy is one which whitelists all domains using a wildcard (`*`),
which will allow any externally loaded JavaScript resource to interact with the
affected page. This can severely increase the risk of attacks such as Cross Site Scripting etc.
Arachni detected that the CORS policy being set by the server was weak, and used
a wildcard value. This is evident by the `Access-Control-Allow-Origin` header being set to `*`.
It is important that weak CORS policies are not used. Policies can be hardened by
removing the wildcard and individually specifying the domains where the trusted
JavaScript resources are located. If the list of hosts for externally hosted
JavaScript resources is excessive, then a whole top level domain can be whitelisted
by using a combination of the wildcard and the domain (example: `*.arachni-scanner.com`).
low
Insecure CORS policy
Checks the host for a wildcard (`*`) `Access-Control-Allow-Origin` header.
Tasos Laskos <tasos.laskos@arachni-scanner.com>
0.1.1
insecure_cors_policy
3223695087
Arachni::Element::Server
server
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
Access-Control-Allow-Origin: *
true
Password field with auto-complete
In typical form-based web applications, it is common practice for developers to
allow `autocomplete` within the HTML form to improve the usability of the page.
With `autocomplete` enabled (default), the browser is allowed to cache previously
entered form values.
For legitimate purposes, this allows the user to quickly re-enter the same data
when completing the form multiple times.
When `autocomplete` is enabled on either/both the username and password fields,
this could allow a cyber-criminal with access to the victim's computer the ability
to have the victim's credentials automatically entered as the cyber-criminal
visits the affected page.
Arachni has discovered that the affected page contains a form containing a
password field that has not disabled `autocomplete`.
The `autocomplete` value can be configured in two different locations.
The first and most secure location is to disable the `autocomplete` attribute on
the `<form>` HTML tag. This will disable `autocomplete` for all inputs within that form.
An example of disabling `autocomplete` within the form tag is `<form autocomplete=off>`.
The second slightly less desirable option is to disable the `autocomplete` attribute
for a specific `<input>` HTML tag.
While this may be the less desired solution from a security perspective, it may
be preferred method for usability reasons, depending on size of the form.
An example of disabling the `autocomplete` attribute within a password input tag
is `<input type=password autocomplete=off>`.
low
Password field with auto-complete
Greps pages for forms which have password fields
without explicitly disabling auto-complete.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.3.1
password_autocomplete
41748423
Arachni::Element::Form
form
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/login
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
true
Missing 'X-Frame-Options' header
Clickjacking (User Interface redress attack, UI redress attack, UI redressing)
is a malicious technique of tricking a Web user into clicking on something different
from what the user perceives they are clicking on, thus potentially revealing
confidential information or taking control of their computer while clicking on
seemingly innocuous web pages.
The server didn't return an `X-Frame-Options` header which means that this website
could be at risk of a clickjacking attack.
The `X-Frame-Options` HTTP response header can be used to indicate whether or not
a browser should be allowed to render a page inside a frame or iframe. Sites can
use this to avoid clickjacking attacks, by ensuring that their content is not
embedded into other sites.
Configure your web server to include an `X-Frame-Options` header.
low
Missing X-Frame-Options header
Checks the host for a missing `X-Frame-Options` header.
Tasos Laskos <tasos.laskos@arachni-scanner.com>
0.1.1
x_frame_options
693
3951068234
Arachni::Element::Server
server
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
HTTP/1.1 200 OK
true
Interesting response
The server responded with a non 200 (OK) nor 404 (Not Found) status code.
This is a non-issue, however exotic HTTP response status codes can provide useful
insights into the behavior of the web application and assist with the penetration test.
informational
Interesting responses
Logs all non 200 (OK) server responses.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.2.1
interesting_responses
215417069
Arachni::Element::Server
server
http://testhtml5.vulnweb.com/static/css/?%3Cmy_tag_88fc8f0ec9141866cb14f3125be901b4/%3E=
http://testhtml5.vulnweb.com/static/css/?%3Cmy_tag_88fc8f0ec9141866cb14f3125be901b4/%3E=
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.4.1</center>
</body>
</html>
http://testhtml5.vulnweb.com/static/css/
get
GET /static/css/?%3Cmy_tag_88fc8f0ec9141866cb14f3125be901b4%2F%3E= HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/static/css/?%3Cmy_tag_88fc8f0ec9141866cb14f3125be901b4/%3E=
403
176.28.50.165
ok
No error
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.4.1</center>
</body>
</html>
HTTP/1.1 403 Forbidden
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:39:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
http://testhtml5.vulnweb.com/static/css/?%3Cmy_tag_88fc8f0ec9141866cb14f3125be901b4/%3E=
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
HTTP/1.1 403 Forbidden
true
Interesting response
The server responded with a non 200 (OK) nor 404 (Not Found) status code.
