REPORT

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

GET http://www.vulnweb.com HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 4018
Last-Modified: Tue, 28 Jul 2020 09:20:49 GMT
Connection: keep-alive
ETag: "5f1fedf1-fb2"
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Acunetix Web Vulnerability Scanner - Test websites</title>
<style type="text/css">
<!--
@import url("style.css");
-->
</style>
</head>
<body>
<center>
<br>
<a href='https://www.acunetix.com/'><img src='acunetix-logo.png' border='0' alt="Acunetix website security"></a><br><br>
<div>Vulnerable test websites for <a href='https://www.acunetix.com/vulnerability-scanner/'>Acunetix Web Vulnerability Scanner</a>.</div>
<table id="one-column-emphasis" summary="Acunetix test websites" style="width:60%">
<colgroup>
<col>
</colgroup>
<thead>
<tr style="font-size:14px">
<th scope="col"><b>Name</b></th>
<th scope="col"><b>URL</b></th>
<th scope="col"><b>Technologies</b></th>
<th scope="col"><b>Resources</b></th>
</tr>
</thead>
<tbody>
<tr style="font-size:14px">
<td>SecurityTweets</td>
<td><a href='http://testhtml5.vulnweb.com/'>http://testhtml5.vulnweb.com</a></td>
<td>nginx, Python, Flask, CouchDB</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/html5-website-security/'>Review</a> Acunetix HTML5 scanner or <a href='https://www.acunetix.com/vulnerability-scanner/crawling-html5-javascript-websites/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuart</td>
<td><a href='http://testphp.vulnweb.com/'>http://testphp.vulnweb.com</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/php-security-scanner/'>Review</a> Acunetix PHP scanner or <a href='https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuforum</td>
<td><a href='http://testasp.vulnweb.com/'>http://testasp.vulnweb.com</a></td>
<td>IIS, ASP, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/sql-injection/'>Review</a> Acunetix SQL scanner or <a href='https://www.acunetix.com/websitesecurity/sql-injection/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acublog</td>
<td><a href='http://testaspnet.vulnweb.com/'>http://testaspnet.vulnweb.com</a></td>
<td>IIS, ASP.NET, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/'>Review</a> Acunetix network scanner or <a href='https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>REST API</td>
<td><a href='http://rest.vulnweb.com/'>http://rest.vulnweb.com/</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>Review</a> Acunetix scanner or <a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>learn more</a> on the topic.</td>
</tr>
</tbody>
</table>
<div style="background-color:lightgray;width:60%;text-align:center;font-size:14px">
<p style="padding-left:140px;padding-right:140px"><b>Warning</b>: This site hosts intentionally vulnerable web applications. You can use these applications to understand how programming and configuration errors lead to security breaches. We created the site to help you test Acunetix but you may also use it for manual penetration testing or for educational purposes. It will help you learn about vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), and many more.</p>
</div>
</center>
</body>
</html>

