Symantec Data Loss Prevention

Arachni - Web Application Security Scanner Framework v1.1 Author: Tasos "Zapotek" Laskos (With the support of the community and the Arachni Team.) Website: http://arachni-scanner.com Documentation: http://arachni-scanner.com/wiki [~] No element audit options were specified, will audit links, forms, cookies, JSONs and XMLs. [*] Initializing... [*] Preparing plugins... [*] ... done. [~] AutoLogin: System paused. [!] Browser: Spawning PhantomJS... [!] Browser: Attempt #0, chose port number 2023 [!] Browser: Spawning process: /home/amar/work/tools/arachni-1.1-0.5.7/bin/../system/usr/bin/phantomjs [!] Browser: Process spawned, waiting for it to boot-up... [!] Browser: Boot-up complete. [!] Browser: Fontconfig error: Cannot load default config file 2015-05-05T12:09:28 [DEBUG] CookieJar - Created but will not store cookies (use option '--cookies-file=' to enable persisten cookie storage) 2015-05-05T12:09:28 [DEBUG] Phantom - execute: Configuration 2015-05-05T12:09:28 [DEBUG] 0 objectName : "" 2015-05-05T12:09:28 [DEBUG] 1 cookiesFile : "" 2015-05-05T12:09:28 [DEBUG] 2 diskCacheEnabled : "true" 2015-05-05T12:09:28 [DEBUG] 3 maxDiskCacheSize : "-1" 2015-05-05T12:09:28 [DEBUG] 4 ignoreSslErrors : "true" 2015-05-05T12:09:28 [DEBUG] 5 localToRemoteUrlAccessEnabled : "false" 2015-05-05T12:09:28 [DEBUG] 6 outputEncoding : "UTF-8" 2015-05-05T12:09:28 [DEBUG] 7 proxyType : "http" 2015-05-05T12:09:28 [DEBUG] 8 proxy : "127.0.0.1:52640" 2015-05-05T12:09:28 [DEBUG] 9 proxyAuth : ":" 2015-05-05T12:09:28 [DEBUG] 10 scriptEncoding : "UTF-8" 2015-05-05T12:09:28 [DEBUG] 11 webSecurityEnabled : "true" 2015-05-05T12:09:28 [DEBUG] 12 offlineStoragePath : "" 2015-05-05T12:09:28 [DEBUG] 13 offlineStorageDefaultQuota : "-1" 2015-05-05T12:09:28 [DEBUG] 14 printDebugMessages : "true" 2015-05-05T12:09:28 [DEBUG] 15 javascriptCanOpenWindows : "true" 2015-05-05T12:09:28 [DEBUG] 16 javascriptCanCloseWindows : "true" 2015-05-05T12:09:28 [DEBUG] 17 sslProtocol : "sslv3" 2015-05-05T12:09:28 [DEBUG] 18 sslCertificatesPath : "" 2015-05-05T12:09:28 [DEBUG] 19 webdriver : ":2023" 2015-05-05T12:09:28 [DEBUG] 20 webdriverLogFile : "" 2015-05-05T12:09:28 [DEBUG] 21 webdriverLogLevel : "INFO" 2015-05-05T12:09:28 [DEBUG] 22 webdriverSeleniumGridHub : "" 2015-05-05T12:09:28 [DEBUG] Phantom - execute: Script & Arguments 2015-05-05T12:09:28 [DEBUG] script: "main.js" 2015-05-05T12:09:28 [DEBUG] 0 arg: "--ip=" 2015-05-05T12:09:28 [DEBUG] 1 arg: "--port=2023" 2015-05-05T12:09:28 [DEBUG] 2 arg: "--logLevel=INFO" 2015-05-05T12:09:28 [DEBUG] Phantom - execute: Starting Remote WebDriver mode PhantomJS is launching GhostDriver... 2015-05-05T12:09:28 [DEBUG] WebPage - setupFrame "" 2015-05-05T12:09:28 [DEBUG] FileSystem - _open: ":/modules/fs.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:09:28 [DEBUG] FileSystem - _open: ":/modules/system.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:09:28 [DEBUG] FileSystem - _open: ":/modules/webpage.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:09:28 [DEBUG] FileSystem - _open: ":/modules/webserver.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:09:28 [DEBUG] FileSystem - _open: ":/ghostdriver/./hub_register.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:09:28 [DEBUG] FileSystem - _open: ":/ghostdriver/./logger.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:09:28 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/console++.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:09:28 [DEBUG] FileSystem - _open: ":/ghostdriver/./config.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:09:28 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/parseuri.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: "session.js" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: "inputs.js" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: "request_handlers/request_handler.js" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: "request_handlers/status_request_handler.js" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:09:28 [DEBUG] FileSystem - _open: ":/ghostdriver/./errors.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: "request_handlers/shutdown_request_handler.js" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: "request_handlers/session_manager_request_handler.js" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: "request_handlers/session_request_handler.js" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: "request_handlers/webelement_request_handler.js" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: "request_handlers/router_request_handler.js" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: "webelementlocator.js" 2015-05-05T12:09:28 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" [INFO - 2015-05-05T19:09:28.495Z] GhostDriver - Main - running on port 2023 [!] Browser: PhantomJS is ready. [!] Session: Logging in via configuration. [!] Session: Logging in using browser. [!] Session: Grabbing page at: https://myserver/mypath/navigate?menuID=default [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 0 [!] Client: Performer: # [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"User-Agent"=>"Arachni/v1.1", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 0 [!] Client: Performer: # [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-cache,no-store,max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C; Path=/Manager/; Secure; HttpOnly Pragma: No-cache X-Frame-Options: SAMEORIGIN Content-Type: text/html;charset=utf-8 Content-Language: en-US Transfer-Encoding: chunked Date: Wed, 06 May 2015 18:09:12 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Cache-Control"=>"no-cache,no-store,max-age=0", "Expires"=>"Thu, 01 Jan 1970 00:00:00 GMT", "Set-Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C; Path=/Manager/; Secure; HttpOnly", "Pragma"=>"No-cache", "X-Frame-Options"=>"SAMEORIGIN", "Content-Type"=>"text/html;charset=utf-8", "Content-Language"=>"en-US", "Transfer-Encoding"=>"chunked", "Date"=>"Wed, 06 May 2015 18:09:12 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 1 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/yui3/build/cssreset/reset-min.css [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"If-None-Match"=>"W/\"866-1427851526000\"", "If-Modified-Since"=>"Wed, 01 Apr 2015 01:25:26 GMT", "User-Agent"=>"Arachni/v1.1", "Accept"=>"text/css,*/*;q=0.1", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 1 [!] Client: Performer: # [!] Client: Status: 304 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/yui3/build/cssreset/reset-min.css [!] Client: Headers: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Wed, 06 May 2015 19:09:13 GMT Pragma: cache Cache-Control: max-age=3600, must-revalidate ETag: W/"866-1427851526000" Date: Wed, 06 May 2015 18:09:12 GMT [!] Client: Queued request. [!] Client: ID#: 2 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/yui3/build/cssgrids/grids-min.css [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"If-None-Match"=>"W/\"1465-1427851526000\"", "If-Modified-Since"=>"Wed, 01 Apr 2015 01:25:26 GMT", "User-Agent"=>"Arachni/v1.1", "Accept"=>"text/css,*/*;q=0.1", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Wed, 06 May 2015 19:09:13 GMT", "Pragma"=>"cache", "Cache-Control"=>"max-age=3600, must-revalidate", "Etag"=>"W/\"866-1427851526000\"", "Date"=>"Wed, 06 May 2015 18:09:12 GMT"} [!] Client: ------------ [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 2 [!] Client: Performer: # [!] Client: Status: 304 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/yui3/build/cssgrids/grids-min.css [!] Client: Headers: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Wed, 06 May 2015 19:09:13 GMT Pragma: cache Cache-Control: max-age=3600, must-revalidate ETag: W/"1465-1427851526000" Date: Wed, 06 May 2015 18:09:12 GMT [!] Client: Queued request. [!] Client: ID#: 3 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/content.css [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"If-None-Match"=>"W/\"8425-1427851520000\"", "If-Modified-Since"=>"Wed, 01 Apr 2015 01:25:20 GMT", "User-Agent"=>"Arachni/v1.1", "Accept"=>"text/css,*/*;q=0.1", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Wed, 06 May 2015 19:09:13 GMT", "Pragma"=>"cache", "Cache-Control"=>"max-age=3600, must-revalidate", "Etag"=>"W/\"1465-1427851526000\"", "Date"=>"Wed, 06 May 2015 18:09:12 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 4 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/containers.css [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"If-None-Match"=>"W/\"6687-1427851520000\"", "If-Modified-Since"=>"Wed, 01 Apr 2015 01:25:20 GMT", "User-Agent"=>"Arachni/v1.1", "Accept"=>"text/css,*/*;q=0.1", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 3 [!] Client: Performer: # [!] Client: Status: 304 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/content.css [!] Client: Headers: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Wed, 06 May 2015 19:09:13 GMT Pragma: cache Cache-Control: max-age=3600, must-revalidate ETag: W/"8425-1427851520000" Date: Wed, 06 May 2015 18:09:13 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Wed, 06 May 2015 19:09:13 GMT", "Pragma"=>"cache", "Cache-Control"=>"max-age=3600, must-revalidate", "Etag"=>"W/\"8425-1427851520000\"", "Date"=>"Wed, 06 May 2015 18:09:13 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 4 [!] Client: Performer: # [!] Client: Status: 304 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/containers.css [!] Client: Headers: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Wed, 06 May 2015 19:09:13 GMT Pragma: cache Cache-Control: max-age=3600, must-revalidate ETag: W/"6687-1427851520000" Date: Wed, 06 May 2015 18:09:13 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Wed, 06 May 2015 19:09:13 GMT", "Pragma"=>"cache", "Cache-Control"=>"max-age=3600, must-revalidate", "Etag"=>"W/\"6687-1427851520000\"", "Date"=>"Wed, 06 May 2015 18:09:13 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 5 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/layouts.css [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"If-None-Match"=>"W/\"2165-1427851520000\"", "If-Modified-Since"=>"Wed, 01 Apr 2015 01:25:20 GMT", "User-Agent"=>"Arachni/v1.1", "Accept"=>"text/css,*/*;q=0.1", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 6 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/js/jquery/jquery-2.0.3.min.js [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"If-None-Match"=>"W/\"83618-1427851522000\"", "If-Modified-Since"=>"Wed, 01 Apr 2015 01:25:22 GMT", "User-Agent"=>"Arachni/v1.1", "Accept"=>"*/*", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 5 [!] Client: Performer: # [!] Client: Status: 304 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/layouts.css [!] Client: Headers: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Wed, 06 May 2015 19:09:14 GMT Pragma: cache Cache-Control: max-age=3600, must-revalidate ETag: W/"2165-1427851520000" Date: Wed, 06 May 2015 18:09:13 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Wed, 06 May 2015 19:09:14 GMT", "Pragma"=>"cache", "Cache-Control"=>"max-age=3600, must-revalidate", "Etag"=>"W/\"2165-1427851520000\"", "Date"=>"Wed, 06 May 2015 18:09:13 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 7 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/pagecss/Logon.jsp.css [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"If-None-Match"=>"W/\"859-1427851520000\"", "If-Modified-Since"=>"Wed, 01 Apr 2015 01:25:20 GMT", "User-Agent"=>"Arachni/v1.1", "Accept"=>"text/css,*/*;q=0.1", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 6 [!] Client: Performer: # [!] Client: Status: 304 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/js/jquery/jquery-2.0.3.min.js [!] Client: Headers: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Wed, 06 May 2015 19:09:14 GMT Pragma: cache Cache-Control: max-age=3600, must-revalidate ETag: W/"83618-1427851522000" Date: Wed, 06 May 2015 18:09:13 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Wed, 06 May 2015 19:09:14 GMT", "Pragma"=>"cache", "Cache-Control"=>"max-age=3600, must-revalidate", "Etag"=>"W/\"83618-1427851522000\"", "Date"=>"Wed, 06 May 2015 18:09:13 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 7 [!] Client: Performer: # [!] Client: Status: 304 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/pagecss/Logon.jsp.css [!] Client: Headers: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Wed, 06 May 2015 19:09:14 GMT Pragma: cache Cache-Control: max-age=3600, must-revalidate ETag: W/"859-1427851520000" Date: Wed, 06 May 2015 18:09:13 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Wed, 06 May 2015 19:09:14 GMT", "Pragma"=>"cache", "Cache-Control"=>"max-age=3600, must-revalidate", "Etag"=>"W/\"859-1427851520000\"", "Date"=>"Wed, 06 May 2015 18:09:13 GMT"} [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 8 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/js/logon.js [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"If-None-Match"=>"W/\"1381-1427851524000\"", "If-Modified-Since"=>"Wed, 01 Apr 2015 01:25:24 GMT", "User-Agent"=>"Arachni/v1.1", "Accept"=>"*/*", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 9 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/servlet/l10n/css/overrides.css [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"User-Agent"=>"Arachni/v1.1", "Accept"=>"text/css,*/*;q=0.1", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 8 [!] Client: Performer: # [!] Client: Status: 304 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/js/logon.js [!] Client: Headers: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Wed, 06 May 2015 19:09:15 GMT Pragma: cache Cache-Control: max-age=3600, must-revalidate ETag: W/"1381-1427851524000" Date: Wed, 06 May 2015 18:09:15 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Wed, 06 May 2015 19:09:15 GMT", "Pragma"=>"cache", "Cache-Control"=>"max-age=3600, must-revalidate", "Etag"=>"W/\"1381-1427851524000\"", "Date"=>"Wed, 06 May 2015 18:09:15 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ------------ [!] Client: ID#: 10 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/graphics/page-background.png [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"If-None-Match"=>"W/\"3889-1427851520000\"", "If-Modified-Since"=>"Wed, 01 Apr 2015 01:25:20 GMT", "User-Agent"=>"Arachni/v1.1", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Accept"=>"*/*", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: Got response for request ID#: 9 [!] Client: Performer: # [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/servlet/l10n/css/overrides.css [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Cache-Control: no-cache Content-Type: text/css Content-Length: 240 Date: Wed, 06 May 2015 18:09:15 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Thu, 01 Jan 1970 00:00:00 GMT", "Pragma"=>"no-cache", "Cache-Control"=>"no-cache", "Content-Type"=>"text/css", "Content-Length"=>"240", "Date"=>"Wed, 06 May 2015 18:09:15 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 11 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/graphics/general/HL_DLPLogin.png [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"If-None-Match"=>"W/\"21616-1427851520000\"", "If-Modified-Since"=>"Wed, 01 Apr 2015 01:25:20 GMT", "User-Agent"=>"Arachni/v1.1", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Accept"=>"*/*", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 10 [!] Client: Performer: # [!] Client: Status: 304 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/graphics/page-background.png [!] Client: Headers: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Wed, 06 May 2015 19:09:15 GMT Pragma: cache Cache-Control: max-age=3600, must-revalidate ETag: W/"3889-1427851520000" Date: Wed, 06 May 2015 18:09:15 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Wed, 06 May 2015 19:09:15 GMT", "Pragma"=>"cache", "Cache-Control"=>"max-age=3600, must-revalidate", "Etag"=>"W/\"3889-1427851520000\"", "Date"=>"Wed, 06 May 2015 18:09:15 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 11 [!] Client: Performer: # [!] Client: Status: 304 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/graphics/general/HL_DLPLogin.png [!] Client: Headers: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Wed, 06 May 2015 19:09:15 GMT Pragma: cache Cache-Control: max-age=3600, must-revalidate ETag: W/"21616-1427851520000" Date: Wed, 06 May 2015 18:09:15 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Wed, 06 May 2015 19:09:15 GMT", "Pragma"=>"cache", "Cache-Control"=>"max-age=3600, must-revalidate", "Etag"=>"W/\"21616-1427851520000\"", "Date"=>"Wed, 06 May 2015 18:09:15 GMT"} [!] Client: ------------ [!] Session: Got page with URL https://myserver/mypath/navigate?menuID=default [!] Session: Found login form: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] Session: Updated form inputs: {"username"=>"Administrator", "j_username"=>"Administrator", "j_password"=>"mypasswd"} [!] Session: Submitting form. [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 12 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/servlet/l10n/css/overrides.css [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"User-Agent"=>"Arachni/v1.1", "Accept"=>"text/css,*/*;q=0.1", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 12 [!] Client: Performer: # [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/servlet/l10n/css/overrides.css [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Cache-Control: no-cache Content-Type: text/css Content-Length: 240 Date: Wed, 06 May 2015 18:09:26 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Thu, 01 Jan 1970 00:00:00 GMT", "Pragma"=>"no-cache", "Cache-Control"=>"no-cache", "Content-Type"=>"text/css", "Content-Length"=>"240", "Date"=>"Wed, 06 May 2015 18:09:26 GMT"} [!] Client: ------------ [!] Browser: Loaded snapshot by URL: https://myserver/mypath/navigate?menuID=default [!] Browser: fire_event [start]: submit ({:inputs=>{"username"=>"Administrator", "j_username"=>"Administrator", "j_password"=>"mypasswd"}})

[!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 13 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: username=Administrator&j_username=&j_password=mypasswd [!] Client: Headers: {"Origin"=>"https://myserver", "User-Agent"=>"Arachni/v1.1", "Content-Type"=>"application/x-www-form-urlencoded", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Referer"=>"https://myserver/mypath/navigate?menuID=default", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 13 [!] Client: Performer: # [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Pragma: No-cache Cache-Control: no-cache,no-store,max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: text/html;charset=utf-8 Content-Language: en-US Transfer-Encoding: chunked Date: Wed, 06 May 2015 18:09:40 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Pragma"=>"No-cache", "Cache-Control"=>"no-cache,no-store,max-age=0", "Expires"=>"Thu, 01 Jan 1970 00:00:00 GMT", "Content-Type"=>"text/html;charset=utf-8", "Content-Language"=>"en-US", "Transfer-Encoding"=>"chunked", "Date"=>"Wed, 06 May 2015 18:09:40 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 14 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/js/globalDialog.js [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"If-None-Match"=>"W/\"348-1427851522000\"", "If-Modified-Since"=>"Wed, 01 Apr 2015 01:25:22 GMT", "User-Agent"=>"Arachni/v1.1", "Accept"=>"*/*", "Referer"=>"https://myserver/Manager/j_security_check", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 15 [!] Client: Performer: # [!] Client: URL: https://myserver/Manager/servlet/l10n/css/overrides.css [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"User-Agent"=>"Arachni/v1.1", "Accept"=>"text/css,*/*;q=0.1", "Referer"=>"https://myserver/Manager/j_security_check", "Cookie"=>"JSESSIONID=7C99150D9B7239E3B0C0B4255B61FE3C", "Accept-Encoding"=>"gzip", "Accept-Language"=>"en,*", "Host"=>"myserver"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 14 [!] Client: Performer: # [!] Client: Status: 304 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/js/globalDialog.js [!] Client: Headers: HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Wed, 06 May 2015 19:09:41 GMT Pragma: cache Cache-Control: max-age=3600, must-revalidate ETag: W/"348-1427851522000" Date: Wed, 06 May 2015 18:09:40 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Wed, 06 May 2015 19:09:41 GMT", "Pragma"=>"cache", "Cache-Control"=>"max-age=3600, must-revalidate", "Etag"=>"W/\"348-1427851522000\"", "Date"=>"Wed, 06 May 2015 18:09:40 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 15 [!] Client: Performer: # [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/servlet/l10n/css/overrides.css [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 P3P: CP="COM CNT INT CAO CUR ADM OUR IND" Expires: Thu, 01 Jan 1970 00:00:00 GMT Pragma: no-cache Cache-Control: no-cache Content-Type: text/css Content-Length: 240 Date: Wed, 06 May 2015 18:09:40 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "P3p"=>"CP=\"COM CNT INT CAO CUR ADM OUR IND\"", "Expires"=>"Thu, 01 Jan 1970 00:00:00 GMT", "Pragma"=>"no-cache", "Cache-Control"=>"no-cache", "Content-Type"=>"text/css", "Content-Length"=>"240", "Date"=>"Wed, 06 May 2015 18:09:40 GMT"} [!] Client: ------------ [!] Browser: fire_event [waiting for requests]: submit ({:inputs=>{"username"=>"Administrator", "j_username"=>"Administrator", "j_password"=>"mypasswd"}}) [!] Browser: fire_event [done waiting for requests]: submit ({:inputs=>{"username"=>"Administrator", "j_username"=>"Administrator", "j_password"=>"mypasswd"}}) [!] Browser: fire_event [done]: submit ({:inputs=>{"username"=>"Administrator", "j_username"=>"Administrator", "j_password"=>"mypasswd"}}) [!] Session: Form submitted. [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 16 [!] Client: Performer: nil [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C"} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 16 [!] Client: Performer: nil [!] Client: Status: 500 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Headers: HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Pragma: No-cache Cache-Control: no-cache,no-store,max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: text/html;charset=utf-8 Content-Language: en-US Transfer-Encoding: chunked Date: Wed, 06 May 2015 18:09:51 GMT Connection: close [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Pragma"=>"No-cache", "Cache-Control"=>"no-cache,no-store,max-age=0", "Expires"=>"Thu, 01 Jan 1970 00:00:00 GMT", "Content-Type"=>"text/html;charset=utf-8", "Content-Language"=>"en-US", "Transfer-Encoding"=>"chunked", "Date"=>"Wed, 06 May 2015 18:09:51 GMT", "Connection"=>"close"} [!] Client: ------------ [+] AutoLogin: Form submitted successfully. [~] AutoLogin: Cookies set to: [~] AutoLogin: * "JSESSIONID" = "7C99150D9B7239E3B0C0B4255B61FE3C" [*] BrowserCluster: Initializing 6 browsers... [!] BrowserCluster Worker#86888910: Spawning PhantomJS... [!] BrowserCluster Worker#86888910: Attempt #0, chose port number 47189 [!] BrowserCluster Worker#86888910: Spawning process: /home/amar/work/tools/arachni-1.1-0.5.7/bin/../system/usr/bin/phantomjs [!] BrowserCluster Worker#86888910: Process spawned, waiting for it to boot-up... [!] BrowserCluster Worker#86888910: Boot-up complete. [!] BrowserCluster Worker#86888910: Fontconfig error: Cannot load default config file 2015-05-05T12:10:08 [DEBUG] CookieJar - Created but will not store cookies (use option '--cookies-file=' to enable persisten cookie storage) 2015-05-05T12:10:08 [DEBUG] Phantom - execute: Configuration 2015-05-05T12:10:08 [DEBUG] 0 objectName : "" 2015-05-05T12:10:08 [DEBUG] 1 cookiesFile : "" 2015-05-05T12:10:08 [DEBUG] 2 diskCacheEnabled : "true" 2015-05-05T12:10:08 [DEBUG] 3 maxDiskCacheSize : "-1" 2015-05-05T12:10:08 [DEBUG] 4 ignoreSslErrors : "true" 2015-05-05T12:10:08 [DEBUG] 5 localToRemoteUrlAccessEnabled : "false" 2015-05-05T12:10:08 [DEBUG] 6 outputEncoding : "UTF-8" 2015-05-05T12:10:08 [DEBUG] 7 proxyType : "http" 2015-05-05T12:10:08 [DEBUG] 8 proxy : "127.0.0.1:37636" 2015-05-05T12:10:08 [DEBUG] 9 proxyAuth : ":" 2015-05-05T12:10:08 [DEBUG] 10 scriptEncoding : "UTF-8" 2015-05-05T12:10:08 [DEBUG] 11 webSecurityEnabled : "true" 2015-05-05T12:10:08 [DEBUG] 12 offlineStoragePath : "" 2015-05-05T12:10:08 [DEBUG] 13 offlineStorageDefaultQuota : "-1" 2015-05-05T12:10:08 [DEBUG] 14 printDebugMessages : "true" 2015-05-05T12:10:08 [DEBUG] 15 javascriptCanOpenWindows : "true" 2015-05-05T12:10:08 [DEBUG] 16 javascriptCanCloseWindows : "true" 2015-05-05T12:10:08 [DEBUG] 17 sslProtocol : "sslv3" 2015-05-05T12:10:08 [DEBUG] 18 sslCertificatesPath : "" 2015-05-05T12:10:08 [DEBUG] 19 webdriver : ":47189" 2015-05-05T12:10:08 [DEBUG] 20 webdriverLogFile : "" 2015-05-05T12:10:08 [DEBUG] 21 webdriverLogLevel : "INFO" 2015-05-05T12:10:08 [DEBUG] 22 webdriverSeleniumGridHub : "" 2015-05-05T12:10:08 [DEBUG] Phantom - execute: Script & Arguments 2015-05-05T12:10:08 [DEBUG] script: "main.js" 2015-05-05T12:10:08 [DEBUG] 0 arg: "--ip=" 2015-05-05T12:10:08 [DEBUG] 1 arg: "--port=47189" 2015-05-05T12:10:08 [DEBUG] 2 arg: "--logLevel=INFO" 2015-05-05T12:10:08 [DEBUG] Phantom - execute: Starting Remote WebDriver mode PhantomJS is launching GhostDriver... 2015-05-05T12:10:08 [DEBUG] WebPage - setupFrame "" 2015-05-05T12:10:08 [DEBUG] FileSystem - _open: ":/modules/fs.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:08 [DEBUG] FileSystem - _open: ":/modules/system.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:08 [DEBUG] FileSystem - _open: ":/modules/webpage.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:08 [DEBUG] FileSystem - _open: ":/modules/webserver.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:08 [DEBUG] FileSystem - _open: ":/ghostdriver/./hub_register.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:08 [DEBUG] FileSystem - _open: ":/ghostdriver/./logger.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:08 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/console++.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:08 [DEBUG] FileSystem - _open: ":/ghostdriver/./config.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:08 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/parseuri.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: "session.js" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: "inputs.js" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: "request_handlers/request_handler.js" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: "request_handlers/status_request_handler.js" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:08 [DEBUG] FileSystem - _open: ":/ghostdriver/./errors.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: "request_handlers/shutdown_request_handler.js" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: "request_handlers/session_manager_request_handler.js" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: "request_handlers/session_request_handler.js" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: "request_handlers/webelement_request_handler.js" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: "request_handlers/router_request_handler.js" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: "webelementlocator.js" 2015-05-05T12:10:08 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" [INFO - 2015-05-05T19:10:08.843Z] GhostDriver - Main - running on port 47189 [!] BrowserCluster Worker#86888910: PhantomJS is ready. [*] BrowserCluster: Spawned #1 with PID 31690. [!] BrowserCluster Worker#86888910: Spawning PhantomJS... [!] BrowserCluster Worker#86888910: Attempt #0, chose port number 59085 [!] BrowserCluster Worker#86888910: Spawning process: /home/amar/work/tools/arachni-1.1-0.5.7/bin/../system/usr/bin/phantomjs [!] BrowserCluster Worker#86888910: Process spawned, waiting for it to boot-up... [!] BrowserCluster Worker#86888910: Boot-up complete. [!] BrowserCluster Worker#86888910: Fontconfig error: Cannot load default config file 2015-05-05T12:10:09 [DEBUG] CookieJar - Created but will not store cookies (use option '--cookies-file=' to enable persisten cookie storage) 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Configuration 2015-05-05T12:10:09 [DEBUG] 0 objectName : "" 2015-05-05T12:10:09 [DEBUG] 1 cookiesFile : "" 2015-05-05T12:10:09 [DEBUG] 2 diskCacheEnabled : "true" 2015-05-05T12:10:09 [DEBUG] 3 maxDiskCacheSize : "-1" 2015-05-05T12:10:09 [DEBUG] 4 ignoreSslErrors : "true" 2015-05-05T12:10:09 [DEBUG] 5 localToRemoteUrlAccessEnabled : "false" 2015-05-05T12:10:09 [DEBUG] 6 outputEncoding : "UTF-8" 2015-05-05T12:10:09 [DEBUG] 7 proxyType : "http" 2015-05-05T12:10:09 [DEBUG] 8 proxy : "127.0.0.1:4244" 2015-05-05T12:10:09 [DEBUG] 9 proxyAuth : ":" 2015-05-05T12:10:09 [DEBUG] 10 scriptEncoding : "UTF-8" 2015-05-05T12:10:09 [DEBUG] 11 webSecurityEnabled : "true" 2015-05-05T12:10:09 [DEBUG] 12 offlineStoragePath : "" 2015-05-05T12:10:09 [DEBUG] 13 offlineStorageDefaultQuota : "-1" 2015-05-05T12:10:09 [DEBUG] 14 printDebugMessages : "true" 2015-05-05T12:10:09 [DEBUG] 15 javascriptCanOpenWindows : "true" 2015-05-05T12:10:09 [DEBUG] 16 javascriptCanCloseWindows : "true" 2015-05-05T12:10:09 [DEBUG] 17 sslProtocol : "sslv3" 2015-05-05T12:10:09 [DEBUG] 18 sslCertificatesPath : "" 2015-05-05T12:10:09 [DEBUG] 19 webdriver : ":59085" 2015-05-05T12:10:09 [DEBUG] 20 webdriverLogFile : "" 2015-05-05T12:10:09 [DEBUG] 21 webdriverLogLevel : "INFO" 2015-05-05T12:10:09 [DEBUG] 22 webdriverSeleniumGridHub : "" 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Script & Arguments 2015-05-05T12:10:09 [DEBUG] script: "main.js" 2015-05-05T12:10:09 [DEBUG] 0 arg: "--ip=" 2015-05-05T12:10:09 [DEBUG] 1 arg: "--port=59085" 2015-05-05T12:10:09 [DEBUG] 2 arg: "--logLevel=INFO" 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Starting Remote WebDriver mode PhantomJS is launching GhostDriver... 