This is a non-issue, however exotic HTTP response status codes can provide useful
insights into the behavior of the web application and assist with the penetration test.
informational
Interesting responses
Logs all non 200 (OK) server responses.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.2.1
interesting_responses
3196565494
Arachni::Element::Server
server
http://testhtml5.vulnweb.com/contact
http://testhtml5.vulnweb.com/contact
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>405 Method Not Allowed</title>
<h1>Method Not Allowed</h1>
<p>The method GET is not allowed for the requested URL.</p>
http://testhtml5.vulnweb.com/contact
get
GET /contact HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/contact
405
176.28.50.165
ok
No error
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>405 Method Not Allowed</title>
<h1>Method Not Allowed</h1>
<p>The method GET is not allowed for the requested URL.</p>
HTTP/1.1 405 METHOD NOT ALLOWED
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:39:13 GMT
Content-Type: text/html
Content-Length: 182
Connection: keep-alive
Allow: POST, OPTIONS
http://testhtml5.vulnweb.com/contact
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
HTTP/1.1 405 METHOD NOT ALLOWED
true
Interesting response
The server responded with a non 200 (OK) nor 404 (Not Found) status code.
This is a non-issue, however exotic HTTP response status codes can provide useful
insights into the behavior of the web application and assist with the penetration test.
informational
Interesting responses
Logs all non 200 (OK) server responses.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.2.1
interesting_responses
1177367154
Arachni::Element::Server
server
http://testhtml5.vulnweb.com/login
http://testhtml5.vulnweb.com/login
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.4.1</center>
</body>
</html>
http://testhtml5.vulnweb.com/login
post
username=%2Fproc%2Fself%2Fenviron%00.&password=5543%21%25arachni_secret&loginFormSubmit=1
POST /login HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Content-Length: 89
Content-Type: application/x-www-form-urlencoded
username=%2Fproc%2Fself%2Fenviron%00.&password=5543%21%25arachni_secret&loginFormSubmit=1
http://testhtml5.vulnweb.com/login
502
176.28.50.165
ok
No error
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.4.1</center>
</body>
</html>
HTTP/1.1 502 Bad Gateway
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:51 GMT
Content-Type: text/html
Content-Length: 172
Connection: keep-alive
http://testhtml5.vulnweb.com/login
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
HTTP/1.1 502 Bad Gateway
true
Interesting response
The server responded with a non 200 (OK) nor 404 (Not Found) status code.
This is a non-issue, however exotic HTTP response status codes can provide useful
insights into the behavior of the web application and assist with the penetration test.
informational
Interesting responses
Logs all non 200 (OK) server responses.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.2.1
interesting_responses
1528656611
Arachni::Element::Server
server
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/
<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.4.1</center>
</body>
</html>
http://testhtml5.vulnweb.com/
trace
TRACE / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
405
176.28.50.165
ok
No error
<html>
<head><title>405 Not Allowed</title></head>
<body bgcolor="white">
<center><h1>405 Not Allowed</h1></center>
<hr><center>nginx/1.4.1</center>
</body>
</html>
HTTP/1.1 405 Not Allowed
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:47 GMT
Content-Type: text/html
Content-Length: 172
Connection: close
http://testhtml5.vulnweb.com/
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
HTTP/1.1 405 Not Allowed
true
Allowed HTTP methods
There are a number of HTTP methods that can be used on a webserver (`OPTIONS`,
`HEAD`, `GET`, `POST`, `PUT`, `DELETE` etc.). Each of these methods perform a
different function and each have an associated level of risk when their use is
permitted on the webserver.
A client can use the `OPTIONS` method within a request to query a server to
determine which methods are allowed.
