Summary

Issues by type, trust, and severity

(Click on the bars or line points for details on the relevant issues.)

Severities of issues based on possible impact

(Click to see relevant Trusted issues.)

Elements with issues, by type

 

Trust evaluation (Trusted vs. Untrusted) of issues

(Click to see relevant issues.)

Trusted 16

High severity 6

In the majority of today’s web applications, clients are required to submit forms which can perform sensitive operations.

An example of such a form being used would be when an administrator wishes to create a new user for the application.

In the simplest version of the form, the administrator would fill-in:

  • Name
  • Password
  • Role (level of access)

Continuing with this example, Cross Site Request Forgery (CSRF) would occur when the administrator is tricked into clicking on a link, which if logged into the application, would automatically submit the form without any further interaction.

Cyber-criminals will look for sites where sensitive functions are performed in this manner and then craft malicious requests that will be used against clients via a social engineering attack.

There are 3 things that are required for a CSRF attack to occur:

  1. The form must perform some sort of sensitive action.
  2. The victim (the administrator the example above) must have an active session.
  3. Most importantly, all parameter values must be known or guessable.

Arachni discovered that all parameters within the form were known or predictable and therefore the form could be vulnerable to CSRF.

Manual verification may be required to check whether the submission will then perform a sensitive action, such as reset a password, modify user profiles, post content on a forum, etc.

Vector type HTTP method Action
form GET http://testhtml5.vulnweb.com/contact

Web applications occasionally use DOM input values to store the address of the page to which the client will be redirected – for example: yoursite.com/#/?redirect=www.yoursite.com/404.asp

An unvalidated redirect occurs when the client is able to modify the affected parameter value and thus control the location of the redirection. For example, the following URL yoursite.com/#/?redirect=www.anothersite.com will redirect to www.anothersite.com.

Cyber-criminals will abuse these vulnerabilities in social engineering attacks to get users to unknowingly visit malicious web sites.

Arachni has discovered that the web page does not validate the parameter value prior to redirecting the client to the injected value.

Vector type Input name HTTP method Action
link_dom url GET http://testhtml5.vulnweb.com/

Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction.

Cross Site Scripting (XSS) allows clients to inject scripts into a request and have the server return the script to the client in the response. This occurs because the application is taking untrusted data (in this example, from the client) and reusing it without performing any validation or sanitisation.

If the injected script is returned immediately this is known as reflected XSS. If the injected script is stored by the server and returned to any client visiting the affected page, then this is known as persistent XSS (also stored XSS).

Arachni has discovered that it is possible to insert script content directly into HTML element content.

Vector type Input name HTTP method Action
link id GET http://testhtml5.vulnweb.com/report
link id GET http://testhtml5.vulnweb.com/comment
link id GET http://testhtml5.vulnweb.com/like

Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction.

Unlike traditional Cross-Site Scripting (XSS), where the client is able to inject scripts into a request and have the server return the script to the client, DOM XSS does not require that a request be sent to the server and may be abused entirely within the loaded page.

This occurs when elements of the DOM (known as the sources) are able to be manipulated to contain untrusted data, which the client-side scripts (known as the sinks) use or execute an unsafe way.

Arachni has discovered that by modifying the affected DOM source, it is possible to insert and execute JavaScript code.

Vector type Input name HTTP method Action
link_dom url GET http://testhtml5.vulnweb.com/

Medium severity 2

Web applications are often made up of multiple files and directories.

It is possible that over time some directories may become unreferenced (unused) by the web application and forgotten about by the administrator/developer. Because web applications are built using common frameworks, they contain common directories that can be discovered (independent of server).

During the initial recon stages of an attack, cyber-criminals will attempt to locate unreferenced directories in the hope that the directory will assist in further compromise of the web application. To achieve this they will make thousands of requests using word lists containing common names. The response headers from the server will then indicate if the directory exists.

Arachni also contains a list of common directory names which it will attempt to access.

Vector type HTTP method Action
server GET http://testhtml5.vulnweb.com/samples/

The HTTP protocol by itself is clear text, meaning that any data that is transmitted via HTTP can be captured and the contents viewed.

To keep data private, and prevent it from being intercepted, HTTP is often tunnelled through either Secure Sockets Layer (SSL), or Transport Layer Security (TLS). When either of these encryption standards are used it is referred to as HTTPS.

Cyber-criminals will often attempt to compromise credentials passed from the client to the server using HTTP. This can be conducted via various different Man-in-The-Middle (MiTM) attacks or through network packet captures.

Arachni discovered that the affected page contains a password input, however, the value of the field is not sent to the server utilising HTTPS. Therefore it is possible that any submitted credential may become compromised.

Vector type Input name HTTP method Action
form password GET http://testhtml5.vulnweb.com/login

Low severity 3

Cross Origin Resource Sharing (CORS) is an HTML5 technology which gives modern web browsers the ability to bypass restrictions implemented by the Same Origin Policy. The Same Origin Policy requires that both the JavaScript and the page are loaded from the same domain in order to allow JavaScript to interact with the page. This in turn prevents malicious JavaScript being executed when loaded from external domains.

The CORS policy allows the application to specify exceptions to the protections implemented by the browser, and allows the developer to whitelist domains for which external JavaScript is permitted to execute and interact with the page.

A weak CORS policy is one which whitelists all domains using a wildcard (*), which will allow any externally loaded JavaScript resource to interact with the affected page. This can severely increase the risk of attacks such as Cross Site Scripting etc.

Arachni detected that the CORS policy being set by the server was weak, and used a wildcard value. This is evident by the Access-Control-Allow-Origin header being set to *.

Vector type HTTP method Action
server GET http://testhtml5.vulnweb.com/

In typical form-based web applications, it is common practice for developers to allow autocomplete within the HTML form to improve the usability of the page. With autocomplete enabled (default), the browser is allowed to cache previously entered form values.

For legitimate purposes, this allows the user to quickly re-enter the same data when completing the form multiple times.

When autocomplete is enabled on either/both the username and password fields, this could allow a cyber-criminal with access to the victim’s computer the ability to have the victim’s credentials automatically entered as the cyber-criminal visits the affected page.

Arachni has discovered that the affected page contains a form containing a password field that has not disabled autocomplete.

Vector type HTTP method Action
form GET http://testhtml5.vulnweb.com/login

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

The server didn’t return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack.

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

Vector type HTTP method Action
server GET http://testhtml5.vulnweb.com/

Informational severity 5

The server responded with a non 200 (OK) nor 404 (Not Found) status code. This is a non-issue, however exotic HTTP response status codes can provide useful insights into the behavior of the web application and assist with the penetration test.

Vector type HTTP method Action
server GET http://testhtml5.vulnweb.com/static/css/?%3Cmy_tag_88fc8f0ec9141866cb14f3125be901b4/%3E=
server GET http://testhtml5.vulnweb.com/contact
server POST http://testhtml5.vulnweb.com/login
server TRACE http://testhtml5.vulnweb.com/

There are a number of HTTP methods that can be used on a webserver (OPTIONS, HEAD, GET, POST, PUT, DELETE etc.). Each of these methods perform a different function and each have an associated level of risk when their use is permitted on the webserver.

A client can use the OPTIONS method within a request to query a server to determine which methods are allowed.

Cyber-criminals will almost always perform this simple test as it will give a very quick indication of any high-risk methods being permitted by the server.

Arachni discovered that several methods are supported by the server.

Vector type HTTP method Action
server OPTIONS http://testhtml5.vulnweb.com/

(About the OWASP Top 10 list)

A3-Cross-Site Scripting (XSS) 4

XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. OWASP

Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction.

Cross Site Scripting (XSS) allows clients to inject scripts into a request and have the server return the script to the client in the response. This occurs because the application is taking untrusted data (in this example, from the client) and reusing it without performing any validation or sanitisation.

If the injected script is returned immediately this is known as reflected XSS. If the injected script is stored by the server and returned to any client visiting the affected page, then this is known as persistent XSS (also stored XSS).

Arachni has discovered that it is possible to insert script content directly into HTML element content.

Vector type Input name HTTP method Action
link id GET http://testhtml5.vulnweb.com/report
link id GET http://testhtml5.vulnweb.com/comment
link id GET http://testhtml5.vulnweb.com/like

Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction.

Unlike traditional Cross-Site Scripting (XSS), where the client is able to inject scripts into a request and have the server return the script to the client, DOM XSS does not require that a request be sent to the server and may be abused entirely within the loaded page.

This occurs when elements of the DOM (known as the sources) are able to be manipulated to contain untrusted data, which the client-side scripts (known as the sinks) use or execute an unsafe way.

Arachni has discovered that by modifying the affected DOM source, it is possible to insert and execute JavaScript code.

Vector type Input name HTTP method Action
link_dom url GET http://testhtml5.vulnweb.com/

A5-Security Misconfiguration 1

Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date. OWASP

Cross Origin Resource Sharing (CORS) is an HTML5 technology which gives modern web browsers the ability to bypass restrictions implemented by the Same Origin Policy. The Same Origin Policy requires that both the JavaScript and the page are loaded from the same domain in order to allow JavaScript to interact with the page. This in turn prevents malicious JavaScript being executed when loaded from external domains.

The CORS policy allows the application to specify exceptions to the protections implemented by the browser, and allows the developer to whitelist domains for which external JavaScript is permitted to execute and interact with the page.