2015-05-05T12:10:09 [DEBUG] WebPage - setupFrame "" 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/fs.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/system.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/webpage.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/webserver.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./hub_register.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./logger.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/console++.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./config.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/parseuri.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "session.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "inputs.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/status_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./errors.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/shutdown_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/session_manager_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/session_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/webelement_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/router_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "webelementlocator.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" [INFO - 2015-05-05T19:10:09.096Z] GhostDriver - Main - running on port 59085 [!] BrowserCluster Worker#86888910: PhantomJS is ready. [*] BrowserCluster: Spawned #2 with PID 31708. [!] BrowserCluster Worker#86888910: Spawning PhantomJS... [!] BrowserCluster Worker#86888910: Attempt #0, chose port number 3750 [!] BrowserCluster Worker#86888910: Spawning process: /home/amar/work/tools/arachni-1.1-0.5.7/bin/../system/usr/bin/phantomjs [!] BrowserCluster Worker#86888910: Process spawned, waiting for it to boot-up... [!] BrowserCluster Worker#86888910: Boot-up complete. [!] BrowserCluster Worker#86888910: Fontconfig error: Cannot load default config file 2015-05-05T12:10:09 [DEBUG] CookieJar - Created but will not store cookies (use option '--cookies-file=' to enable persisten cookie storage) 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Configuration 2015-05-05T12:10:09 [DEBUG] 0 objectName : "" 2015-05-05T12:10:09 [DEBUG] 1 cookiesFile : "" 2015-05-05T12:10:09 [DEBUG] 2 diskCacheEnabled : "true" 2015-05-05T12:10:09 [DEBUG] 3 maxDiskCacheSize : "-1" 2015-05-05T12:10:09 [DEBUG] 4 ignoreSslErrors : "true" 2015-05-05T12:10:09 [DEBUG] 5 localToRemoteUrlAccessEnabled : "false" 2015-05-05T12:10:09 [DEBUG] 6 outputEncoding : "UTF-8" 2015-05-05T12:10:09 [DEBUG] 7 proxyType : "http" 2015-05-05T12:10:09 [DEBUG] 8 proxy : "127.0.0.1:30981" 2015-05-05T12:10:09 [DEBUG] 9 proxyAuth : ":" 2015-05-05T12:10:09 [DEBUG] 10 scriptEncoding : "UTF-8" 2015-05-05T12:10:09 [DEBUG] 11 webSecurityEnabled : "true" 2015-05-05T12:10:09 [DEBUG] 12 offlineStoragePath : "" 2015-05-05T12:10:09 [DEBUG] 13 offlineStorageDefaultQuota : "-1" 2015-05-05T12:10:09 [DEBUG] 14 printDebugMessages : "true" 2015-05-05T12:10:09 [DEBUG] 15 javascriptCanOpenWindows : "true" 2015-05-05T12:10:09 [DEBUG] 16 javascriptCanCloseWindows : "true" 2015-05-05T12:10:09 [DEBUG] 17 sslProtocol : "sslv3" 2015-05-05T12:10:09 [DEBUG] 18 sslCertificatesPath : "" 2015-05-05T12:10:09 [DEBUG] 19 webdriver : ":3750" 2015-05-05T12:10:09 [DEBUG] 20 webdriverLogFile : "" 2015-05-05T12:10:09 [DEBUG] 21 webdriverLogLevel : "INFO" 2015-05-05T12:10:09 [DEBUG] 22 webdriverSeleniumGridHub : "" 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Script & Arguments 2015-05-05T12:10:09 [DEBUG] script: "main.js" 2015-05-05T12:10:09 [DEBUG] 0 arg: "--ip=" 2015-05-05T12:10:09 [DEBUG] 1 arg: "--port=3750" 2015-05-05T12:10:09 [DEBUG] 2 arg: "--logLevel=INFO" 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Starting Remote WebDriver mode PhantomJS is launching GhostDriver... 2015-05-05T12:10:09 [DEBUG] WebPage - setupFrame "" 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/fs.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/system.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/webpage.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/webserver.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./hub_register.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./logger.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/console++.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./config.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/parseuri.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "session.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "inputs.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/status_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./errors.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/shutdown_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/session_manager_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/session_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/webelement_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/router_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "webelementlocator.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" [INFO - 2015-05-05T19:10:09.343Z] GhostDriver - Main - running on port 3750 [!] BrowserCluster Worker#86888910: PhantomJS is ready. [*] BrowserCluster: Spawned #3 with PID 31726. [!] BrowserCluster Worker#86888910: Spawning PhantomJS... [!] BrowserCluster Worker#86888910: Attempt #0, chose port number 34472 [!] BrowserCluster Worker#86888910: Spawning process: /home/amar/work/tools/arachni-1.1-0.5.7/bin/../system/usr/bin/phantomjs [!] BrowserCluster Worker#86888910: Process spawned, waiting for it to boot-up... [!] BrowserCluster Worker#86888910: Boot-up complete. [!] BrowserCluster Worker#86888910: Fontconfig error: Cannot load default config file 2015-05-05T12:10:09 [DEBUG] CookieJar - Created but will not store cookies (use option '--cookies-file=' to enable persisten cookie storage) 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Configuration 2015-05-05T12:10:09 [DEBUG] 0 objectName : "" 2015-05-05T12:10:09 [DEBUG] 1 cookiesFile : "" 2015-05-05T12:10:09 [DEBUG] 2 diskCacheEnabled : "true" 2015-05-05T12:10:09 [DEBUG] 3 maxDiskCacheSize : "-1" 2015-05-05T12:10:09 [DEBUG] 4 ignoreSslErrors : "true" 2015-05-05T12:10:09 [DEBUG] 5 localToRemoteUrlAccessEnabled : "false" 2015-05-05T12:10:09 [DEBUG] 6 outputEncoding : "UTF-8" 2015-05-05T12:10:09 [DEBUG] 7 proxyType : "http" 2015-05-05T12:10:09 [DEBUG] 8 proxy : "127.0.0.1:11752" 2015-05-05T12:10:09 [DEBUG] 9 proxyAuth : ":" 2015-05-05T12:10:09 [DEBUG] 10 scriptEncoding : "UTF-8" 2015-05-05T12:10:09 [DEBUG] 11 webSecurityEnabled : "true" 2015-05-05T12:10:09 [DEBUG] 12 offlineStoragePath : "" 2015-05-05T12:10:09 [DEBUG] 13 offlineStorageDefaultQuota : "-1" 2015-05-05T12:10:09 [DEBUG] 14 printDebugMessages : "true" 2015-05-05T12:10:09 [DEBUG] 15 javascriptCanOpenWindows : "true" 2015-05-05T12:10:09 [DEBUG] 16 javascriptCanCloseWindows : "true" 2015-05-05T12:10:09 [DEBUG] 17 sslProtocol : "sslv3" 2015-05-05T12:10:09 [DEBUG] 18 sslCertificatesPath : "" 2015-05-05T12:10:09 [DEBUG] 19 webdriver : ":34472" 2015-05-05T12:10:09 [DEBUG] 20 webdriverLogFile : "" 2015-05-05T12:10:09 [DEBUG] 21 webdriverLogLevel : "INFO" 2015-05-05T12:10:09 [DEBUG] 22 webdriverSeleniumGridHub : "" 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Script & Arguments 2015-05-05T12:10:09 [DEBUG] script: "main.js" 2015-05-05T12:10:09 [DEBUG] 0 arg: "--ip=" 2015-05-05T12:10:09 [DEBUG] 1 arg: "--port=34472" 2015-05-05T12:10:09 [DEBUG] 2 arg: "--logLevel=INFO" 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Starting Remote WebDriver mode PhantomJS is launching GhostDriver... 2015-05-05T12:10:09 [DEBUG] WebPage - setupFrame "" 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/fs.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/system.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/webpage.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/webserver.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./hub_register.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./logger.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/console++.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./config.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/parseuri.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "session.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "inputs.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/status_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./errors.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/shutdown_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/session_manager_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/session_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/webelement_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/router_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "webelementlocator.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" [INFO - 2015-05-05T19:10:09.592Z] GhostDriver - Main - running on port 34472 [!] BrowserCluster Worker#86888910: PhantomJS is ready. [*] BrowserCluster: Spawned #4 with PID 31744. [!] BrowserCluster Worker#86888910: Spawning PhantomJS... [!] BrowserCluster Worker#86888910: Attempt #0, chose port number 46132 [!] BrowserCluster Worker#86888910: Spawning process: /home/amar/work/tools/arachni-1.1-0.5.7/bin/../system/usr/bin/phantomjs [!] BrowserCluster Worker#86888910: Process spawned, waiting for it to boot-up... [!] BrowserCluster Worker#86888910: Boot-up complete. [!] BrowserCluster Worker#86888910: Fontconfig error: Cannot load default config file 2015-05-05T12:10:09 [DEBUG] CookieJar - Created but will not store cookies (use option '--cookies-file=' to enable persisten cookie storage) 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Configuration 2015-05-05T12:10:09 [DEBUG] 0 objectName : "" 2015-05-05T12:10:09 [DEBUG] 1 cookiesFile : "" 2015-05-05T12:10:09 [DEBUG] 2 diskCacheEnabled : "true" 2015-05-05T12:10:09 [DEBUG] 3 maxDiskCacheSize : "-1" 2015-05-05T12:10:09 [DEBUG] 4 ignoreSslErrors : "true" 2015-05-05T12:10:09 [DEBUG] 5 localToRemoteUrlAccessEnabled : "false" 2015-05-05T12:10:09 [DEBUG] 6 outputEncoding : "UTF-8" 2015-05-05T12:10:09 [DEBUG] 7 proxyType : "http" 2015-05-05T12:10:09 [DEBUG] 8 proxy : "127.0.0.1:1149" 2015-05-05T12:10:09 [DEBUG] 9 proxyAuth : ":" 2015-05-05T12:10:09 [DEBUG] 10 scriptEncoding : "UTF-8" 2015-05-05T12:10:09 [DEBUG] 11 webSecurityEnabled : "true" 2015-05-05T12:10:09 [DEBUG] 12 offlineStoragePath : "" 2015-05-05T12:10:09 [DEBUG] 13 offlineStorageDefaultQuota : "-1" 2015-05-05T12:10:09 [DEBUG] 14 printDebugMessages : "true" 2015-05-05T12:10:09 [DEBUG] 15 javascriptCanOpenWindows : "true" 2015-05-05T12:10:09 [DEBUG] 16 javascriptCanCloseWindows : "true" 2015-05-05T12:10:09 [DEBUG] 17 sslProtocol : "sslv3" 2015-05-05T12:10:09 [DEBUG] 18 sslCertificatesPath : "" 2015-05-05T12:10:09 [DEBUG] 19 webdriver : ":46132" 2015-05-05T12:10:09 [DEBUG] 20 webdriverLogFile : "" 2015-05-05T12:10:09 [DEBUG] 21 webdriverLogLevel : "INFO" 2015-05-05T12:10:09 [DEBUG] 22 webdriverSeleniumGridHub : "" 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Script & Arguments 2015-05-05T12:10:09 [DEBUG] script: "main.js" 2015-05-05T12:10:09 [DEBUG] 0 arg: "--ip=" 2015-05-05T12:10:09 [DEBUG] 1 arg: "--port=46132" 2015-05-05T12:10:09 [DEBUG] 2 arg: "--logLevel=INFO" 2015-05-05T12:10:09 [DEBUG] Phantom - execute: Starting Remote WebDriver mode PhantomJS is launching GhostDriver... 2015-05-05T12:10:09 [DEBUG] WebPage - setupFrame "" 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/fs.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/system.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/webpage.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/modules/webserver.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./hub_register.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./logger.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/console++.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./config.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/parseuri.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "session.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "inputs.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/status_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] FileSystem - _open: ":/ghostdriver/./errors.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/shutdown_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/session_manager_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/session_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/webelement_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "request_handlers/router_request_handler.