GET http://www.vulnweb.com/ HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 4018
Last-Modified: Tue, 28 Jul 2020 09:20:49 GMT
Connection: keep-alive
ETag: "5f1fedf1-fb2"
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Acunetix Web Vulnerability Scanner - Test websites</title>
<style type="text/css">
<!--
@import url("style.css");
-->
</style>
</head>
<body>
<center>
<br>
<a href='https://www.acunetix.com/'><img src='acunetix-logo.png' border='0' alt="Acunetix website security"></a><br><br>
<div>Vulnerable test websites for <a href='https://www.acunetix.com/vulnerability-scanner/'>Acunetix Web Vulnerability Scanner</a>.</div>
<table id="one-column-emphasis" summary="Acunetix test websites" style="width:60%">
<colgroup>
<col>
</colgroup>
<thead>
<tr style="font-size:14px">
<th scope="col"><b>Name</b></th>
<th scope="col"><b>URL</b></th>
<th scope="col"><b>Technologies</b></th>
<th scope="col"><b>Resources</b></th>
</tr>
</thead>
<tbody>
<tr style="font-size:14px">
<td>SecurityTweets</td>
<td><a href='http://testhtml5.vulnweb.com/'>http://testhtml5.vulnweb.com</a></td>
<td>nginx, Python, Flask, CouchDB</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/html5-website-security/'>Review</a> Acunetix HTML5 scanner or <a href='https://www.acunetix.com/vulnerability-scanner/crawling-html5-javascript-websites/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuart</td>
<td><a href='http://testphp.vulnweb.com/'>http://testphp.vulnweb.com</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/php-security-scanner/'>Review</a> Acunetix PHP scanner or <a href='https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuforum</td>
<td><a href='http://testasp.vulnweb.com/'>http://testasp.vulnweb.com</a></td>
<td>IIS, ASP, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/sql-injection/'>Review</a> Acunetix SQL scanner or <a href='https://www.acunetix.com/websitesecurity/sql-injection/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acublog</td>
<td><a href='http://testaspnet.vulnweb.com/'>http://testaspnet.vulnweb.com</a></td>
<td>IIS, ASP.NET, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/'>Review</a> Acunetix network scanner or <a href='https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>REST API</td>
<td><a href='http://rest.vulnweb.com/'>http://rest.vulnweb.com/</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>Review</a> Acunetix scanner or <a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>learn more</a> on the topic.</td>
</tr>
</tbody>
</table>
<div style="background-color:lightgray;width:60%;text-align:center;font-size:14px">
<p style="padding-left:140px;padding-right:140px"><b>Warning</b>: This site hosts intentionally vulnerable web applications. You can use these applications to understand how programming and configuration errors lead to security breaches. We created the site to help you test Acunetix but you may also use it for manual penetration testing or for educational purposes. It will help you learn about vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), and many more.</p>
</div>
</center>
</body>
</html>

GET http://www.vulnweb.com/favicon.ico HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://www.vulnweb.com/

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:32:03 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>

GET http://www.vulnweb.com/robots.txt HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>

GET http://www.vulnweb.com/sitemap.xml HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>

Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header, to achieve optimal browser support: "Content-Security-Policy" for Chrome 25+, Firefox 23+ and Safari 7+, "X-Content-Security-Policy" for Firefox 4.0+ and Internet Explorer 10+, and "X-WebKit-CSP" for Chrome 14+ and Safari 6+.

The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.

GET http://www.vulnweb.com HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 4018
Last-Modified: Tue, 28 Jul 2020 09:20:49 GMT
Connection: keep-alive
ETag: "5f1fedf1-fb2"
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Acunetix Web Vulnerability Scanner - Test websites</title>
<style type="text/css">
<!--
@import url("style.css");
-->
</style>
</head>
<body>
<center>
<br>
<a href='https://www.acunetix.com/'><img src='acunetix-logo.png' border='0' alt="Acunetix website security"></a><br><br>
<div>Vulnerable test websites for <a href='https://www.acunetix.com/vulnerability-scanner/'>Acunetix Web Vulnerability Scanner</a>.</div>
<table id="one-column-emphasis" summary="Acunetix test websites" style="width:60%">
<colgroup>
<col>
</colgroup>
<thead>
<tr style="font-size:14px">
<th scope="col"><b>Name</b></th>
<th scope="col"><b>URL</b></th>
<th scope="col"><b>Technologies</b></th>
<th scope="col"><b>Resources</b></th>
</tr>
</thead>
<tbody>
<tr style="font-size:14px">
<td>SecurityTweets</td>
<td><a href='http://testhtml5.vulnweb.com/'>http://testhtml5.vulnweb.com</a></td>
<td>nginx, Python, Flask, CouchDB</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/html5-website-security/'>Review</a> Acunetix HTML5 scanner or <a href='https://www.acunetix.com/vulnerability-scanner/crawling-html5-javascript-websites/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuart</td>
<td><a href='http://testphp.vulnweb.com/'>http://testphp.vulnweb.com</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/php-security-scanner/'>Review</a> Acunetix PHP scanner or <a href='https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuforum</td>
<td><a href='http://testasp.vulnweb.com/'>http://testasp.vulnweb.com</a></td>
<td>IIS, ASP, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/sql-injection/'>Review</a> Acunetix SQL scanner or <a href='https://www.acunetix.com/websitesecurity/sql-injection/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acublog</td>
<td><a href='http://testaspnet.vulnweb.com/'>http://testaspnet.vulnweb.com</a></td>
<td>IIS, ASP.NET, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/'>Review</a> Acunetix network scanner or <a href='https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>REST API</td>
<td><a href='http://rest.vulnweb.com/'>http://rest.vulnweb.com/</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>Review</a> Acunetix scanner or <a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>learn more</a> on the topic.</td>
</tr>
</tbody>
</table>
<div style="background-color:lightgray;width:60%;text-align:center;font-size:14px">
<p style="padding-left:140px;padding-right:140px"><b>Warning</b>: This site hosts intentionally vulnerable web applications. You can use these applications to understand how programming and configuration errors lead to security breaches. We created the site to help you test Acunetix but you may also use it for manual penetration testing or for educational purposes. It will help you learn about vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), and many more.</p>
</div>
</center>
</body>
</html>