A weak CORS policy is one which whitelists all domains using a wildcard (*), which will allow any externally loaded JavaScript resource to interact with the affected page. This can severely increase the risk of attacks such as Cross Site Scripting etc.

Arachni detected that the CORS policy being set by the server was weak, and used a wildcard value. This is evident by the Access-Control-Allow-Origin header being set to *.

Vector type HTTP method Action
server GET http://testhtml5.vulnweb.com/

A8-Sensitive Data Exposure 1

A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim. OWASP

In the majority of today’s web applications, clients are required to submit forms which can perform sensitive operations.

An example of such a form being used would be when an administrator wishes to create a new user for the application.

In the simplest version of the form, the administrator would fill-in:

  • Name
  • Password
  • Role (level of access)

Continuing with this example, Cross Site Request Forgery (CSRF) would occur when the administrator is tricked into clicking on a link, which if logged into the application, would automatically submit the form without any further interaction.

Cyber-criminals will look for sites where sensitive functions are performed in this manner and then craft malicious requests that will be used against clients via a social engineering attack.

There are 3 things that are required for a CSRF attack to occur:

  1. The form must perform some sort of sensitive action.
  2. The victim (the administrator the example above) must have an active session.
  3. Most importantly, all parameter values must be known or guessable.

Arachni discovered that all parameters within the form were known or predictable and therefore the form could be vulnerable to CSRF.

Manual verification may be required to check whether the submission will then perform a sensitive action, such as reset a password, modify user profiles, post content on a forum, etc.

Vector type HTTP method Action
form GET http://testhtml5.vulnweb.com/contact

A10-Unvalidated Redirects and Forwards 1

Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages. OWASP

Web applications occasionally use DOM input values to store the address of the page to which the client will be redirected – for example: yoursite.com/#/?redirect=www.yoursite.com/404.asp

An unvalidated redirect occurs when the client is able to modify the affected parameter value and thus control the location of the redirection. For example, the following URL yoursite.com/#/?redirect=www.anothersite.com will redirect to www.anothersite.com.

Cyber-criminals will abuse these vulnerabilities in social engineering attacks to get users to unknowingly visit malicious web sites.

Arachni has discovered that the web page does not validate the parameter value prior to redirecting the client to the injected value.

Vector type Input name HTTP method Action
link_dom url GET http://testhtml5.vulnweb.com/

Configuration Download

Version
1.3
Audit started on
2015-10-01 17:37:14 +0300
Audit finished on
2015-10-01 17:42:30 +0300
Runtime
00:05:16

General

URL
http://testhtml5.vulnweb.com/
Checks
allowed_methods, backdoors, backup_directories, backup_files, captcha, code_injection, code_injection_php_input_wrapper, code_injection_timing, common_admin_interfaces, common_directories, common_files, cookie_set_for_parent_domain, credit_card, csrf, cvs_svn_users, directory_listing, emails, file_inclusion, form_upload, hsts, htaccess_limit, html_objects, http_only_cookies, http_put, insecure_client_access_policy, insecure_cookies, insecure_cors_policy, insecure_cross_domain_policy_access, insecure_cross_domain_policy_headers, interesting_responses, ldap_injection, localstart_asp, mixed_resource, no_sql_injection, no_sql_injection_differential, origin_spoof_access_restriction_bypass, os_cmd_injection, os_cmd_injection_timing, password_autocomplete, path_traversal, private_ip, response_splitting, rfi, session_fixation, source_code_disclosure, sql_injection, sql_injection_differential, sql_injection_timing, ssn, trainer, unencrypted_password_forms, unvalidated_redirect, unvalidated_redirect_dom, webdav, x_frame_options, xpath_injection, xss, xss_dom, xss_dom_script_context, xss_event, xss_path, xss_script_context, xss_tag, xst, xxe

Http

"user_agent" "Arachni/v1.3"
"request_timeout" 10000
"request_redirect_limit" 5
"request_concurrency" 20
"request_queue_size" 100
"request_headers" {}
"response_max_size" 500000
"cookies" {}

Audit

"parameter_values" true
"exclude_vector_patterns" []
"include_vector_patterns" []
"link_templates" []
"links" true
"forms" true
"cookies" true
"ui_inputs" true
"ui_forms" true
"jsons" true
"xmls" true

Input

"values" {}
"default_values"
"(?i-mx:name)" "arachni_name"
"(?i-mx:user)" "arachni_user"
"(?i-mx:usr)" "arachni_user"
"(?i-mx:pass)" "5543!%arachni_secret"
"(?i-mx:txt)" "arachni_text"
"(?i-mx:num)" "132"
"(?i-mx:amount)" "100"
"(?i-mx:mail)" "[email protected]"
"(?i-mx:account)" "12"
"(?i-mx:id)" "1"
"without_defaults" false
"force" false

Datastore

"report_path" nil

Browser cluster

"local_storage" {}
"wait_for_elements" {}
"pool_size" 6
"job_timeout" 25
"worker_time_to_live" 100
"ignore_images" false
"screen_width" 1600
"screen_height" 1200

Scope

"redundant_path_patterns" {}
"dom_depth_limit" 5
"exclude_path_patterns" []
"exclude_content_patterns" []
"include_path_patterns" []
"restrict_paths" []
"extend_paths" []
"url_rewrites" {}

Issues

At the time these issues were logged there were no abnormal interferences or anomalous server behavior.
These issues are considered trusted and accurate.

Cross-Site Request Forgery 1 csrf

In the majority of today’s web applications, clients are required to submit forms which can perform sensitive operations.

An example of such a form being used would be when an administrator wishes to create a new user for the application.

In the simplest version of the form, the administrator would fill-in:

  • Name
  • Password
  • Role (level of access)

Continuing with this example, Cross Site Request Forgery (CSRF) would occur when the administrator is tricked into clicking on a link, which if logged into the application, would automatically submit the form without any further interaction.

Cyber-criminals will look for sites where sensitive functions are performed in this manner and then craft malicious requests that will be used against clients via a social engineering attack.

There are 3 things that are required for a CSRF attack to occur:

  1. The form must perform some sort of sensitive action.
  2. The victim (the administrator the example above) must have an active session.
  3. Most importantly, all parameter values must be known or guessable.

Arachni discovered that all parameters within the form were known or predictable and therefore the form could be vulnerable to CSRF.

Manual verification may be required to check whether the submission will then perform a sensitive action, such as reset a password, modify user profiles, post content on a forum, etc.

Remediation guidance

Based on the risk (determined by manual verification) of whether the form submission performs a sensitive action, the addition of anti-CSRF tokens may be required.

These tokens can be configured in such a way that each session generates a new anti-CSRF token or such that each individual request requires a new token.

It is important that the server track and maintain the status of each token (in order to reject requests accompanied by invalid ones) and therefore prevent cyber-criminals from knowing, guessing or reusing them.

For examples of framework specific remediation options, please refer to the references.

Proof
<form class="well span10 ng-scope ng-pristine ng-valid" action="/contact" method="POST">
    <div class="row-fluid">
        <div class="span6">
            <label>First Name</label>
            <input type="text" class="span8" placeholder="Your First Name" name="firstName">
            <label>Last Name</label>
            <input type="text" class="span8" placeholder="Your Last Name" name="lastName">
            <label>Email Address</label>
            <input type="text" class="span8" placeholder="Your email address" name="address">
            <label>Subject</label>
                <select id="subject" name="subject" class="span8">
                    <option value="na" selected>Choose One:</option>
                    <option value="service">General Customer Service</option>
                    <option value="suggestions">Suggestions</option>
                    <option value="product">Product Support</option>
                </select>
        </div>
        <div class="span6">
            <label>Message</label>
            <textarea name="message" id="message" class="input-xlarge span10" rows="10"></textarea>
        </div>
    </div>
    <button id="butonul" type="submit" class="btn btn-primary pull-left">Send</button>

</form>
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
<form class="well span10 ng-scope ng-pristine ng-valid" action="/contact" method="POST">
    <div class="row-fluid">
        <div class="span6">
            <label>First Name</label>
            <input type="text" class="span8" placeholder="Your First Name" name="firstName">
            <label>Last Name</label>
            <input type="text" class="span8" placeholder="Your Last Name" name="lastName">
            <label>Email Address</label>
            <input type="text" class="span8" placeholder="Your email address" name="address">
            <label>Subject</label>
                <select id="subject" name="subject" class="span8">
                    <option value="na" selected>Choose One:</option>
                    <option value="service">General Customer Service</option>
                    <option value="suggestions">Suggestions</option>
                    <option value="product">Product Support</option>
                </select>
        </div>
        <div class="span6">
            <label>Message</label>
            <textarea name="message" id="message" class="input-xlarge span10" rows="10"></textarea>
        </div>
    </div>
    <button id="butonul" type="submit" class="btn btn-primary pull-left">Send</button>

</form>
Type In Action Default inputs Updated inputs
form http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/contact
message
firstName
lastName
address
subject
na
butonul
message
firstName
lastName
address
subject
na
butonul
Transitions

Transitions describe the steps required to restore the state of the page, to the one it had when it was processed by the scanner, as a series of events. In essence, each transition represents a user interaction.