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: "webelementlocator.js" 2015-05-05T12:10:09 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" [INFO - 2015-05-05T19:10:09.837Z] GhostDriver - Main - running on port 46132 [!] BrowserCluster Worker#86888910: PhantomJS is ready. [*] BrowserCluster: Spawned #5 with PID 31762. [!] BrowserCluster Worker#86888910: Spawning PhantomJS... [!] BrowserCluster Worker#86888910: Attempt #0, chose port number 8959 [!] BrowserCluster Worker#86888910: Spawning process: /home/amar/work/tools/arachni-1.1-0.5.7/bin/../system/usr/bin/phantomjs [!] BrowserCluster Worker#86888910: Process spawned, waiting for it to boot-up... [!] BrowserCluster Worker#86888910: Boot-up complete. [!] BrowserCluster Worker#86888910: Fontconfig error: Cannot load default config file 2015-05-05T12:10:10 [DEBUG] CookieJar - Created but will not store cookies (use option '--cookies-file=' to enable persisten cookie storage) 2015-05-05T12:10:10 [DEBUG] Phantom - execute: Configuration 2015-05-05T12:10:10 [DEBUG] 0 objectName : "" 2015-05-05T12:10:10 [DEBUG] 1 cookiesFile : "" 2015-05-05T12:10:10 [DEBUG] 2 diskCacheEnabled : "true" 2015-05-05T12:10:10 [DEBUG] 3 maxDiskCacheSize : "-1" 2015-05-05T12:10:10 [DEBUG] 4 ignoreSslErrors : "true" 2015-05-05T12:10:10 [DEBUG] 5 localToRemoteUrlAccessEnabled : "false" 2015-05-05T12:10:10 [DEBUG] 6 outputEncoding : "UTF-8" 2015-05-05T12:10:10 [DEBUG] 7 proxyType : "http" 2015-05-05T12:10:10 [DEBUG] 8 proxy : "127.0.0.1:39713" 2015-05-05T12:10:10 [DEBUG] 9 proxyAuth : ":" 2015-05-05T12:10:10 [DEBUG] 10 scriptEncoding : "UTF-8" 2015-05-05T12:10:10 [DEBUG] 11 webSecurityEnabled : "true" 2015-05-05T12:10:10 [DEBUG] 12 offlineStoragePath : "" 2015-05-05T12:10:10 [DEBUG] 13 offlineStorageDefaultQuota : "-1" 2015-05-05T12:10:10 [DEBUG] 14 printDebugMessages : "true" 2015-05-05T12:10:10 [DEBUG] 15 javascriptCanOpenWindows : "true" 2015-05-05T12:10:10 [DEBUG] 16 javascriptCanCloseWindows : "true" 2015-05-05T12:10:10 [DEBUG] 17 sslProtocol : "sslv3" 2015-05-05T12:10:10 [DEBUG] 18 sslCertificatesPath : "" 2015-05-05T12:10:10 [DEBUG] 19 webdriver : ":8959" 2015-05-05T12:10:10 [DEBUG] 20 webdriverLogFile : "" 2015-05-05T12:10:10 [DEBUG] 21 webdriverLogLevel : "INFO" 2015-05-05T12:10:10 [DEBUG] 22 webdriverSeleniumGridHub : "" 2015-05-05T12:10:10 [DEBUG] Phantom - execute: Script & Arguments 2015-05-05T12:10:10 [DEBUG] script: "main.js" 2015-05-05T12:10:10 [DEBUG] 0 arg: "--ip=" 2015-05-05T12:10:10 [DEBUG] 1 arg: "--port=8959" 2015-05-05T12:10:10 [DEBUG] 2 arg: "--logLevel=INFO" 2015-05-05T12:10:10 [DEBUG] Phantom - execute: Starting Remote WebDriver mode PhantomJS is launching GhostDriver... 2015-05-05T12:10:10 [DEBUG] WebPage - setupFrame "" 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/modules/fs.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/modules/system.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/modules/webpage.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/modules/webserver.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./hub_register.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./logger.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/console++.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./config.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/parseuri.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "session.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "inputs.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/status_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./errors.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/shutdown_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/session_manager_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/session_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/webelement_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/router_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "webelementlocator.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" [INFO - 2015-05-05T19:10:10.075Z] GhostDriver - Main - running on port 8959 [!] BrowserCluster Worker#86888910: PhantomJS is ready. [*] BrowserCluster: Spawned #6 with PID 31780. [*] BrowserCluster: Initialization completed with 6 browsers in the pool. [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 17 [!] Client: Performer: # [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 18 [!] Client: Performer: # [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 18 [!] Client: Performer: # [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 17 [!] Client: Performer: # [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 19 [!] Client: Performer: nil [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C"} [!] Client: Train?: false [!] Client: ------------ [*] [HTTP: 200] https://myserver/ [~] Identified as: apache, tomcat, jsp [~] Analysis resulted in 2 usable paths. [~] DOM depth: 0 (Limit: 5) [!] Browser: Spawning PhantomJS... [!] Browser: Attempt #0, chose port number 19734 [!] Browser: Spawning process: /home/amar/work/tools/arachni-1.1-0.5.7/bin/../system/usr/bin/phantomjs [!] Browser: Process spawned, waiting for it to boot-up... [!] Browser: Boot-up complete. [!] Browser: Fontconfig error: Cannot load default config file 2015-05-05T12:10:10 [DEBUG] CookieJar - Created but will not store cookies (use option '--cookies-file=' to enable persisten cookie storage) 2015-05-05T12:10:10 [DEBUG] Phantom - execute: Configuration 2015-05-05T12:10:10 [DEBUG] 0 objectName : "" 2015-05-05T12:10:10 [DEBUG] 1 cookiesFile : "" 2015-05-05T12:10:10 [DEBUG] 2 diskCacheEnabled : "true" 2015-05-05T12:10:10 [DEBUG] 3 maxDiskCacheSize : "-1" 2015-05-05T12:10:10 [DEBUG] 4 ignoreSslErrors : "true" 2015-05-05T12:10:10 [DEBUG] 5 localToRemoteUrlAccessEnabled : "false" 2015-05-05T12:10:10 [DEBUG] 6 outputEncoding : "UTF-8" 2015-05-05T12:10:10 [DEBUG] 7 proxyType : "http" 2015-05-05T12:10:10 [DEBUG] 8 proxy : "127.0.0.1:40630" 2015-05-05T12:10:10 [DEBUG] 9 proxyAuth : ":" 2015-05-05T12:10:10 [DEBUG] 10 scriptEncoding : "UTF-8" 2015-05-05T12:10:10 [DEBUG] 11 webSecurityEnabled : "true" 2015-05-05T12:10:10 [DEBUG] 12 offlineStoragePath : "" 2015-05-05T12:10:10 [DEBUG] 13 offlineStorageDefaultQuota : "-1" 2015-05-05T12:10:10 [DEBUG] 14 printDebugMessages : "true" 2015-05-05T12:10:10 [DEBUG] 15 javascriptCanOpenWindows : "true" 2015-05-05T12:10:10 [DEBUG] 16 javascriptCanCloseWindows : "true" 2015-05-05T12:10:10 [DEBUG] 17 sslProtocol : "sslv3" 2015-05-05T12:10:10 [DEBUG] 18 sslCertificatesPath : "" 2015-05-05T12:10:10 [DEBUG] 19 webdriver : ":19734" 2015-05-05T12:10:10 [DEBUG] 20 webdriverLogFile : "" 2015-05-05T12:10:10 [DEBUG] 21 webdriverLogLevel : "INFO" 2015-05-05T12:10:10 [DEBUG] 22 webdriverSeleniumGridHub : "" 2015-05-05T12:10:10 [DEBUG] Phantom - execute: Script & Arguments 2015-05-05T12:10:10 [DEBUG] script: "main.js" 2015-05-05T12:10:10 [DEBUG] 0 arg: "--ip=" 2015-05-05T12:10:10 [DEBUG] 1 arg: "--port=19734" 2015-05-05T12:10:10 [DEBUG] 2 arg: "--logLevel=INFO" 2015-05-05T12:10:10 [DEBUG] Phantom - execute: Starting Remote WebDriver mode PhantomJS is launching GhostDriver... 2015-05-05T12:10:10 [DEBUG] WebPage - setupFrame "" 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/modules/fs.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/modules/system.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/modules/webpage.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/modules/webserver.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./hub_register.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./logger.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/console++.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./config.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./third_party/parseuri.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "session.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "inputs.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/status_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] FileSystem - _open: ":/ghostdriver/./errors.js" QMap(("mode", QVariant(QString, "r") ) ) 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/shutdown_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/session_manager_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/session_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/webelement_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "request_handlers/router_request_handler.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: "webelementlocator.js" 2015-05-05T12:10:10 [DEBUG] Phantom - injectJs: prepending ":/ghostdriver/" [INFO - 2015-05-05T19:10:10.550Z] GhostDriver - Main - running on port 19734 [!] Browser: PhantomJS is ready. [*] XSS in path: Checking for: https://myserver/ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 20 [!] Client: Performer: nil [!] Client: URL: https://myserver/%3Cmy_tag_6084f136be21a63768e6b49e041de7e5/%3E [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [*] XSS in path: Checking for: https://myserver/>"'> [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 21 [!] Client: Performer: nil [!] Client: URL: https://myserver/%3E%22'%3E%3Cmy_tag_6084f136be21a63768e6b49e041de7e5/%3E [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [*] XSS in path: Checking for: https://myserver/ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 22 [!] Client: Performer: nil [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {""=>""} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [*] XSS in path: Checking for: https://myserver/ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 23 [!] Client: Performer: nil [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {">\"'>"=>""} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [*] XSS in path: Checking for: https://myserver/ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 24 [!] Client: Performer: nil [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {""=>""} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [*] XSS in path: Checking for: https://myserver/ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 25 [!] Client: Performer: nil [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {""=>">\"'>"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 26 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 27 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 28 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 29 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 30 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 31 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 32 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 33 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 34 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 35 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 36 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 37 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 38 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 39 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 40 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 41 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 42 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="JSESSIONID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 43 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="JSESSIONID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 44 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 45 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 46 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 47 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 48 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"} seed="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" affected-input-name="JSESSIONID" affected-input-value="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 49 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 50 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""} seed="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" affected-input-name="JSESSIONID" affected-input-value="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 51 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"} seed="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" affected-input-name="JSESSIONID" affected-input-value="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 52 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>""} seed="" affected-input-name="JSESSIONID" affected-input-value=""> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>""} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3Cscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 53 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3Cscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3Cscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3Cscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3C;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 54 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed=";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3Cscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 55 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3Cscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3Cscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3Cscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3C\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 56 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3Cscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 57 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3Cscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3Cscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3Cscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3C';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 58 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: About to audit: Arachni::Checks::Xss:https://myserver/:cookie:["JSESSIONID"]: [!] XSS: Trainer set to: OFF [!] XSS: [!] XSS: Formatting set to: [!] XSS: | [!] XSS: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: JSESSIONID [!] XSS: |--> Inputs: [!] XSS: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3C" [*] XSS: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 59 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C"} seed="" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: About to audit: Arachni::Checks::Xss:https://myserver/:cookie:["JSESSIONID"]: [!] XSS: Trainer set to: OFF [!] XSS: [!] XSS: Formatting set to: [!] XSS: | [!] XSS: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: JSESSIONID [!] XSS: |--> Inputs: [!] XSS: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3C()\"&%1'-;'" [*] XSS: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 60 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C()\"&%1'-;'"} seed="()\"&%1'-;'" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C()\"&%1'-;'"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C()\"&%1'-;'"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: About to audit: Arachni::Checks::Xss:https://myserver/:cookie:["JSESSIONID"]: [!] XSS: Trainer set to: OFF [!] XSS: [!] XSS: Formatting set to: [!] XSS: | [!] XSS: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: JSESSIONID [!] XSS: |--> Inputs: [!] XSS: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3C--> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML tag: | [!] XSS in HTML tag: |--> Auditing: JSESSIONID [!] XSS in HTML tag: |--> Inputs: [!] XSS in HTML tag: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3C