GET http://www.vulnweb.com/ HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 4018
Last-Modified: Tue, 28 Jul 2020 09:20:49 GMT
Connection: keep-alive
ETag: "5f1fedf1-fb2"
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Acunetix Web Vulnerability Scanner - Test websites</title>
<style type="text/css">
<!--
@import url("style.css");
-->
</style>
</head>
<body>
<center>
<br>
<a href='https://www.acunetix.com/'><img src='acunetix-logo.png' border='0' alt="Acunetix website security"></a><br><br>
<div>Vulnerable test websites for <a href='https://www.acunetix.com/vulnerability-scanner/'>Acunetix Web Vulnerability Scanner</a>.</div>
<table id="one-column-emphasis" summary="Acunetix test websites" style="width:60%">
<colgroup>
<col>
</colgroup>
<thead>
<tr style="font-size:14px">
<th scope="col"><b>Name</b></th>
<th scope="col"><b>URL</b></th>
<th scope="col"><b>Technologies</b></th>
<th scope="col"><b>Resources</b></th>
</tr>
</thead>
<tbody>
<tr style="font-size:14px">
<td>SecurityTweets</td>
<td><a href='http://testhtml5.vulnweb.com/'>http://testhtml5.vulnweb.com</a></td>
<td>nginx, Python, Flask, CouchDB</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/html5-website-security/'>Review</a> Acunetix HTML5 scanner or <a href='https://www.acunetix.com/vulnerability-scanner/crawling-html5-javascript-websites/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuart</td>
<td><a href='http://testphp.vulnweb.com/'>http://testphp.vulnweb.com</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/php-security-scanner/'>Review</a> Acunetix PHP scanner or <a href='https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuforum</td>
<td><a href='http://testasp.vulnweb.com/'>http://testasp.vulnweb.com</a></td>
<td>IIS, ASP, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/sql-injection/'>Review</a> Acunetix SQL scanner or <a href='https://www.acunetix.com/websitesecurity/sql-injection/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acublog</td>
<td><a href='http://testaspnet.vulnweb.com/'>http://testaspnet.vulnweb.com</a></td>
<td>IIS, ASP.NET, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/'>Review</a> Acunetix network scanner or <a href='https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>REST API</td>
<td><a href='http://rest.vulnweb.com/'>http://rest.vulnweb.com/</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>Review</a> Acunetix scanner or <a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>learn more</a> on the topic.</td>
</tr>
</tbody>
</table>
<div style="background-color:lightgray;width:60%;text-align:center;font-size:14px">
<p style="padding-left:140px;padding-right:140px"><b>Warning</b>: This site hosts intentionally vulnerable web applications. You can use these applications to understand how programming and configuration errors lead to security breaches. We created the site to help you test Acunetix but you may also use it for manual penetration testing or for educational purposes. It will help you learn about vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), and many more.</p>
</div>
</center>
</body>
</html>

Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.

If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.

The web/application server is leaking version information via the "Server" HTTP response header. Access to such information may facilitate attackers identifying other vulnerabilities your web/application server is subject to.