# Time Event Element Options
0 1.063490473 load page
URL http://testhtml5.vulnweb.com/
1 0.000726783 request http://testhtml5.vulnweb.com/
2 0.526492435 request http://bxss.s3.amazonaws.com/ad.js
3 0.226042078 request http://testhtml5.vulnweb.com/ajax/popular?offset=0
4 1.172838548 click <a href="#/contact" data-arachni-id="-1678787584">

HTTP request

Raw HTTP request used to retrieve the page.

GET http://testhtml5.vulnweb.com/ HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
HTTP response

Raw HTTP response used as the page basis. (Binary bodies will not be displayed.)

HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip

<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;

/* arachni_js_namespace_code_start */  /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
    <meta charset="utf-8">
    <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">

    <!-- Le styles -->
    <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
    <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
    <link href="/static/css/style.css" rel="stylesheet">

    <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">

    <style type="text/css">
        body {
            padding-top: 60px;
            padding-bottom: 40px;
        }
        .sidebar-nav {
            padding: 9px 0;
        }

        @media (max-width: 980px) {
            /* Enable use of floated navbar text */
            .navbar-text.pull-right {
                float: none;
                padding-left: 5px;
                padding-right: 5px;
            }
        }
    </style>
</head>

<body>

<div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
        <div class="container-fluid">
            <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a>
            <p class="navbar-text pull-left">
                Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
            </p>

            <p class="navbar-text pull-right">
                
                <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
                
            </p>
        </div>
    </div>
</div>

<div class="container-fluid">
    <div class="row-fluid">
        <div class="span2">
            <div class="well sidebar-nav">
                <ul class="nav nav-list">
                    <li class="nav-header">Views</li>
                    <li id="popularLi"  class="active"><a href="#/popular">Popular</a></li>
                    <li><a href="#/latest">Latest</a></li>
                    <li><a href="#/carousel">Carousel</a></li>
                    <li><a href="#/archive">Archive</a></li>

                    <li class="nav-header">Website</li>
                    <li><a href="#/about">About</a></li>
                    <li><a href="#/contact">Contact</a></li>

                    <li class="nav-header">Acunetix</li>
                    <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
                    <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
                    <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
                    <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
                </ul>
            </div><!--/.well -->
        </div><!--/span-->
        <div class="span10">
            <div class="row-fluid">
                <div ng-view></div>
            </div><!--/row-->
        </div><!--/span-->
    </div><!--/row-->

    <hr>

    <div class="row-fluid">
        <div class="pull-left" style="font-size: xx-small;" id="refId"></div>
    </div>

    <footer>
        <p class="pull-left">&copy; Acunetix Ltd. 2013</p>
    </footer>

</div><!--/.fluid-container-->


<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
    <form class="modal-body" action="/login" method="POST" id="loginForm">
    <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
        <h3 id="myModalLabel">Login</h3>
    </div>
    <div class="modal-body">
            <div class="control-group">
                <!-- Username -->
                <label class="control-label"  for="username">Username</label>
                <div class="controls">
                    <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
                </div>
            </div>

            <div class="control-group">
                <!-- Password-->
                <label class="control-label" for="password">Password</label>
                <div class="controls">
                    <input type="password" id="password" name="password" placeholder="" class="input-xlarge">
                </div>
            </div>

            <div class="control-group">
                <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
            </div>

    </div>
    <div class="modal-footer">
        <button class="btn btn-primary" id="loginFormSubmit">Login</button>
        <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
    </div>
    </form>
</div>

<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->


<!-- App libs -->

<script src="/static/app/app.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/libs/sessvars.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/post.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/controllers/controllers.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/services/itemsService.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://bxss.s3.amazonaws.com/ad.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->



</body>
</html>
Browser-evaluated body

This is the browser-evaluated body, as a result of the listed transitions.

0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="-88160834"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;

/* arachni_js_namespace_code_start */  /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->




    <meta charset="utf-8">
    <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">

    <!-- Le styles -->
    <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
    <link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
    <link href="/static/css/style.css" rel="stylesheet">

    <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">

    <style type="text/css">
        body {
            padding-top: 60px;
            padding-bottom: 40px;
        }
        .sidebar-nav {
            padding: 9px 0;
        }

        @media (max-width: 980px) {
            /* Enable use of floated navbar text */
            .navbar-text.pull-right {
                float: none;
                padding-left: 5px;
                padding-right: 5px;
            }
        }
    </style>
<style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head>

<body>

<div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
        <div class="container-fluid">
            <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a>
            <p class="navbar-text pull-left">
                Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>.
            </p>

            <p class="navbar-text pull-right">
                
                <a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a>
                
            </p>
        </div>
    </div>
</div>

<div class="container-fluid">
    <div class="row-fluid">
        <div class="span2">
            <div class="well sidebar-nav">
                <ul class="nav nav-list">
                    <li class="nav-header">Views</li>
                    <li id="popularLi" class=""><a href="#/popular" data-arachni-id="1270713017">Popular</a></li>
                    <li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li>
                    <li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li>
                    <li><a href="#/archive" data-arachni-id="916551842">Archive</a></li>

                    <li class="nav-header">Website</li>
                    <li><a href="#/about" data-arachni-id="63058797">About</a></li>
                    <li class="active"><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li>

                    <li class="nav-header">Acunetix</li>
                    <li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li>
                    <li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li>
                    <li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li>
                    <li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li>
                </ul>
            </div><!--/.well -->
        </div><!--/span-->
        <div class="span10">
            <div class="row-fluid">
                <div ng-view=""><form class="well span10 ng-scope ng-pristine ng-valid" action="/contact" method="POST">
    <div class="row-fluid">
        <div class="span6">
            <label>First Name</label>
            <input type="text" class="span8" placeholder="Your First Name" name="firstName">
            <label>Last Name</label>
            <input type="text" class="span8" placeholder="Your Last Name" name="lastName">
            <label>Email Address</label>
            <input type="text" class="span8" placeholder="Your email address" name="address">
            <label>Subject</label>
                <select id="subject" name="subject" class="span8">
                    <option value="na" selected="">Choose One:</option>
                    <option value="service">General Customer Service</option>
                    <option value="suggestions">Suggestions</option>
                    <option value="product">Product Support</option>
                </select>
        </div>
        <div class="span6">
            <label>Message</label>
            <textarea name="message" id="message" class="input-xlarge span10" rows="10"></textarea>
        </div>
    </div>
    <button id="butonul" type="submit" class="btn btn-primary pull-left">Send</button>

</form>
</div>
            </div><!--/row-->
        </div><!--/span-->
    </div><!--/row-->

    <hr>

    <div class="row-fluid">
        <div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>4</b> times.</div>
    </div>

    <footer>
        <p class="pull-left">© Acunetix Ltd. 2013</p>
    </footer>

</div><!--/.fluid-container-->


<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
    <form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm">
    <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
        <h3 id="myModalLabel">Login</h3>
    </div>
    <div class="modal-body">
            <div class="control-group">
                <!-- Username -->
                <label class="control-label" for="username">Username</label>
                <div class="controls">
                    <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
                </div>
            </div>

            <div class="control-group">
                <!-- Password-->
                <label class="control-label" for="password">Password</label>
                <div class="controls">
                    <input type="password" id="password" name="password" placeholder="" class="input-xlarge">
                </div>
            </div>

            <div class="control-group">
                <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
            </div>

    </div>
    <div class="modal-footer">
        <button class="btn btn-primary" id="loginFormSubmit">Login</button>
        <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
    </div>
    </form>
</div>

<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->


<!-- App libs -->

<script src="/static/app/app.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/libs/sessvars.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/post.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/#/popular"></div>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/controllers/controllers.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/services/itemsService.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://bxss.s3.amazonaws.com/ad.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&amp;ad_client=723898932&amp;u_h=768&amp;u_w=1024&amp;pn=&amp;ref=&amp;url=http://testhtml5.vulnweb.com/#/popular&amp;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->





</body></html>
HTTP response body

This is the original HTTP response body.

0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;

/* arachni_js_namespace_code_start */  /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
    <meta charset="utf-8">
    <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">

    <!-- Le styles -->
    <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
    <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
    <link href="/static/css/style.css" rel="stylesheet">

    <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">

    <style type="text/css">
        body {
            padding-top: 60px;
            padding-bottom: 40px;
        }
        .sidebar-nav {
            padding: 9px 0;
        }

        @media (max-width: 980px) {
            /* Enable use of floated navbar text */
            .navbar-text.pull-right {
                float: none;
                padding-left: 5px;
                padding-right: 5px;
            }
        }
    </style>
</head>

<body>

<div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
        <div class="container-fluid">
            <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a>
            <p class="navbar-text pull-left">
                Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
            </p>

            <p class="navbar-text pull-right">
                
                <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
                
            </p>
        </div>
    </div>
</div>

<div class="container-fluid">
    <div class="row-fluid">
        <div class="span2">
            <div class="well sidebar-nav">
                <ul class="nav nav-list">
                    <li class="nav-header">Views</li>
                    <li id="popularLi"  class="active"><a href="#/popular">Popular</a></li>
                    <li><a href="#/latest">Latest</a></li>
                    <li><a href="#/carousel">Carousel</a></li>
                    <li><a href="#/archive">Archive</a></li>

                    <li class="nav-header">Website</li>
                    <li><a href="#/about">About</a></li>
                    <li><a href="#/contact">Contact</a></li>