arachni_xss_in_tag=6084f136be21a63768e6b49e041de7e5 blah=" [*] XSS in HTML tag: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 62 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C arachni_xss_in_tag=6084f136be21a63768e6b49e041de7e5 blah="} seed=" arachni_xss_in_tag=6084f136be21a63768e6b49e041de7e5 blah=" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C arachni_xss_in_tag=6084f136be21a63768e6b49e041de7e5 blah="> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C arachni_xss_in_tag=6084f136be21a63768e6b49e041de7e5 blah="} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML tag: About to audit: Arachni::Checks::XssTag:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in HTML tag: Trainer set to: OFF [!] XSS in HTML tag: [!] XSS in HTML tag: Formatting set to: [!] XSS in HTML tag: | [!] XSS in HTML tag: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML tag: | [!] XSS in HTML tag: |--> Auditing: JSESSIONID [!] XSS in HTML tag: |--> Inputs: [!] XSS in HTML tag: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3C' arachni_xss_in_tag='6084f136be21a63768e6b49e041de7e5' blah='" [*] XSS in HTML tag: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 63 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C' arachni_xss_in_tag='6084f136be21a63768e6b49e041de7e5' blah='"} seed="' arachni_xss_in_tag='6084f136be21a63768e6b49e041de7e5' blah='" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C' arachni_xss_in_tag='6084f136be21a63768e6b49e041de7e5' blah='"> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C' arachni_xss_in_tag='6084f136be21a63768e6b49e041de7e5' blah='"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML tag: About to audit: Arachni::Checks::XssTag:https://myserver/:cookie:["JSESSIONID"]: [!] XSS in HTML tag: Trainer set to: OFF [!] XSS in HTML tag: [!] XSS in HTML tag: Formatting set to: [!] XSS in HTML tag: | [!] XSS in HTML tag: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML tag: | [!] XSS in HTML tag: |--> Auditing: JSESSIONID [!] XSS in HTML tag: |--> Inputs: [!] XSS in HTML tag: |----> "JSESSIONID" => "7C99150D9B7239E3B0C0B4255B61FE3C\" arachni_xss_in_tag=\"6084f136be21a63768e6b49e041de7e5\" blah=\"" [*] XSS in HTML tag: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 64 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C\" arachni_xss_in_tag=\"6084f136be21a63768e6b49e041de7e5\" blah=\""} seed="\" arachni_xss_in_tag=\"6084f136be21a63768e6b49e041de7e5\" blah=\"" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C\" arachni_xss_in_tag=\"6084f136be21a63768e6b49e041de7e5\" blah=\""> [!] Client: URL: https://myserver/ [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C\" arachni_xss_in_tag=\"6084f136be21a63768e6b49e041de7e5\" blah=\""} [!] Client: Train?: false [!] Client: ------------ [*] Harvesting HTTP responses... [~] Depending on server responsiveness and network conditions this may take a while. [!] Client: ------------ [!] Client: Got response for request ID#: 20 [!] Client: Performer: nil [!] Client: Status: 404 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/%3Cmy_tag_6084f136be21a63768e6b49e041de7e5/%3E [!] Client: Headers: HTTP/1.1 404 Not Found Server: Apache-Coyote/1.1 Content-Type: text/html Content-Length: 690 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Content-Type"=>"text/html", "Content-Length"=>"690", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 65 [!] Client: Performer: # [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C"} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 66 [!] Client: Performer: # [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C"} [!] Client: Train?: false [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 19 [!] Client: Performer: nil [!] Client: Status: 500 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Headers: HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Pragma: No-cache Cache-Control: no-cache,no-store,max-age=0 Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: text/html;charset=utf-8 Content-Language: en-US Transfer-Encoding: chunked Date: Wed, 06 May 2015 18:09:53 GMT Connection: close [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Pragma"=>"No-cache", "Cache-Control"=>"no-cache,no-store,max-age=0", "Expires"=>"Thu, 01 Jan 1970 00:00:00 GMT", "Content-Type"=>"text/html;charset=utf-8", "Content-Language"=>"en-US", "Transfer-Encoding"=>"chunked", "Date"=>"Wed, 06 May 2015 18:09:53 GMT", "Connection"=>"close"} [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 22 [!] Client: Performer: nil [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/?%3Cmy_tag_6084f136be21a63768e6b49e041de7e5/%3E= [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 23 [!] Client: Performer: nil [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/?%3E%22%27%3E%3Cmy_tag_6084f136be21a63768e6b49e041de7e5/%3E= [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 24 [!] Client: Performer: nil [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/?=%3Cmy_tag_6084f136be21a63768e6b49e041de7e5/%3E [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #26 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 26 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #27 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 27 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #39 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 39 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [!] Client: ------------ [!] Client: Got response for request ID#: 25 [!] Client: Performer: nil [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/?=%3E%22%27%3E%3Cmy_tag_6084f136be21a63768e6b49e041de7e5/%3E [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #28 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 28 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #29 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 29 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #30 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 30 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #31 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 31 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #32 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 32 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #33 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 33 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #34 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 34 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #35 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 35 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #37 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 37 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #36 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 36 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #38 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 38 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #41 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 41 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #42 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 42 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="JSESSIONID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #43 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 43 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="JSESSIONID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #44 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 44 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #45 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 45 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #46 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 46 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #47 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 47 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #48 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 48 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"} seed="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" affected-input-name="JSESSIONID" affected-input-value="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #49 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 49 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #50 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 50 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""} seed="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" affected-input-name="JSESSIONID" affected-input-value="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #51 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 51 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"} seed="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" affected-input-name="JSESSIONID" affected-input-value="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in script context: Analyzing response #52 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 52 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>""} seed="" affected-input-name="JSESSIONID" affected-input-value=""> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in HTML element event attribute: Analyzing response #53 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 53 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3Cscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3Cscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in HTML element event attribute: Analyzing response #54 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 54 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed=";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in HTML element event attribute: Analyzing response #55 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 55 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3Cscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3Cscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in HTML element event attribute: Analyzing response #56 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 56 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in HTML element event attribute: Analyzing response #57 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 57 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3Cscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3Cscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS in HTML element event attribute: Analyzing response #58 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 58 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS: Analyzing response #59 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 59 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C"} seed="" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS: Analyzing response #60 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 60 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C()\"&%1'-;'"} seed="()\"&%1'-;'" affected-input-name="JSESSIONID" affected-input-value="7C99150D9B7239E3B0C0B4255B61FE3C()\"&%1'-;'"> [!] Client: Status: 200 [!] Client: Code: ok [!] Client: Message: No error [!] Client: URL: https://myserver/ [!] Client: Headers: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Accept-Ranges: bytes ETag: W/"306-1427908672419" Last-Modified: Wed, 01 Apr 2015 17:17:52 GMT Content-Type: text/html Content-Length: 306 Date: Wed, 06 May 2015 18:09:53 GMT [!] Client: Parsed headers: {"Server"=>"Apache-Coyote/1.1", "Accept-Ranges"=>"bytes", "Etag"=>"W/\"306-1427908672419\"", "Last-Modified"=>"Wed, 01 Apr 2015 17:17:52 GMT", "Content-Type"=>"text/html", "Content-Length"=>"306", "Date"=>"Wed, 06 May 2015 18:09:53 GMT"} [!] Client: ------------ [*] XSS: Analyzing response #61 for cookie input 'JSESSIONID' pointing to: 'https://myserver/' [!] Client: ------------ [!] Client: Got response for request ID#: 61 [!] Client: Performer: #"7C99150D9B7239E3B0C0B4255B61FE3C"} inputs={"JSESSIONID"=>"7C99150D9B7239E3B0C0B4255B61FE3C--> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 92 [!] Client: Performer: #"default"} inputs={"menuID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="menuID" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 93 [!] Client: Performer: #"default"} inputs={"menuID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="menuID" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 94 [!] Client: Performer: #"default"} inputs={"menuID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" affected-input-name="menuID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 95 [!] Client: Performer: #"default"} inputs={"menuID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" affected-input-name="menuID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 96 [!] Client: Performer: #"default"} inputs={"menuID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" affected-input-name="menuID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 97 [!] Client: Performer: #"default"} inputs={"menuID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" affected-input-name="menuID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 98 [!] Client: Performer: #"default"} inputs={"menuID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" affected-input-name="menuID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 99 [!] Client: Performer: #"default"} inputs={"menuID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" affected-input-name="menuID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 100 [!] Client: Performer: #"default"} inputs={"menuID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" affected-input-name="menuID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 101 [!] Client: Performer: #"default"} inputs={"menuID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" affected-input-name="menuID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 102 [!] Client: Performer: #"default"} inputs={"menuID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="menuID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 103 [!] Client: Performer: #"default"} inputs={"menuID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="menuID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 104 [!] Client: Performer: #"default"} inputs={"menuID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="menuID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 105 [!] Client: Performer: #"default"} inputs={"menuID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="menuID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 106 [!] Client: Performer: #"default"} inputs={"menuID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="menuID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 107 [!] Client: Performer: #"default"} inputs={"menuID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="menuID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 108 [!] Client: Performer: #"default"} inputs={"menuID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="menuID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 109 [!] Client: Performer: #"default"} inputs={"menuID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="menuID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 110 [!] Client: Performer: #"default"} inputs={"menuID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="menuID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 111 [!] Client: Performer: #"default"} inputs={"menuID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="menuID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 112 [!] Client: Performer: #"default"} inputs={"menuID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="menuID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 113 [!] Client: Performer: #"default"} inputs={"menuID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="menuID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 114 [!] Client: Performer: #"default"} inputs={"menuID"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"} seed="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" affected-input-name="menuID" affected-input-value="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 115 [!] Client: Performer: #"default"} inputs={"menuID"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="menuID" affected-input-value="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 116 [!] Client: Performer: #"default"} inputs={"menuID"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""} seed="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" affected-input-name="menuID" affected-input-value="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 117 [!] Client: Performer: #"default"} inputs={"menuID"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"} seed="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" affected-input-name="menuID" affected-input-value="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: menuID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "menuID" => "" [*] XSS in script context: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 118 [!] Client: Performer: #"default"} inputs={"menuID"=>""} seed="" affected-input-name="menuID" affected-input-value=""> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>""} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 119 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="username" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 120 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_password"=>"5543!%arachni_secret"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="j_username" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 121 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="j_password" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [*] XSS in script context: Submitting form with original values for username, j_username, j_password at 'https://myserver/Manager/j_security_check'. [!] XSS in script context: Submitting form with default or sample values, overriding trainer option. [!] XSS in script context: Trainer set to: ON [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 122 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"", "j_username"=>"", "j_password"=>""} seed=nil affected-input-name="__original_values__" affected-input-value=""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"", "j_username"=>"", "j_password"=>""} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: true [!] Client: ------------ [*] XSS in script context: Submitting form with sample values for username, j_username, j_password at 'https://myserver/Manager/j_security_check'. [!] XSS in script context: Submitting form with default or sample values, overriding trainer option. [!] XSS in script context: Trainer set to: ON [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 123 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed=nil affected-input-name="__sample_values__" affected-input-value=""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: true [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 124 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="username" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 125 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_password"=>"5543!%arachni_secret"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="j_username" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 126 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="j_password" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 127 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" affected-input-name="username" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 128 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'", "j_password"=>"5543!%arachni_secret"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" affected-input-name="j_username" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 129 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" affected-input-name="j_password" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 130 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" affected-input-name="username" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 131 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//", "j_password"=>"5543!%arachni_secret"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" affected-input-name="j_username" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 132 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" affected-input-name="j_password" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 133 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" affected-input-name="username" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 134 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'", "j_password"=>"5543!%arachni_secret"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" affected-input-name="j_username" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 135 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" affected-input-name="j_password" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 136 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" affected-input-name="username" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 137 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//", "j_password"=>"5543!%arachni_secret"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" affected-input-name="j_username" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 138 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" affected-input-name="j_password" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 139 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" affected-input-name="username" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 140 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"", "j_password"=>"5543!%arachni_secret"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" affected-input-name="j_username" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 141 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" affected-input-name="j_password" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 142 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" affected-input-name="username" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 143 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//", "j_password"=>"5543!%arachni_secret"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" affected-input-name="j_username" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 144 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" affected-input-name="j_password" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 145 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" affected-input-name="username" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 146 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"", "j_password"=>"5543!%arachni_secret"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" affected-input-name="j_username" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 147 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" affected-input-name="j_password" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 148 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" affected-input-name="username" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 149 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//", "j_password"=>"5543!%arachni_secret"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" affected-input-name="j_username" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 150 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" affected-input-name="j_password" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 151 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="username" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 152 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_password"=>"5543!%arachni_secret"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="j_username" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 153 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="j_password" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 154 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="username" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 155 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_password"=>"5543!%arachni_secret"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="j_username" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 156 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="j_password" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 157 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="username" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 158 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_password"=>"5543!%arachni_secret"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="j_username" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 159 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="j_password" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 160 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="username" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 161 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_password"=>"5543!%arachni_secret"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="j_username" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 162 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="j_password" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 163 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="username" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 164 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_password"=>"5543!%arachni_secret"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="j_username" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 165 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="j_password" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 166 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="username" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 167 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_password"=>"5543!%arachni_secret"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="j_username" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 168 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="j_password" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 169 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="username" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 170 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_password"=>"5543!%arachni_secret"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="j_username" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 171 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="j_password" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 172 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="username" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 173 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_password"=>"5543!%arachni_secret"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="j_username" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 174 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="j_password" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 175 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="username" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 176 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_password"=>"5543!%arachni_secret"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="j_username" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 177 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="j_password" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 178 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="username" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 179 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_password"=>"5543!%arachni_secret"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="j_username" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 180 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="j_password" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 181 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="username" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 182 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_password"=>"5543!%arachni_secret"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="j_username" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 183 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="j_password" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 184 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="username" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 185 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_password"=>"5543!%arachni_secret"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="j_username" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 186 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="j_password" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 187 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" affected-input-name="username" affected-input-value="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 188 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*", "j_password"=>"5543!