GET http://www.vulnweb.com HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 4018
Last-Modified: Tue, 28 Jul 2020 09:20:49 GMT
Connection: keep-alive
ETag: "5f1fedf1-fb2"
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Acunetix Web Vulnerability Scanner - Test websites</title>
<style type="text/css">
<!--
@import url("style.css");
-->
</style>
</head>
<body>
<center>
<br>
<a href='https://www.acunetix.com/'><img src='acunetix-logo.png' border='0' alt="Acunetix website security"></a><br><br>
<div>Vulnerable test websites for <a href='https://www.acunetix.com/vulnerability-scanner/'>Acunetix Web Vulnerability Scanner</a>.</div>
<table id="one-column-emphasis" summary="Acunetix test websites" style="width:60%">
<colgroup>
<col>
</colgroup>
<thead>
<tr style="font-size:14px">
<th scope="col"><b>Name</b></th>
<th scope="col"><b>URL</b></th>
<th scope="col"><b>Technologies</b></th>
<th scope="col"><b>Resources</b></th>
</tr>
</thead>
<tbody>
<tr style="font-size:14px">
<td>SecurityTweets</td>
<td><a href='http://testhtml5.vulnweb.com/'>http://testhtml5.vulnweb.com</a></td>
<td>nginx, Python, Flask, CouchDB</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/html5-website-security/'>Review</a> Acunetix HTML5 scanner or <a href='https://www.acunetix.com/vulnerability-scanner/crawling-html5-javascript-websites/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuart</td>
<td><a href='http://testphp.vulnweb.com/'>http://testphp.vulnweb.com</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/php-security-scanner/'>Review</a> Acunetix PHP scanner or <a href='https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuforum</td>
<td><a href='http://testasp.vulnweb.com/'>http://testasp.vulnweb.com</a></td>
<td>IIS, ASP, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/sql-injection/'>Review</a> Acunetix SQL scanner or <a href='https://www.acunetix.com/websitesecurity/sql-injection/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acublog</td>
<td><a href='http://testaspnet.vulnweb.com/'>http://testaspnet.vulnweb.com</a></td>
<td>IIS, ASP.NET, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/'>Review</a> Acunetix network scanner or <a href='https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>REST API</td>
<td><a href='http://rest.vulnweb.com/'>http://rest.vulnweb.com/</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>Review</a> Acunetix scanner or <a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>learn more</a> on the topic.</td>
</tr>
</tbody>
</table>
<div style="background-color:lightgray;width:60%;text-align:center;font-size:14px">
<p style="padding-left:140px;padding-right:140px"><b>Warning</b>: This site hosts intentionally vulnerable web applications. You can use these applications to understand how programming and configuration errors lead to security breaches. We created the site to help you test Acunetix but you may also use it for manual penetration testing or for educational purposes. It will help you learn about vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), and many more.</p>
</div>
</center>
</body>
</html>

GET http://www.vulnweb.com/ HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 4018
Last-Modified: Tue, 28 Jul 2020 09:20:49 GMT
Connection: keep-alive
ETag: "5f1fedf1-fb2"
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Acunetix Web Vulnerability Scanner - Test websites</title>
<style type="text/css">
<!--
@import url("style.css");
-->
</style>
</head>
<body>
<center>
<br>
<a href='https://www.acunetix.com/'><img src='acunetix-logo.png' border='0' alt="Acunetix website security"></a><br><br>
<div>Vulnerable test websites for <a href='https://www.acunetix.com/vulnerability-scanner/'>Acunetix Web Vulnerability Scanner</a>.</div>
<table id="one-column-emphasis" summary="Acunetix test websites" style="width:60%">
<colgroup>
<col>
</colgroup>
<thead>
<tr style="font-size:14px">
<th scope="col"><b>Name</b></th>
<th scope="col"><b>URL</b></th>
<th scope="col"><b>Technologies</b></th>
<th scope="col"><b>Resources</b></th>
</tr>
</thead>
<tbody>
<tr style="font-size:14px">
<td>SecurityTweets</td>
<td><a href='http://testhtml5.vulnweb.com/'>http://testhtml5.vulnweb.com</a></td>
<td>nginx, Python, Flask, CouchDB</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/html5-website-security/'>Review</a> Acunetix HTML5 scanner or <a href='https://www.acunetix.com/vulnerability-scanner/crawling-html5-javascript-websites/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuart</td>
<td><a href='http://testphp.vulnweb.com/'>http://testphp.vulnweb.com</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/php-security-scanner/'>Review</a> Acunetix PHP scanner or <a href='https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuforum</td>
<td><a href='http://testasp.vulnweb.com/'>http://testasp.vulnweb.com</a></td>
<td>IIS, ASP, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/sql-injection/'>Review</a> Acunetix SQL scanner or <a href='https://www.acunetix.com/websitesecurity/sql-injection/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acublog</td>
<td><a href='http://testaspnet.vulnweb.com/'>http://testaspnet.vulnweb.com</a></td>
<td>IIS, ASP.NET, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/'>Review</a> Acunetix network scanner or <a href='https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>REST API</td>
<td><a href='http://rest.vulnweb.com/'>http://rest.vulnweb.com/</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>Review</a> Acunetix scanner or <a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>learn more</a> on the topic.</td>
</tr>
</tbody>
</table>
<div style="background-color:lightgray;width:60%;text-align:center;font-size:14px">
<p style="padding-left:140px;padding-right:140px"><b>Warning</b>: This site hosts intentionally vulnerable web applications. You can use these applications to understand how programming and configuration errors lead to security breaches. We created the site to help you test Acunetix but you may also use it for manual penetration testing or for educational purposes. It will help you learn about vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), and many more.</p>
</div>
</center>
</body>
</html>