                    <li class="nav-header">Acunetix</li>
                    <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
                    <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
                    <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
                    <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
                </ul>
            </div><!--/.well -->
        </div><!--/span-->
        <div class="span10">
            <div class="row-fluid">
                <div ng-view></div>
            </div><!--/row-->
        </div><!--/span-->
    </div><!--/row-->

    <hr>

    <div class="row-fluid">
        <div class="pull-left" style="font-size: xx-small;" id="refId"></div>
    </div>

    <footer>
        <p class="pull-left">&copy; Acunetix Ltd. 2013</p>
    </footer>

</div><!--/.fluid-container-->


<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
    <form class="modal-body" action="/login" method="POST" id="loginForm">
    <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
        <h3 id="myModalLabel">Login</h3>
    </div>
    <div class="modal-body">
            <div class="control-group">
                <!-- Username -->
                <label class="control-label"  for="username">Username</label>
                <div class="controls">
                    <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
                </div>
            </div>

            <div class="control-group">
                <!-- Password-->
                <label class="control-label" for="password">Password</label>
                <div class="controls">
                    <input type="password" id="password" name="password" placeholder="" class="input-xlarge">
                </div>
            </div>

            <div class="control-group">
                <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
            </div>

    </div>
    <div class="modal-footer">
        <button class="btn btn-primary" id="loginFormSubmit">Login</button>
        <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
    </div>
    </form>
</div>

<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->


<!-- App libs -->

<script src="/static/app/app.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/libs/sessvars.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/post.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/controllers/controllers.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/services/itemsService.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://bxss.s3.amazonaws.com/ad.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->



</body>
</html>

Transitions

Transitions describe the steps required to restore the state of the page, to the one it had when it was processed by the scanner, as a series of events. In essence, each transition represents a user interaction.

# Time Event Element Options
0 1.063490473 load page
URL http://testhtml5.vulnweb.com/
1 0.000726783 request http://testhtml5.vulnweb.com/
2 0.526492435 request http://bxss.s3.amazonaws.com/ad.js
3 0.226042078 request http://testhtml5.vulnweb.com/ajax/popular?offset=0
4 1.172838548 click <a href="#/contact" data-arachni-id="-1678787584">

HTTP request

Raw HTTP request used to retrieve the page.

GET http://testhtml5.vulnweb.com/ HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
HTTP response

Raw HTTP response used as the page basis. (Binary bodies will not be displayed.)

HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip

<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;

/* arachni_js_namespace_code_start */  /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
    <meta charset="utf-8">
    <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">

    <!-- Le styles -->
    <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
    <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
    <link href="/static/css/style.css" rel="stylesheet">

    <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">

    <style type="text/css">
        body {
            padding-top: 60px;
            padding-bottom: 40px;
        }
        .sidebar-nav {
            padding: 9px 0;
        }

        @media (max-width: 980px) {
            /* Enable use of floated navbar text */
            .navbar-text.pull-right {
                float: none;
                padding-left: 5px;
                padding-right: 5px;
            }
        }
    </style>
</head>

<body>

<div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
        <div class="container-fluid">
            <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a>
            <p class="navbar-text pull-left">
                Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
            </p>

            <p class="navbar-text pull-right">
                
                <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
                
            </p>
        </div>
    </div>
</div>

<div class="container-fluid">
    <div class="row-fluid">
        <div class="span2">
            <div class="well sidebar-nav">
                <ul class="nav nav-list">
                    <li class="nav-header">Views</li>
                    <li id="popularLi"  class="active"><a href="#/popular">Popular</a></li>
                    <li><a href="#/latest">Latest</a></li>
                    <li><a href="#/carousel">Carousel</a></li>
                    <li><a href="#/archive">Archive</a></li>

                    <li class="nav-header">Website</li>
                    <li><a href="#/about">About</a></li>
                    <li><a href="#/contact">Contact</a></li>

                    <li class="nav-header">Acunetix</li>
                    <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
                    <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
                    <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
                    <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
                </ul>
            </div><!--/.well -->
        </div><!--/span-->
        <div class="span10">
            <div class="row-fluid">
                <div ng-view></div>
            </div><!--/row-->
        </div><!--/span-->
    </div><!--/row-->

    <hr>

    <div class="row-fluid">
        <div class="pull-left" style="font-size: xx-small;" id="refId"></div>
    </div>

    <footer>
        <p class="pull-left">&copy; Acunetix Ltd. 2013</p>
    </footer>

</div><!--/.fluid-container-->


<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
    <form class="modal-body" action="/login" method="POST" id="loginForm">
    <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
        <h3 id="myModalLabel">Login</h3>
    </div>
    <div class="modal-body">
            <div class="control-group">
                <!-- Username -->
                <label class="control-label"  for="username">Username</label>
                <div class="controls">
                    <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
                </div>
            </div>

            <div class="control-group">
                <!-- Password-->
                <label class="control-label" for="password">Password</label>
                <div class="controls">
                    <input type="password" id="password" name="password" placeholder="" class="input-xlarge">
                </div>
            </div>

            <div class="control-group">
                <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
            </div>

    </div>
    <div class="modal-footer">
        <button class="btn btn-primary" id="loginFormSubmit">Login</button>
        <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
    </div>
    </form>
</div>

<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->


<!-- App libs -->

<script src="/static/app/app.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/libs/sessvars.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/post.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/controllers/controllers.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/services/itemsService.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://bxss.s3.amazonaws.com/ad.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->



</body>
</html>
Browser-evaluated body

This is the browser-evaluated body, as a result of the listed transitions.

0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="-88160834"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;

/* arachni_js_namespace_code_start */  /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->




    <meta charset="utf-8">
    <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">

    <!-- Le styles -->
    <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
    <link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
    <link href="/static/css/style.css" rel="stylesheet">

    <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">

    <style type="text/css">
        body {
            padding-top: 60px;
            padding-bottom: 40px;
        }
        .sidebar-nav {
            padding: 9px 0;
        }

        @media (max-width: 980px) {
            /* Enable use of floated navbar text */
            .navbar-text.pull-right {
                float: none;
                padding-left: 5px;
                padding-right: 5px;
            }
        }
    </style>
<style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head>

<body>

<div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
        <div class="container-fluid">
            <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a>
            <p class="navbar-text pull-left">
                Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>.
            </p>

            <p class="navbar-text pull-right">
                
                <a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a>
                
            </p>
        </div>
    </div>
</div>

<div class="container-fluid">
    <div class="row-fluid">
        <div class="span2">
            <div class="well sidebar-nav">
                <ul class="nav nav-list">
                    <li class="nav-header">Views</li>
                    <li id="popularLi" class=""><a href="#/popular" data-arachni-id="1270713017">Popular</a></li>
                    <li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li>
                    <li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li>
                    <li><a href="#/archive" data-arachni-id="916551842">Archive</a></li>

                    <li class="nav-header">Website</li>
                    <li><a href="#/about" data-arachni-id="63058797">About</a></li>
                    <li class="active"><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li>

                    <li class="nav-header">Acunetix</li>
                    <li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li>
                    <li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li>
                    <li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li>
                    <li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li>
                </ul>
            </div><!--/.well -->
        </div><!--/span-->
        <div class="span10">
            <div class="row-fluid">
                <div ng-view=""><form class="well span10 ng-scope ng-pristine ng-valid" action="/contact" method="POST">
    <div class="row-fluid">
        <div class="span6">
            <label>First Name</label>
            <input type="text" class="span8" placeholder="Your First Name" name="firstName">
            <label>Last Name</label>
            <input type="text" class="span8" placeholder="Your Last Name" name="lastName">
            <label>Email Address</label>
            <input type="text" class="span8" placeholder="Your email address" name="address">
            <label>Subject</label>
                <select id="subject" name="subject" class="span8">
                    <option value="na" selected="">Choose One:</option>
                    <option value="service">General Customer Service</option>
                    <option value="suggestions">Suggestions</option>
                    <option value="product">Product Support</option>
                </select>
        </div>
        <div class="span6">
            <label>Message</label>
            <textarea name="message" id="message" class="input-xlarge span10" rows="10"></textarea>
        </div>
    </div>
    <button id="butonul" type="submit" class="btn btn-primary pull-left">Send</button>

</form>
</div>
            </div><!--/row-->
        </div><!--/span-->
    </div><!--/row-->

    <hr>

    <div class="row-fluid">
        <div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>4</b> times.</div>
    </div>

    <footer>
        <p class="pull-left">© Acunetix Ltd. 2013</p>
    </footer>

</div><!--/.fluid-container-->


<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
    <form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm">
    <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
        <h3 id="myModalLabel">Login</h3>
    </div>
    <div class="modal-body">
            <div class="control-group">
                <!-- Username -->
                <label class="control-label" for="username">Username</label>
                <div class="controls">
                    <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
                </div>
            </div>

            <div class="control-group">
                <!-- Password-->
                <label class="control-label" for="password">Password</label>
                <div class="controls">
                    <input type="password" id="password" name="password" placeholder="" class="input-xlarge">
                </div>
            </div>

            <div class="control-group">
                <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
            </div>

    </div>
    <div class="modal-footer">
        <button class="btn btn-primary" id="loginFormSubmit">Login</button>
        <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
    </div>
    </form>
</div>

<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->


<!-- App libs -->

<script src="/static/app/app.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/libs/sessvars.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/post.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/#/popular"></div>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/controllers/controllers.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/services/itemsService.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://bxss.s3.amazonaws.com/ad.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&amp;ad_client=723898932&amp;u_h=768&amp;u_w=1024&amp;pn=&amp;ref=&amp;url=http://testhtml5.vulnweb.com/#/popular&amp;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->





</body></html>
HTTP response body

This is the original HTTP response body.