%arachni_secret"} seed="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" affected-input-name="j_username" affected-input-value="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 189 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"} seed="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" affected-input-name="j_password" affected-input-value="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 190 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="username" affected-input-value="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 191 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_password"=>"5543!%arachni_secret"} seed="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="j_username" affected-input-value="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 192 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="j_password" affected-input-value="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 193 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" affected-input-name="username" affected-input-value="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 194 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"", "j_password"=>"5543!%arachni_secret"} seed="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" affected-input-name="j_username" affected-input-value="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 195 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""} seed="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" affected-input-name="j_password" affected-input-value="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 196 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" affected-input-name="username" affected-input-value="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 197 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'", "j_password"=>"5543!%arachni_secret"} seed="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" affected-input-name="j_username" affected-input-value="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 198 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"} seed="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" affected-input-name="j_password" affected-input-value="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 199 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="" affected-input-name="username" affected-input-value=""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_username [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "" [!] XSS in script context: |----> "j_password" => "5543!%arachni_secret" [*] XSS in script context: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 200 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"", "j_password"=>"5543!%arachni_secret"} seed="" affected-input-name="j_username" affected-input-value=""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: | [!] XSS in script context: |--> Auditing: j_password [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "username" => "arachni_name" [!] XSS in script context: |----> "j_username" => "arachni_name" [!] XSS in script context: |----> "j_password" => "" [*] XSS in script context: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 201 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>""} seed="" affected-input-name="j_password" affected-input-value=""> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>""} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in script context: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 202 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 203 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value="javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"javascript:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 204 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 205 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()'//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 206 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 207 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"} seed="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//" affected-input-name="JSESSIONID" affected-input-value="';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"';window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();'//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 208 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\""} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 209 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()\"//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 210 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\""} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 211 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"} seed="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//" affected-input-name="JSESSIONID" affected-input-value="\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"\";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();\"//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 212 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 213 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 214 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => ";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 215 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="JSESSIONID" affected-input-value=";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>";window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 216 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 217 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 218 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="JSESSIONID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 219 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="JSESSIONID" affected-input-value="1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 220 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 221 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 222 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 223 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} seed="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//" affected-input-name="JSESSIONID" affected-input-value="1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"1;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink();//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 224 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"} seed="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*" affected-input-name="JSESSIONID" affected-input-value="*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"*/;\nwindow.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()/*"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 225 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} seed="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()" affected-input-name="JSESSIONID" affected-input-value="window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink()"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 226 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""} seed="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\"" affected-input-name="JSESSIONID" affected-input-value="\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"\",x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:\""} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 227 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"} seed="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'" affected-input-name="JSESSIONID" affected-input-value="',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"',x:window.top._arachni_js_namespace_taint_tracer.log_execution_flow_sink(),y:'"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in script context: About to audit: Arachni::Checks::XssScriptContext:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in script context: Trainer set to: OFF [!] XSS in script context: [!] XSS in script context: Formatting set to: [!] XSS in script context: | [!] XSS in script context: |----> Straight, leave as is (Format::STRAIGHT [1]). [Format mask: 1] [!] XSS in script context: | [!] XSS in script context: |--> Auditing: JSESSIONID [!] XSS in script context: |--> Inputs: [!] XSS in script context: |----> "JSESSIONID" => "" [*] XSS in script context: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 228 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>""} seed="" affected-input-name="JSESSIONID" affected-input-value=""> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>""} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: menuID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "menuID" => "defaultscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 229 [!] Client: Performer: #"default"} inputs={"menuID"=>"defaultscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="menuID" affected-input-value="defaultscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"defaultscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: menuID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "menuID" => "default;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 230 [!] Client: Performer: #"default"} inputs={"menuID"=>"default;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed=";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="menuID" affected-input-value="default;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"default;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: menuID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "menuID" => "defaultscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 231 [!] Client: Performer: #"default"} inputs={"menuID"=>"defaultscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="menuID" affected-input-value="defaultscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"defaultscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: menuID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "menuID" => "default\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 232 [!] Client: Performer: #"default"} inputs={"menuID"=>"default\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="menuID" affected-input-value="default\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"default\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: menuID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "menuID" => "defaultscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 233 [!] Client: Performer: #"default"} inputs={"menuID"=>"defaultscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="menuID" affected-input-value="defaultscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"defaultscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: menuID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "menuID" => "default';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 234 [!] Client: Performer: #"default"} inputs={"menuID"=>"default';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="menuID" affected-input-value="default';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"default';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_namescript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 235 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_namescript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="script:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="username" affected-input-value="arachni_namescript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_namescript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_namescript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 236 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_namescript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} seed="script:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_username" affected-input-value="arachni_namescript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_namescript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_password [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secretscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 237 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secretscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_password" affected-input-value="5543!%arachni_secretscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secretscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 238 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed=";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="username" affected-input-value="arachni_name;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 239 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} seed=";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_username" affected-input-value="arachni_name;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_password [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 240 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed=";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_password" affected-input-value="5543!%arachni_secret;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_namescript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 241 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_namescript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="script:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="username" affected-input-value="arachni_namescript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_namescript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_namescript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 242 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_namescript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} seed="script:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_username" affected-input-value="arachni_namescript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_namescript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_password [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secretscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 243 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secretscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_password" affected-input-value="5543!