GET http://www.vulnweb.com/acunetix-logo.png HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache
Referer: http://www.vulnweb.com

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: image/png
Content-Length: 4474
Last-Modified: Thu, 19 Jun 2014 11:18:40 GMT
Connection: keep-alive
ETag: "53a2c710-117a"
Accept-Ranges: bytes

‰PNG

IHDR
* '®H
sRGB®ÎégAMA±üa pHYs."."
ªâݒtEXtSoftwarePaint.NET v3.5.11GóB7éIDATx^í ´E†ɼ$(Ì‘¸‹¨ ¢ˆ"( ‚,ŠÑ#ÁsT@EEePTWQ6Ã"(èQ
Žˆ‚
*ëÑož²/
‚„Íÿ›×=©TnUwõ̼™`ÿç|'/3Ý5=Ý}oWÝ{«fZ­Zµ®•Ä†âóâOâå¢H늳ÄBñO±§XALµ¦gÿÖªUkz«8IÜ"wØXÄ´†ð÷‹©Ví$jÕ þ,|C‡"'ñ aíw³ W2•ê¿“X0}δv£5{b¬µ‘ØVì*vËØ%{÷VŸ;7Û«V­'¤ª:‰Ã…µßcb1•ê“hËàeô;ŠcÄÕb‘x¼€Å5âX1¯Ýh®š5W«ÖEUÄ.ÂÚï
1Õq‰êN⺙kN“qo,Ž…åR¸_Ì›Ö=ŒZOUu+‹ßwŸEâ bªUÍIȐ7g‹G…eð½@›çˆWeW«ÖòªªNÍ?G ²#ÃPš“á¶Ä‰™![ÞOøŒ5”Y3ûøZµ–7õâ$FEåœÄ &bqKfÀSÉmb¢Ԙx£ØW#Î?ßûˆW+ª¼b€*b¬ùLñnñ1_p§‹ˆśÅj¢¬hÓ:>¨"«ÉÚ|ñÔ|›ø¢8Uœ!NŸ\®O¿Åq¼H¼O*N?|ö·Ä®b‘*÷{†œÄ&ÂÝ\•¹n±m E±¶fˆ¸d +ŠýÄ#Â2â©à1qฎ%;¬~‰.܉‚ñžu1]ÆŇãEÔüU¤£ÿ¤¸VXŸëó°ø¥ØJpqcâf´Žñ×¢Š®V{O¾Èõs^ým¯¹V‡‰û„õ]sîŸO½êgô/a}–لÅ;D™Ôãó„û]Ùßjw±p·£&ÂÕ¶Â}?‡‡F.žšmam»‹²âhµQŸÑZYÆyœc¬Ãf~»ÑìG
è)âûâQa]Ä8ç.’õþÕ¢Œ¸ép:w «2ðä{º‰¸ŽµßoEQùgµÇùôÅ0Ñ:¿7