0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;

/* arachni_js_namespace_code_start */  /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
    <meta charset="utf-8">
    <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">

    <!-- Le styles -->
    <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
    <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
    <link href="/static/css/style.css" rel="stylesheet">

    <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">

    <style type="text/css">
        body {
            padding-top: 60px;
            padding-bottom: 40px;
        }
        .sidebar-nav {
            padding: 9px 0;
        }

        @media (max-width: 980px) {
            /* Enable use of floated navbar text */
            .navbar-text.pull-right {
                float: none;
                padding-left: 5px;
                padding-right: 5px;
            }
        }
    </style>
</head>

<body>

<div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
        <div class="container-fluid">
            <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a>
            <p class="navbar-text pull-left">
                Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
            </p>

            <p class="navbar-text pull-right">
                
                <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
                
            </p>
        </div>
    </div>
</div>

<div class="container-fluid">
    <div class="row-fluid">
        <div class="span2">
            <div class="well sidebar-nav">
                <ul class="nav nav-list">
                    <li class="nav-header">Views</li>
                    <li id="popularLi"  class="active"><a href="#/popular">Popular</a></li>
                    <li><a href="#/latest">Latest</a></li>
                    <li><a href="#/carousel">Carousel</a></li>
                    <li><a href="#/archive">Archive</a></li>

                    <li class="nav-header">Website</li>
                    <li><a href="#/about">About</a></li>
                    <li><a href="#/contact">Contact</a></li>

                    <li class="nav-header">Acunetix</li>
                    <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
                    <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
                    <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
                    <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
                </ul>
            </div><!--/.well -->
        </div><!--/span-->
        <div class="span10">
            <div class="row-fluid">
                <div ng-view></div>
            </div><!--/row-->
        </div><!--/span-->
    </div><!--/row-->

    <hr>

    <div class="row-fluid">
        <div class="pull-left" style="font-size: xx-small;" id="refId"></div>
    </div>

    <footer>
        <p class="pull-left">&copy; Acunetix Ltd. 2013</p>
    </footer>

</div><!--/.fluid-container-->


<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
    <form class="modal-body" action="/login" method="POST" id="loginForm">
    <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
        <h3 id="myModalLabel">Login</h3>
    </div>
    <div class="modal-body">
            <div class="control-group">
                <!-- Username -->
                <label class="control-label"  for="username">Username</label>
                <div class="controls">
                    <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
                </div>
            </div>

            <div class="control-group">
                <!-- Password-->
                <label class="control-label" for="password">Password</label>
                <div class="controls">
                    <input type="password" id="password" name="password" placeholder="" class="input-xlarge">
                </div>
            </div>

            <div class="control-group">
                <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
            </div>

    </div>
    <div class="modal-footer">
        <button class="btn btn-primary" id="loginFormSubmit">Login</button>
        <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
    </div>
    </form>
</div>

<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->


<!-- App libs -->

<script src="/static/app/app.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/libs/sessvars.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/post.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/controllers/controllers.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/services/itemsService.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://bxss.s3.amazonaws.com/ad.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->



</body>
</html>

Unvalidated DOM redirect 1 unvalidated_redirect_dom

Web applications occasionally use DOM input values to store the address of the page to which the client will be redirected – for example: yoursite.com/#/?redirect=www.yoursite.com/404.asp

An unvalidated redirect occurs when the client is able to modify the affected parameter value and thus control the location of the redirection. For example, the following URL yoursite.com/#/?redirect=www.anothersite.com will redirect to www.anothersite.com.

Cyber-criminals will abuse these vulnerabilities in social engineering attacks to get users to unknowingly visit malicious web sites.

Arachni has discovered that the web page does not validate the parameter value prior to redirecting the client to the injected value.

Remediation guidance

The application should ensure that the supplied value for a redirect is permitted. This can be achieved by performing whitelisting on the parameter value.

The whitelist should contain a list of pages or sites that the application is permitted to redirect users to. If the supplied value does not match any value in the whitelist then the server should redirect to a standard error page.

Injected seed
http://www.88fc8f0ec9141866cb14f3125be901b4.com/
0
<a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a>
Type In Action Default inputs Updated inputs
link_dom http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/
url
http://javahacker.com/the-first-javascript-misdirection-contest/
url
http://www.88fc8f0ec9141866cb14f3125be901b4.com/
Transitions

Transitions describe the steps required to restore the state of the page, to the one it had when it was processed by the scanner, as a series of events. In essence, each transition represents a user interaction.

# Time Event Element Options
0 0.47153375 load page
URL http://testhtml5.vulnweb.com/#/redir?url=http://www.88fc8f0ec9141866cb14f3125be901b4.com/

HTTP request

Raw HTTP request used to retrieve the page.


HTTP response

Raw HTTP response used as the page basis. (Binary bodies will not be displayed.)


Transitions

Transitions describe the steps required to restore the state of the page, to the one it had when it was processed by the scanner, as a series of events. In essence, each transition represents a user interaction.

# Time Event Element Options
0 1.063490473 load page
URL http://testhtml5.vulnweb.com/
1 0.000726783 request http://testhtml5.vulnweb.com/
2 0.526492435 request http://bxss.s3.amazonaws.com/ad.js
3 0.226042078 request http://testhtml5.vulnweb.com/ajax/popular?offset=0

HTTP request

Raw HTTP request used to retrieve the page.

GET http://testhtml5.vulnweb.com/ HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
HTTP response

Raw HTTP response used as the page basis. (Binary bodies will not be displayed.)

HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip

<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;

/* arachni_js_namespace_code_start */  /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
    <meta charset="utf-8">
    <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">

    <!-- Le styles -->
    <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
    <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
    <link href="/static/css/style.css" rel="stylesheet">

    <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">

    <style type="text/css">
        body {
            padding-top: 60px;
            padding-bottom: 40px;
        }
        .sidebar-nav {
            padding: 9px 0;
        }

        @media (max-width: 980px) {
            /* Enable use of floated navbar text */
            .navbar-text.pull-right {
                float: none;
                padding-left: 5px;
                padding-right: 5px;
            }
        }
    </style>
</head>

<body>

<div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
        <div class="container-fluid">
            <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a>
            <p class="navbar-text pull-left">
                Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
            </p>

            <p class="navbar-text pull-right">
                
                <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
                
            </p>
        </div>
    </div>
</div>

<div class="container-fluid">
    <div class="row-fluid">
        <div class="span2">
            <div class="well sidebar-nav">
                <ul class="nav nav-list">
                    <li class="nav-header">Views</li>
                    <li id="popularLi"  class="active"><a href="#/popular">Popular</a></li>
                    <li><a href="#/latest">Latest</a></li>
                    <li><a href="#/carousel">Carousel</a></li>
                    <li><a href="#/archive">Archive</a></li>

                    <li class="nav-header">Website</li>
                    <li><a href="#/about">About</a></li>
                    <li><a href="#/contact">Contact</a></li>

                    <li class="nav-header">Acunetix</li>
                    <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
                    <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
                    <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
                    <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
                </ul>
            </div><!--/.well -->
        </div><!--/span-->
        <div class="span10">
            <div class="row-fluid">
                <div ng-view></div>
            </div><!--/row-->
        </div><!--/span-->
    </div><!--/row-->

    <hr>

    <div class="row-fluid">
        <div class="pull-left" style="font-size: xx-small;" id="refId"></div>
    </div>

    <footer>
        <p class="pull-left">&copy; Acunetix Ltd. 2013</p>
    </footer>

</div><!--/.fluid-container-->


<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
    <form class="modal-body" action="/login" method="POST" id="loginForm">
    <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
        <h3 id="myModalLabel">Login</h3>
    </div>
    <div class="modal-body">
            <div class="control-group">
                <!-- Username -->
                <label class="control-label"  for="username">Username</label>
                <div class="controls">
                    <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
                </div>
            </div>

            <div class="control-group">
                <!-- Password-->
                <label class="control-label" for="password">Password</label>
                <div class="controls">
                    <input type="password" id="password" name="password" placeholder="" class="input-xlarge">
                </div>
            </div>

            <div class="control-group">
                <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
            </div>

    </div>
    <div class="modal-footer">
        <button class="btn btn-primary" id="loginFormSubmit">Login</button>
        <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
    </div>
    </form>
</div>

<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->


<!-- App libs -->

<script src="/static/app/app.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/libs/sessvars.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/post.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/controllers/controllers.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/services/itemsService.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://bxss.s3.amazonaws.com/ad.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->



</body>
</html>
Browser-evaluated body

This is the browser-evaluated body, as a result of the listed transitions.