%arachni_secretscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secretscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 244 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="username" affected-input-value="arachni_name\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 245 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} seed="\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_username" affected-input-value="arachni_name\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_password [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 246 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_password" affected-input-value="5543!%arachni_secret\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_namescript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 247 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_namescript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="script:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="username" affected-input-value="arachni_namescript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_namescript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_namescript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 248 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_namescript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} seed="script:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_username" affected-input-value="arachni_namescript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_namescript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_password [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secretscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 249 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secretscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_password" affected-input-value="5543!%arachni_secretscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secretscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 250 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="username" affected-input-value="arachni_name';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_username [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret" [*] XSS in HTML element event attribute: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 251 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} seed="';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_username" affected-input-value="arachni_name';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: j_password [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_username" => "arachni_name" [!] XSS in HTML element event attribute: |----> "j_password" => "5543!%arachni_secret';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 252 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="j_password" affected-input-value="5543!%arachni_secret';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS in HTML element event attribute: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "95C73408E32EFF76D40D62F3A7F1FC8Bscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 253 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8Bscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="95C73408E32EFF76D40D62F3A7F1FC8Bscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8Bscript:;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "95C73408E32EFF76D40D62F3A7F1FC8B;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 254 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed=";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="95C73408E32EFF76D40D62F3A7F1FC8B;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B;arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "95C73408E32EFF76D40D62F3A7F1FC8Bscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 255 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8Bscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="95C73408E32EFF76D40D62F3A7F1FC8Bscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8Bscript:\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "95C73408E32EFF76D40D62F3A7F1FC8B\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 256 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="95C73408E32EFF76D40D62F3A7F1FC8B\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B\";arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "95C73408E32EFF76D40D62F3A7F1FC8Bscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 257 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8Bscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="script:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="95C73408E32EFF76D40D62F3A7F1FC8Bscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8Bscript:';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS in HTML element event attribute: About to audit: Arachni::Checks::XssEvent:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS in HTML element event attribute: Trainer set to: OFF [!] XSS in HTML element event attribute: [!] XSS in HTML element event attribute: Formatting set to: [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS in HTML element event attribute: | [!] XSS in HTML element event attribute: |--> Auditing: JSESSIONID [!] XSS in HTML element event attribute: |--> Inputs: [!] XSS in HTML element event attribute: |----> "JSESSIONID" => "95C73408E32EFF76D40D62F3A7F1FC8B';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" [*] XSS in HTML element event attribute: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 258 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} seed="';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//" affected-input-name="JSESSIONID" affected-input-value="95C73408E32EFF76D40D62F3A7F1FC8B';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B';arachni_xss_in_element_event=6084f136be21a63768e6b49e041de7e5//"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: About to audit: Arachni::Checks::Xss:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS: Trainer set to: OFF [!] XSS: [!] XSS: Formatting set to: [!] XSS: | [!] XSS: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: menuID [!] XSS: |--> Inputs: [!] XSS: |----> "menuID" => "default" [*] XSS: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 259 [!] Client: Performer: #"default"} inputs={"menuID"=>"default"} seed="" affected-input-name="menuID" affected-input-value="default"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"default"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: About to audit: Arachni::Checks::Xss:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS: Trainer set to: OFF [!] XSS: [!] XSS: Formatting set to: [!] XSS: | [!] XSS: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: menuID [!] XSS: |--> Inputs: [!] XSS: |----> "menuID" => "default()\"&%1'-;'" [*] XSS: Auditing link input 'menuID' pointing to: 'https://myserver/mypath/navigate' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 260 [!] Client: Performer: #"default"} inputs={"menuID"=>"default()\"&%1'-;'"} seed="()\"&%1'-;'" affected-input-name="menuID" affected-input-value="default()\"&%1'-;'"> [!] Client: URL: https://myserver/mypath/navigate [!] Client: Method: get [!] Client: Params: {"menuID"=>"default()\"&%1'-;'"} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: About to audit: Arachni::Checks::Xss:https://myserver/mypath/navigate:link:["menuID"]: [!] XSS: Trainer set to: OFF [!] XSS: [!] XSS: Formatting set to: [!] XSS: | [!] XSS: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: menuID [!] XSS: |--> Inputs: [!] XSS: |----> "menuID" => "default--> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: username [!] XSS: |--> Inputs: [!] XSS: |----> "username" => "arachni_name" [!] XSS: |----> "j_username" => "arachni_name" [!] XSS: |----> "j_password" => "5543!%arachni_secret" [*] XSS: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 262 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="" affected-input-name="username" affected-input-value="arachni_name"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: | [!] XSS: |--> Auditing: j_username [!] XSS: |--> Inputs: [!] XSS: |----> "username" => "arachni_name" [!] XSS: |----> "j_username" => "arachni_name" [!] XSS: |----> "j_password" => "5543!%arachni_secret" [*] XSS: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 263 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="" affected-input-name="j_username" affected-input-value="arachni_name"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: | [!] XSS: |--> Auditing: j_password [!] XSS: |--> Inputs: [!] XSS: |----> "username" => "arachni_name" [!] XSS: |----> "j_username" => "arachni_name" [!] XSS: |----> "j_password" => "5543!%arachni_secret" [*] XSS: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 264 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="" affected-input-name="j_password" affected-input-value="5543!%arachni_secret"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS: About to audit: Arachni::Checks::Xss:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS: Trainer set to: OFF [!] XSS: [!] XSS: Formatting set to: [!] XSS: | [!] XSS: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: username [!] XSS: |--> Inputs: [!] XSS: |----> "username" => "arachni_name()\"&%1'-;'" [!] XSS: |----> "j_username" => "arachni_name" [!] XSS: |----> "j_password" => "5543!%arachni_secret" [*] XSS: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 265 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name()\"&%1'-;'", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} seed="()\"&%1'-;'" affected-input-name="username" affected-input-value="arachni_name()\"&%1'-;'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name()\"&%1'-;'", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: | [!] XSS: |--> Auditing: j_username [!] XSS: |--> Inputs: [!] XSS: |----> "username" => "arachni_name" [!] XSS: |----> "j_username" => "arachni_name()\"&%1'-;'" [!] XSS: |----> "j_password" => "5543!%arachni_secret" [*] XSS: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 266 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name()\"&%1'-;'", "j_password"=>"5543!%arachni_secret"} seed="()\"&%1'-;'" affected-input-name="j_username" affected-input-value="arachni_name()\"&%1'-;'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name()\"&%1'-;'", "j_password"=>"5543!%arachni_secret"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: | [!] XSS: |--> Auditing: j_password [!] XSS: |--> Inputs: [!] XSS: |----> "username" => "arachni_name" [!] XSS: |----> "j_username" => "arachni_name" [!] XSS: |----> "j_password" => "5543!%arachni_secret()\"&%1'-;'" [*] XSS: Auditing form input 'j_password' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 267 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret()\"&%1'-;'"} seed="()\"&%1'-;'" affected-input-name="j_password" affected-input-value="5543!%arachni_secret()\"&%1'-;'"> [!] Client: URL: https://myserver/Manager/j_security_check [!] Client: Method: post [!] Client: Params: {} [!] Client: Body: {"username"=>"arachni_name", "j_username"=>"arachni_name", "j_password"=>"5543!%arachni_secret()\"&%1'-;'"} [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", ""], ["j_username", ""], ["username", ""]] [!] XSS: Self's #skip? method returned true for mutation, skipping: form:post:https://myserver/Manager/j_security_check:[["j_password", "5543!%arachni_secret"], ["j_username", "arachni_name"], ["username", "arachni_name"]] [!] XSS: About to audit: Arachni::Checks::Xss:https://myserver/Manager/j_security_check:form:["j_password", "j_username", "username"]: [!] XSS: Trainer set to: OFF [!] XSS: [!] XSS: Formatting set to: [!] XSS: | [!] XSS: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: username [!] XSS: |--> Inputs: [!] XSS: |----> "username" => "arachni_name--> "j_username" => "arachni_name" [!] XSS: |----> "j_password" => "5543!%arachni_secret" [*] XSS: Auditing form input 'username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 268 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name--> Auditing: j_username [!] XSS: |--> Inputs: [!] XSS: |----> "username" => "arachni_name" [!] XSS: |----> "j_username" => "arachni_name--> "j_password" => "5543!%arachni_secret" [*] XSS: Auditing form input 'j_username' pointing to: 'https://myserver/Manager/j_security_check' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 269 [!] Client: Performer: #"", "j_username"=>"", "j_password"=>""} inputs={"username"=>"arachni_name", "j_username"=>"arachni_name--> Auditing: j_password [!] XSS: |--> Inputs: [!] XSS: |----> "username" => "arachni_name" [!] XSS: |----> "j_username" => "arachni_name" [!] XSS: |----> "j_password" => "5543!%arachni_secret--> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: JSESSIONID [!] XSS: |--> Inputs: [!] XSS: |----> "JSESSIONID" => "95C73408E32EFF76D40D62F3A7F1FC8B" [*] XSS: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 271 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} seed="" affected-input-name="JSESSIONID" affected-input-value="95C73408E32EFF76D40D62F3A7F1FC8B"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: About to audit: Arachni::Checks::Xss:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS: Trainer set to: OFF [!] XSS: [!] XSS: Formatting set to: [!] XSS: | [!] XSS: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: JSESSIONID [!] XSS: |--> Inputs: [!] XSS: |----> "JSESSIONID" => "95C73408E32EFF76D40D62F3A7F1FC8B()\"&%1'-;'" [*] XSS: Auditing cookie input 'JSESSIONID' pointing to: 'https://myserver/mypath/navigate?menuID=default' [!] Client: ------------ [!] Client: Queued request. [!] Client: ID#: 272 [!] Client: Performer: #"95C73408E32EFF76D40D62F3A7F1FC8B"} inputs={"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B()\"&%1'-;'"} seed="()\"&%1'-;'" affected-input-name="JSESSIONID" affected-input-value="95C73408E32EFF76D40D62F3A7F1FC8B()\"&%1'-;'"> [!] Client: URL: https://myserver/mypath/navigate?menuID=default [!] Client: Method: get [!] Client: Params: {} [!] Client: Body: [!] Client: Headers: {"Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "User-Agent"=>"Arachni/v1.1"} [!] Client: Cookies: {"JSESSIONID"=>"95C73408E32EFF76D40D62F3A7F1FC8B()\"&%1'-;'"} [!] Client: Train?: false [!] Client: ------------ [!] XSS: About to audit: Arachni::Checks::Xss:https://myserver/mypath/navigate?menuID=default:cookie:["JSESSIONID"]: [!] XSS: Trainer set to: OFF [!] XSS: [!] XSS: Formatting set to: [!] XSS: | [!] XSS: |----> Append to default value (Format::APPEND [2]). [Format mask: 2] [!] XSS: | [!] XSS: |--> Auditing: JSESSIONID [!] XSS: |--> Inputs: [!] XSS: |----> "JSESSIONID" => "95C73408E32EFF76D40D62F3A7F1FC8B-->