Cyber-criminals will almost always perform this simple test as it will give a
very quick indication of any high-risk methods being permitted by the server.
Arachni discovered that several methods are supported by the server.
It is recommended that a whitelisting approach be taken to explicitly permit the
HTTP methods required by the application and block all others.
Typically the only HTTP methods required for most applications are `GET` and
`POST`. All other methods perform actions that are rarely required or perform
actions that are inherently risky.
These risky methods (such as `PUT`, `DELETE`, etc) should be protected by strict
limitations, such as ensuring that the channel is secure (SSL/TLS enabled) and
only authorised and trusted clients are permitted to use them.
informational
Allowed methods
Checks for supported HTTP methods.
Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
0.2
allowed_methods
529892463
Arachni::Element::Server
server
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/
http://testhtml5.vulnweb.com/
options
OPTIONS / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:46 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Allow: HEAD, OPTIONS, GET
http://testhtml5.vulnweb.com/
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
http://testhtml5.vulnweb.com/
get
GET / HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
http://testhtml5.vulnweb.com/
200
176.28.50.165
ok
No error
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
<meta charset="utf-8">
<title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- Le styles -->
<link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
<link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
<link href="/static/css/style.css" rel="stylesheet">
<link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">
<style type="text/css">
body {
padding-top: 60px;
padding-bottom: 40px;
}
.sidebar-nav {
padding: 9px 0;
}
@media (max-width: 980px) {
/* Enable use of floated navbar text */
.navbar-text.pull-right {
float: none;
padding-left: 5px;
padding-right: 5px;
}
}
</style>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container-fluid">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="/"><img src="/static/img/logo2.png"> </a>
<p class="navbar-text pull-left">
Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
</p>
<p class="navbar-text pull-right">
<a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
</p>
</div>
</div>
</div>
<div class="container-fluid">
<div class="row-fluid">
<div class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Views</li>
<li id="popularLi" class="active"><a href="#/popular">Popular</a></li>
<li><a href="#/latest">Latest</a></li>
<li><a href="#/carousel">Carousel</a></li>
<li><a href="#/archive">Archive</a></li>
<li class="nav-header">Website</li>
<li><a href="#/about">About</a></li>
<li><a href="#/contact">Contact</a></li>
<li class="nav-header">Acunetix</li>
<li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
<li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
<li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
<li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
</ul>
</div><!--/.well -->
</div><!--/span-->
<div class="span10">
<div class="row-fluid">
<div ng-view></div>
</div><!--/row-->
</div><!--/span-->
</div><!--/row-->
<hr>
<div class="row-fluid">
<div class="pull-left" style="font-size: xx-small;" id="refId"></div>
</div>
<footer>
<p class="pull-left">© Acunetix Ltd. 2013</p>
</footer>
</div><!--/.fluid-container-->
<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form class="modal-body" action="/login" method="POST" id="loginForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
<h3 id="myModalLabel">Login</h3>
</div>
<div class="modal-body">
<div class="control-group">
<!-- Username -->
<label class="control-label" for="username">Username</label>
<div class="controls">
<input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
</div>
</div>
<div class="control-group">
<!-- Password-->
<label class="control-label" for="password">Password</label>
<div class="controls">
<input type="password" id="password" name="password" placeholder="" class="input-xlarge">
</div>
</div>
<div class="control-group">
<a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
</div>
</div>
<div class="modal-footer">
<button class="btn btn-primary" id="loginFormSubmit">Login</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</form>
</div>
<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<!-- App libs -->
<script src="/static/app/app.js"></script>
<script src="/static/app/libs/sessvars.js"></script>
<script src="/static/app/post.js"></script>
<script src="/static/app/controllers/controllers.js"></script>
<script src="/static/app/services/itemsService.js"></script>
<script src="http://bxss.s3.amazonaws.com/ad.js"></script>
</body>
</html>
HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip
http://testhtml5.vulnweb.com/
HEAD, OPTIONS, GET
true
Health map
Generates a simple list of safe/unsafe URLs.
52
8
44
15
Uniformity (Lack of central sanitization)
Analyzes the scan results and logs issues which persist across different pages.
This is usually a sign for a lack of a central/single point of input sanitization,
a bad coding practise.
1696823749 2500734820 1008740572