0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp" class="ng-scope" data-arachni-id="1732833613"><head><script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;

/* arachni_js_namespace_code_start */  /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->




    <meta charset="utf-8">
    <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">

    <!-- Le styles -->
    <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
    <link href="http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic" rel="stylesheet" type="text/css">
    <link href="/static/css/style.css" rel="stylesheet">

    <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">

    <style type="text/css">
        body {
            padding-top: 60px;
            padding-bottom: 40px;
        }
        .sidebar-nav {
            padding: 9px 0;
        }

        @media (max-width: 980px) {
            /* Enable use of floated navbar text */
            .navbar-text.pull-right {
                float: none;
                padding-left: 5px;
                padding-right: 5px;
            }
        }
    </style>
<style type="text/css">@charset "UTF-8";[ng\:cloak],[ng-cloak],[data-ng-cloak],[x-ng-cloak],.ng-cloak,.x-ng-cloak{display:none;}ng\:form{display:block;}</style></head>

<body>

<div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
        <div class="container-fluid">
            <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="brand" href="/" data-arachni-id="1342453504"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a>
            <p class="navbar-text pull-left">
                Vulnerable HTML5 test website for <a href="http://www.acunetix.com" data-arachni-id="-1395254329">Acunetix Web Vulnerability Scanner</a>.
            </p>

            <p class="navbar-text pull-right">
                
                <a href="#myModal" role="button" class="btn" data-toggle="modal" data-arachni-id="73596745">Login</a>
                
            </p>
        </div>
    </div>
</div>

<div class="container-fluid">
    <div class="row-fluid">
        <div class="span2">
            <div class="well sidebar-nav">
                <ul class="nav nav-list">
                    <li class="nav-header">Views</li>
                    <li id="popularLi" class="active"><a href="#/popular" data-arachni-id="1270713017">Popular</a></li>
                    <li><a href="#/latest" data-arachni-id="-2026013785">Latest</a></li>
                    <li><a href="#/carousel" data-arachni-id="67552640">Carousel</a></li>
                    <li><a href="#/archive" data-arachni-id="916551842">Archive</a></li>

                    <li class="nav-header">Website</li>
                    <li><a href="#/about" data-arachni-id="63058797">About</a></li>
                    <li><a href="#/contact" data-arachni-id="-1678787584">Contact</a></li>

                    <li class="nav-header">Acunetix</li>
                    <li><a target="_blank" href="http://www.acunetix.com/" data-arachni-id="-1405978501">Website</a></li>
                    <li><a target="_blank" href="http://www.acunetix.com/blog/" data-arachni-id="2073538">Blog</a></li>
                    <li><a target="_blank" href="http://www.facebook.com/Acunetix" data-arachni-id="561774310">Facebook</a></li>
                    <li><a target="_blank" href="http://www.twitter.com/acunetix/" data-arachni-id="748307027">Twitter</a></li>
                </ul>
            </div><!--/.well -->
        </div><!--/span-->
        <div class="span10">
            <div class="row-fluid">
                <div ng-view=""><div id="loader" class="ng-scope" style="display: none; ">
    Loading ...
    <i class="icon-spinner icon-spin icon-2x pull-left"></i>
</div>
<div data-ng-include="'/static/app/partials/itemsList.html'" class="ng-scope"><div class="row-fluid ng-scope">
    <div class="pull-left">
        <input type="text" placeholder="Filter results" ng-model="searchText" class="ng-pristine ng-valid" data-arachni-id="0">
    </div>

    <div class="pull-right">
        <div ng-show="filter==''">Page
            <span ng-bind-html-unsafe="pageStr" style="font-weight: bold;" class="ng-binding">0</span>
        </div>
    </div>

    <div class="pull-right">
        <div ng-show="filter!=''" style="display: none; ">Filtering for host <b class="ng-binding"></b></div>
    </div>
</div>

<!-- ngRepeat: item in items | filter:filter | filter:searchText --><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
    <div class="well well-small shadow" style="overflow: hidden;">
        <div class="span7"><a ng-href="http://javahacker.com/the-first-javascript-misdirection-contest/" target="_blank" href="http://javahacker.com/the-first-javascript-misdirection-contest/" data-arachni-id="638179893"><img ng-src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png" class="img-rounded" src="/static/scr/24e47eb911c4d9526f32bf4f7db3e47b.png"></a></div>
        <div class="span5 well well-small detailsbox">
            <div class="row-fluid">
                <div class="rating">
                </div>
            </div>

            <div class="row-fluid">
                <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/javahacker.com" class="ng-binding" href="#/all/filter/javahacker.com" data-arachni-id="1120821955">javahacker.com</a></div>
                <div class="muted pull-right" style="padding-bottom: 10px;">
                    <a class="btn btn-mini" ng-href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/like?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
                    <a class="btn btn-mini" ng-href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/comment?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
                    <a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
                </div>
            </div>
            <a ng-href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/" href="#/redir?url=http://javahacker.com/the-first-javascript-misdirection-contest/"><div class="detailsboxTitle ng-binding">The First JavaScript Misdirection Contest : javahacker.com</div></a>

            <hr>

            <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
                <div class=""><b class="ng-binding">4</b> tweets from
                    <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/irsdl" target="_blank" class="ng-binding" href="http://twitter.com/irsdl" data-arachni-id="1932745266">@irsdl</a>
                    </span><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/WisecWisec" target="_blank" class="ng-binding" href="http://twitter.com/WisecWisec" data-arachni-id="1159424928">@WisecWisec</a>
                    </span><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/adam_baldwin" target="_blank" class="ng-binding" href="http://twitter.com/adam_baldwin" data-arachni-id="-575155691">@adam_baldwin</a>
                    </span><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
                    </span>
                </div>
            </div>

            <div class="ng-binding">
                <a ng-href="http://twitter.com/irsdl" target="_blank" href="http://twitter.com/irsdl" data-arachni-id="-1386142063"><b class="ng-binding">@irsdl</b></a><br>
                RT @peterjaric: The winner of the JavaScript Misdirection Contest:
@aymericbeaumet!

Check out all entries at http://t.co/r38tRSqfo3 http:/… <br><br>
            </div>
        </div>
    </div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
    <div class="well well-small shadow" style="overflow: hidden;">
        <div class="span7"><a ng-href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" target="_blank" href="http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" data-arachni-id="-482669131"><img ng-src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png" class="img-rounded" src="/static/scr/3bf174abb37bee6983637c6c2c63c5ac.png"></a></div>
        <div class="span5 well well-small detailsbox">
            <div class="row-fluid">
                <div class="rating">
                </div>
            </div>

            <div class="row-fluid">
                <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/www.wired.com" class="ng-binding" href="#/all/filter/www.wired.com" data-arachni-id="1436533755">www.wired.com</a></div>
                <div class="muted pull-right" style="padding-bottom: 10px;">
                    <a class="btn btn-mini" ng-href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" href="/like?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
                    <a class="btn btn-mini" ng-href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" href="/comment?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
                    <a class="btn btn-mini" ng-href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" href="/report?id=3bf174abb37bee6983637c6c2c63c5ac" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
                </div>
            </div>
            <a ng-href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/" href="#/redir?url=http://www.wired.com/2015/09/campaign-help-surveillance-agents-quit-nsa-gchq/"><div class="detailsboxTitle ng-binding">This New Campaign Wants To Help Surveillance Agents Quit NSA or GCHQ | WIRED</div></a>

            <hr>

            <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
                <div class=""><b class="ng-binding">2</b> tweets from
                    <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/titanous" target="_blank" class="ng-binding" href="http://twitter.com/titanous" data-arachni-id="-1592843519">@titanous</a>
                    </span><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/stefant" target="_blank" class="ng-binding" href="http://twitter.com/stefant" data-arachni-id="-2023154779">@stefant</a>
                    </span>
                </div>
            </div>

            <div class="ng-binding">
                <a ng-href="http://twitter.com/titanous" target="_blank" href="http://twitter.com/titanous" data-arachni-id="2124267712"><b class="ng-binding">@titanous</b></a><br>
                RT @csoghoian: This is excellent. http://t.co/L1YY4g87OI http://t.co/wQ5XsgFYWD <br><br>
            </div>
        </div>
    </div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
    <div class="well well-small shadow" style="overflow: hidden;">
        <div class="span7"><a ng-href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" target="_blank" href="http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" data-arachni-id="-535118315"><img ng-src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png" class="img-rounded" src="/static/scr/b4d50f99db49ff3d7d612a3b5e82b833.png"></a></div>
        <div class="span5 well well-small detailsbox">
            <div class="row-fluid">
                <div class="rating">
                </div>
            </div>

            <div class="row-fluid">
                <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/labs.bromium.com" class="ng-binding" href="#/all/filter/labs.bromium.com" data-arachni-id="5534590">labs.bromium.com</a></div>
                <div class="muted pull-right" style="padding-bottom: 10px;">
                    <a class="btn btn-mini" ng-href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/like?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
                    <a class="btn btn-mini" ng-href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/comment?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
                    <a class="btn btn-mini" ng-href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" href="/report?id=b4d50f99db49ff3d7d612a3b5e82b833" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
                </div>
            </div>
            <a ng-href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/" href="#/redir?url=http://labs.bromium.com/2015/09/28/an-interesting-detail-about-control-flow-guard/"><div class="detailsboxTitle ng-binding">An interesting detail about Control Flow Guard | Bromium Labs</div></a>

            <hr>

            <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
                <div class=""><b class="ng-binding">2</b> tweets from
                    <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" class="ng-binding" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1031551260">@ABazhaniuk</a>
                    </span><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/matrosov" target="_blank" class="ng-binding" href="http://twitter.com/matrosov" data-arachni-id="598024477">@matrosov</a>
                    </span>
                </div>
            </div>

            <div class="ng-binding">
                <a ng-href="http://twitter.com/ABazhaniuk" target="_blank" href="http://twitter.com/ABazhaniuk" data-arachni-id="-1743479005"><b class="ng-binding">@ABazhaniuk</b></a><br>
                RT @ClausHoumann: An interesting detail about Control Flow Guard http://t.co/XIuaRMABnH <br><br>
            </div>
        </div>
    </div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
    <div class="well well-small shadow" style="overflow: hidden;">
        <div class="span7"><a ng-href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" target="_blank" href="http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" data-arachni-id="351646421"><img ng-src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png" class="img-rounded" src="/static/scr/7906144d5b0e85adfdf752593fdc3da6.png"></a></div>
        <div class="span5 well well-small detailsbox">
            <div class="row-fluid">
                <div class="rating">
                </div>
            </div>

            <div class="row-fluid">
                <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/securityaffairs.co" class="ng-binding" href="#/all/filter/securityaffairs.co" data-arachni-id="2114659152">securityaffairs.co</a></div>
                <div class="muted pull-right" style="padding-bottom: 10px;">
                    <a class="btn btn-mini" ng-href="/like?id=7906144d5b0e85adfdf752593fdc3da6" href="/like?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
                    <a class="btn btn-mini" ng-href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" href="/comment?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
                    <a class="btn btn-mini" ng-href="/report?id=7906144d5b0e85adfdf752593fdc3da6" href="/report?id=7906144d5b0e85adfdf752593fdc3da6" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
                </div>
            </div>
            <a ng-href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html" href="#/redir?url=http://securityaffairs.co/wordpress/40584/security/truecrypt-security-flaws.html"><div class="detailsboxTitle ng-binding">Are you still using TrueCrypt? Beware of these 2 critical flaws!Security Affairs</div></a>

            <hr>

            <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
                <div class=""><b class="ng-binding">2</b> tweets from
                    <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/seecurity" target="_blank" class="ng-binding" href="http://twitter.com/seecurity" data-arachni-id="928786497">@seecurity</a>
                    </span><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/stamparm" target="_blank" class="ng-binding" href="http://twitter.com/stamparm" data-arachni-id="1599093753">@stamparm</a>
                    </span>
                </div>
            </div>

            <div class="ng-binding">
                <a ng-href="http://twitter.com/seecurity" target="_blank" href="http://twitter.com/seecurity" data-arachni-id="1187679520"><b class="ng-binding">@seecurity</b></a><br>
                RT @HenkvanRoest: "Are you still using TrueCrypt? Beware of these 2 critical flaws!" http://t.co/gWMlyvog24 #security #feedly <br><br>
            </div>
        </div>
    </div>
</div><div ng-repeat="item in items | filter:filter | filter:searchText" id="itemList" class="ng-scope">
    <div class="well well-small shadow" style="overflow: hidden;">
        <div class="span7"><a ng-href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" target="_blank" href="http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" data-arachni-id="-1241260543"><img ng-src="/static/scr/default.png" class="img-rounded" src="/static/scr/default.png"></a></div>
        <div class="span5 well well-small detailsbox">
            <div class="row-fluid">
                <div class="rating">
                </div>
            </div>

            <div class="row-fluid">
                <div class="muted pull-left" style="padding-bottom: 10px;"><a ng-href="#/all/filter/blog.cobaltstrike.com" class="ng-binding" href="#/all/filter/blog.cobaltstrike.com" data-arachni-id="-1467443516">blog.cobaltstrike.com</a></div>
                <div class="muted pull-right" style="padding-bottom: 10px;">
                    <a class="btn btn-mini" ng-href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/like?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="-466859719"><i class="icon-thumbs-up" title="Like"></i></a>
                    <a class="btn btn-mini" ng-href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/comment?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="611572569"><i class="icon-comment" title="Comment"></i></a>
                    <a class="btn btn-mini" ng-href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" href="/report?id=7ce77381bf656a1c4e1cb3c3b176fe61" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
                </div>
            </div>
            <a ng-href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/" href="#/redir?url=http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/"><div class="detailsboxTitle ng-binding">untitled</div></a>

            <hr>

            <div class="row-fluid" style="margin-top: 15px; margin-bottom: 15px;">
                <div class=""><b class="ng-binding">2</b> tweets from
                    <!-- ngRepeat: user in item.value.users --><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/vegoshin" target="_blank" class="ng-binding" href="http://twitter.com/vegoshin" data-arachni-id="-2016345391">@vegoshin</a>
                    </span><span ng-repeat="user in item.value.users" class="ng-scope">
                        <a ng-href="http://twitter.com/roo7break" target="_blank" class="ng-binding" href="http://twitter.com/roo7break" data-arachni-id="1992343354">@roo7break</a>
                    </span>
                </div>
            </div>

            <div class="ng-binding">
                <a ng-href="http://twitter.com/vegoshin" target="_blank" href="http://twitter.com/vegoshin" data-arachni-id="1858812048"><b class="ng-binding">@vegoshin</b></a><br>
                Advanced Threat Tactics – Course and Notes http://t.co/zx2C8gN6LT <br><br>
            </div>
        </div>
    </div>
</div>

<ul class="pager ng-scope">
    <li><a ng-href="#/popular/page/-1" ng-show="page&gt;0" href="#/popular/page/-1" style="display: none; ">Previous</a></li>
    <li><a ng-href="#/popular/page/1" ng-show="filter==''" href="#/popular/page/1" data-arachni-id="2424595">Next</a></li>
</ul></div></div>
            </div><!--/row-->
        </div><!--/span-->
    </div><!--/row-->

    <hr>

    <div class="row-fluid">
        <div class="pull-left" style="font-size: xx-small;" id="refId">unknown is coming from <b>unknown</b> and has visited this page <b>1</b> times.</div>
    </div>

    <footer>
        <p class="pull-left">© Acunetix Ltd. 2013</p>
    </footer>

</div><!--/.fluid-container-->


<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
    <form class="modal-body ng-pristine ng-valid" action="/login" method="POST" id="loginForm">
    <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
        <h3 id="myModalLabel">Login</h3>
    </div>
    <div class="modal-body">
            <div class="control-group">
                <!-- Username -->
                <label class="control-label" for="username">Username</label>
                <div class="controls">
                    <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
                </div>
            </div>

            <div class="control-group">
                <!-- Password-->
                <label class="control-label" for="password">Password</label>
                <div class="controls">
                    <input type="password" id="password" name="password" placeholder="" class="input-xlarge">
                </div>
            </div>

            <div class="control-group">
                <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
            </div>

    </div>
    <div class="modal-footer">
        <button class="btn btn-primary" id="loginFormSubmit">Login</button>
        <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
    </div>
    </form>
</div>

<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->


<!-- App libs -->

<script src="/static/app/app.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/libs/sessvars.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/post.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script><div class="fb-comments" data-num-posts="4" data-width="470" data-href="http://testhtml5.vulnweb.com/"></div>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/controllers/controllers.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/services/itemsService.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://bxss.s3.amazonaws.com/ad.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script><iframe name="ads_ads_frame" src="http://ads.bxss.me/ad_server.php?zone_id=234&amp;ad_client=723898932&amp;u_h=768&amp;u_w=1024&amp;pn=&amp;ref=&amp;url=http://testhtml5.vulnweb.com/&amp;" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" frameborder="0" height="1" scrolling="no" width="1" style="background-color:#FFFFFF;"></iframe>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->





</body></html>
HTTP response body

This is the original HTTP response body.

0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
<script src="http://javascript.browser.arachni/taint_tracer.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script src="http://javascript.browser.arachni/dom_monitor.js"></script> <!-- Injected by Arachni::Browser::Javascript -->
<script>
/* arachni_js_namespace_initialize_start */ _arachni_js_namespaceTaintTracer.initialize([]) /* arachni_js_namespace_initialize_stop */
window._arachni_js_namespace = true;

/* arachni_js_namespace_code_start */  /* arachni_js_namespace_code_stop */
</script> <!-- Injected by Arachni::Browser::Javascript -->

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
    <meta charset="utf-8">
    <title>SecurityTweets - HTML5 test website for Acunetix Web Vulnerability Scanner</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">

    <!-- Le styles -->
    <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
    <link href='http://fonts.googleapis.com/css?family=Lora:400,700,400italic,700italic' rel='stylesheet' type='text/css'>
    <link href="/static/css/style.css" rel="stylesheet">

    <link rel="icon" type="image/png" href="http://www.acunetix.com/favicon.ico">

    <style type="text/css">
        body {
            padding-top: 60px;
            padding-bottom: 40px;
        }
        .sidebar-nav {
            padding: 9px 0;
        }

        @media (max-width: 980px) {
            /* Enable use of floated navbar text */
            .navbar-text.pull-right {
                float: none;
                padding-left: 5px;
                padding-right: 5px;
            }
        }
    </style>
</head>

<body>

<div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
        <div class="container-fluid">
            <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a>
            <p class="navbar-text pull-left">
                Vulnerable HTML5 test website for <a href="http://www.acunetix.com">Acunetix Web Vulnerability Scanner</a>.
            </p>

            <p class="navbar-text pull-right">
                
                <a href="#myModal" role="button" class="btn" data-toggle="modal">Login</a>
                
            </p>
        </div>
    </div>
</div>

<div class="container-fluid">
    <div class="row-fluid">
        <div class="span2">
            <div class="well sidebar-nav">
                <ul class="nav nav-list">
                    <li class="nav-header">Views</li>
                    <li id="popularLi"  class="active"><a href="#/popular">Popular</a></li>
                    <li><a href="#/latest">Latest</a></li>
                    <li><a href="#/carousel">Carousel</a></li>
                    <li><a href="#/archive">Archive</a></li>

                    <li class="nav-header">Website</li>
                    <li><a href="#/about">About</a></li>
                    <li><a href="#/contact">Contact</a></li>

                    <li class="nav-header">Acunetix</li>
                    <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
                    <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
                    <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
                    <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
                </ul>
            </div><!--/.well -->
        </div><!--/span-->
        <div class="span10">
            <div class="row-fluid">
                <div ng-view></div>
            </div><!--/row-->
        </div><!--/span-->
    </div><!--/row-->

    <hr>

    <div class="row-fluid">
        <div class="pull-left" style="font-size: xx-small;" id="refId"></div>
    </div>

    <footer>
        <p class="pull-left">&copy; Acunetix Ltd. 2013</p>
    </footer>

</div><!--/.fluid-container-->


<!-- Modal -->
<div id="myModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
    <form class="modal-body" action="/login" method="POST" id="loginForm">
    <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">��</button>
        <h3 id="myModalLabel">Login</h3>
    </div>
    <div class="modal-body">
            <div class="control-group">
                <!-- Username -->
                <label class="control-label"  for="username">Username</label>
                <div class="controls">
                    <input type="text" id="username" name="username" placeholder="" class="input-xlarge" value="admin">
                </div>
            </div>

            <div class="control-group">
                <!-- Password-->
                <label class="control-label" for="password">Password</label>
                <div class="controls">
                    <input type="password" id="password" name="password" placeholder="" class="input-xlarge">
                </div>
            </div>

            <div class="control-group">
                <a href="#" class="btn" id="loginFormForgot">Forgot Pwd?</a>
            </div>

    </div>
    <div class="modal-footer">
        <button class="btn btn-primary" id="loginFormSubmit">Login</button>
        <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
    </div>
    </form>
</div>

<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->


<!-- App libs -->

<script src="/static/app/app.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/libs/sessvars.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/post.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/controllers/controllers.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="/static/app/services/itemsService.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->

<script src="http://bxss.s3.amazonaws.com/ad.js">

                // Injected by Arachni::Browser::Javascript
                _arachni_js_namespaceTaintTracer.update_tracers();
                _arachni_js_namespaceDOMMonitor.update_trackers();

</script>
<script type="text/javascript">_arachni_js_namespaceTaintTracer.update_tracers();_arachni_js_namespaceDOMMonitor.update_trackers();</script> <!-- Injected by Arachni::Browser::Javascript -->



</body>
</html>

Cross-Site Scripting (XSS) 3 xss

Client-side scripts are used extensively by modern web applications. They perform from simple functions (such as the formatting of text) up to full manipulation of client-side data and Operating System interaction.

Cross Site Scripting (XSS) allows clients to inject scripts into a request and have the server return the script to the client in the response. This occurs because the application is taking untrusted data (in this example, from the client) and reusing it without performing any validation or sanitisation.

If the injected script is returned immediately this is known as reflected XSS. If the injected script is stored by the server and returned to any client visiting the affected page, then this is known as persistent XSS (also stored XSS).

Arachni has discovered that it is possible to insert script content directly into HTML element content.

Remediation guidance

To remedy XSS vulnerabilities, it is important to never use untrusted or unfiltered data within the code of a HTML page.

Untrusted data can originate not only form the client but potentially a third party or previously uploaded file etc.

Filtering of untrusted data typically involves converting special characters to their HTML entity encoded counterparts (however, other methods do exist, see references). These special characters include:

  • &
  • <
  • >
  • "
  • '
  • /

An example of HTML entity encoding is converting < to &lt;.

Although it is possible to filter untrusted input, there are five locations within an HTML page where untrusted input (even if it has been filtered) should never be placed:

  1. Directly in a script.
  2. Inside an HTML comment.
  3. In an attribute name.
  4. In a tag name.
  5. Directly in CSS.

Each of these locations have their own form of escaping and filtering.

Because many browsers attempt to implement XSS protection, any manual verification of this finding should be conducted using multiple different browsers and browser versions.

Injected seed Proof
</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea>
<some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/>
0
<a class="btn btn-mini" ng-href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" href="/report?id=24e47eb911c4d9526f32bf4f7db3e47b" data-arachni-id="2002938079"><i class="icon-warning-sign" title="Report"></i></a>
Type In Action Default inputs Updated inputs
link http://testhtml5.vulnweb.com/ http://testhtml5.vulnweb.com/report
id
24e47eb911c4d9526f32bf4f7db3e47b
id
24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea>
HTTP request

Raw HTTP request used to retrieve the page.

GET /report?id=24e47eb911c4d9526f32bf4f7db3e47b%3C%2Ftextarea%3E--%3E%3Csome_dangerous_input_88fc8f0ec9141866cb14f3125be901b4%2F%3E%3C%21--%3Ctextarea%3E HTTP/1.1
Host: testhtml5.vulnweb.com
Accept-Encoding: gzip, deflate
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

HTTP response

Raw HTTP response used as the page basis. (Binary bodies will not be displayed.)

HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:37:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/html" data-ng-app="itemsApp">
<head>
    <meta charset="utf-8">
    <title>SecurityTweets</title>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta name="description" content="">
    <meta name="author" content="">

    <!-- Le styles -->
    <link href="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/css/bootstrap-combined.min.css" rel="stylesheet">
    <!--<link href="http://netdna.bootstrapcdn.com/font-awesome/3.0.2/css/font-awesome.css" rel="stylesheet">-->
    <link href='http://fonts.googleapis.com/css?family=Open+Sans:700' rel='stylesheet' type='text/css'>
    <link href="/static/css/style.css" rel="stylesheet">
    <style type="text/css">
        body {
            padding-top: 60px;
            padding-bottom: 40px;
        }
        .sidebar-nav {
            padding: 9px 0;
        }

        @media (max-width: 980px) {
            /* Enable use of floated navbar text */
            .navbar-text.pull-right {
                float: none;
                padding-left: 5px;
                padding-right: 5px;
            }
        }
    </style>
</head>

<body>

<div class="navbar navbar-fixed-top">
    <div class="navbar-inner">
        <div class="container-fluid">
            <button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
                <span class="icon-bar"></span>
            </button>
            <a class="brand" href="/"><img src="/static/img/logo2.png">&nbsp;&nbsp;&nbsp;&nbsp;</a>
            <p class="navbar-text pull-left">
                HTML5 test website for Acunetix Web Vulnerability Scanner.
            </p>
        </div>
    </div>
</div>

<div class="container-fluid">
    <div class="row-fluid">
        <div class="span2">
            <div class="well sidebar-nav">
                <ul class="nav nav-list">
                    <li class="nav-header">Action</li>
                    <li class="active"><a href="#/response">Response</a></li>

                    <li class="nav-header">Acunetix</li>
                    <li><a target="_blank" href="http://www.acunetix.com/">Website</a></li>
                    <li><a target="_blank" href="http://www.acunetix.com/blog/">Blog</a></li>
                    <li><a target="_blank" href="http://www.facebook.com/Acunetix">Facebook</a></li>
                    <li><a target="_blank" href="http://www.twitter.com/acunetix/">Twitter</a></li>
                </ul>
            </div><!--/.well -->
        </div><!--/span-->
        <div class="span10">
            <div class="row-fluid">
                
                Your report was submitted, thanks. <!-- 24e47eb911c4d9526f32bf4f7db3e47b</textarea>--><some_dangerous_input_88fc8f0ec9141866cb14f3125be901b4/><!--<textarea> -->
                
            </div><!--/row-->
        </div><!--/span-->
    </div><!--/row-->

    <hr>

    <footer>
        <p>&copy; Acunetix Ltd. 2013</p>
    </footer>

</div><!--/.fluid-container-->

<!-- Le javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
<script src="http://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.1/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.6/angular.min.js"></script>
<script src="/static/app/app.js"></script>

</body>
</html>
Transitions

Transitions describe the steps required to restore the state of the page, to the one it had when it was processed by the scanner, as a series of events. In essence, each transition represents a user interaction.

# Time Event Element Options
0 1.063490473 load page
URL http://testhtml5.vulnweb.com/
1 0.000726783 request http://testhtml5.vulnweb.com/
2 0.526492435 request http://bxss.s3.amazonaws.com/ad.js
3 0.226042078 request http://testhtml5.vulnweb.com/ajax/popular?offset=0

HTTP request

Raw HTTP request used to retrieve the page.

GET http://testhtml5.vulnweb.com/ HTTP/1.1
User-Agent: Arachni/v1.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Arachni-Browser-Auth: 0e378a6498d4810f4de69f3b0981fa12
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: testhtml5.vulnweb.com
HTTP response

Raw HTTP response used as the page basis. (Binary bodies will not be displayed.)

HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Thu, 01 Oct 2015 14:36:39 GMT
Content