´© ïￃã®:ül*Ë<,þ&61á$¬}‹àpµ°¶û…pµ£9"+ŽºHۈP_ááF{Vk%%ñËX‡É í±9½<Q^*nÖI)Ë¿EÈË8 nôó„µ*·‹-„¥Qu¯÷:¯¥p 7"Œ÷ïÂj/…GÄ!‡ciªÌß k[8VÄÄPâlaí{¹à{ÚN‚¤ŒñÏ8G‰£Ú³æuµ-qsöòäv¡«g½^ä$Ö×kߪ<(xªøE'q(ÓՏq‰(u_OX%νÀĪë™j'ê…z8µÍEHûk¿ċ²Ï³ŒêH▁Žé¡½@”½9é’Þ*—YïLj9 Œ‰ÜÚχ|G[Û¸pa_#\¢“è<ыô,A,ÉÚ?‡n9©~°äo^³¶uù†ðTÃpˆž$±*k†Ç֝ y(ôa‘kY'Ñkm(,S19lÒ±–™M‡è6t³NHÆÍÉáB³=1¢î¤«¾,èÖ[ûùĜ9okŸnNJréñð„`XE ”±%=n’Ðøþ#Ü1ûòà$nßdu^+Ú}Tœ#bΑÜý®¾8o—
k_ €úNaEï1Œw‰k_à:Ì®è%\Ì 9›ó…»Ý…«T'ˆXû:_dͬm~¸ ‚¥Äx£µŠŒïbÏG™+ÚcÍâÍd4Û:!€ÞOu_‰Ä“–´Úp 9‰„µ}Îiâi¢H¤A­!½Ry8¶\£î$xrÏ!‘z&aí¤¬CbƤµÐ[°22¾xX/¬6ËÍW­“¨â$°ʶ­ýˆÿ¸
î×ëaCïymáji»Ñíãáò㪘øҌÙýÿþÓ H_V[9–“ [ëɐL‰±l$îùþ<u_(|²“ î£Œ¨ÑÇ­6ˆ XÂ
„bOnÑÁ×å'Âj¸v!M¥“@îikß ÄÐúqV\kɹšk6ep·{¸<°PÇNÍBH\Dÿ„ä¸c¯q­öÀr±^iÌ*AØ·V1'7ªNãI™òüaµCìÈêIR#`mO¯ñù"UMrT{B½’©vèSÂÚ¨­aèa½wœ°ä:‰ÖAžñõƒ‡Åu⢌ÙkÖ¶½ÀpÂÆ
VþAT1N„
°bÕ®å$XxÄږ,VçP¤¼°+¤Quo)zªæˆ!ùbõ'k[ÆáUE Üjv–†á$ˆcqo[û/d—¬×gK“N¢=֚!CëWÉ5™‡ÅÎbŽ;£“™£ú,z,óÄù¢_”»Û¦5¶åbø'$‡ыBsþ}'Aˆ…µíÑbE'Ák}ªB©~F‡^e(àI<‡L¨Œ [COáa8 „ã,ªbÍ¡úóÕ"¤I'!#ÛÉ3ºªLæY>¡'«¯ m·×gûöÊ{²¦]…‚Wrz­Ü$³bµí; Òp¡ŒÄ §þŽ¢“ âÑ¥ê\á·[
W[k;à³6T%ä|®–†å$ÐÂjÃç S×Iœé\.P/a™H¯œÁJÖbUœÙË]iŸÕ´ïy^[U xçëHa˜ªFâŠÈ7µ ~Û¾“ ’ìoÜpŒu©Qt7‰*"#á·¾“(ký„Ì’U<L'AöçÂj'çbQô°œ>MÝô†ì>ÏàR¹DÆÞíîË1àx¶gˆ;Ó¾™ F`ôt±¹;Ѿ3õÚ…ÕvY©?€Ê“ÊìUô–(ÏöÛöùvà©VSèU£è$ò¹©*ë$Hg[Û zŠVli˜N‘Ù uyÀ±"w‘¦cÌ[zƖÊ=‚.uGãNçd‹7à4Ž•Qw#Óú{m½v§³M˜¬â*T¼Ä´à^…“à©è·];‰I ËI0[ÔÚnÐX
Ôa; z7 «-z²Û‹"uœÄþž¡¥Â4çŽÆÇ:ÅXçzïÇ8KN¥k(úÿ^Þû©PLäŠ .Ö bi°^ÅV Ëw¡12Oi¢žÂúl&UÑòà$Þ/¬íÍ(:‰ÐªÛ9ÄYŠ²k'qªgh)Ü¥@7u¢ÿâ½_†²ÝYe›,Ë­Þû)0s›ÀR¦R3&J§­¶}'Á´òPà’ú‰AŠõ2¬Ï¥2¯ŠB¥FÉI„b@@Ÿà °4L'+(sam‘X ¹ã$.ó-léH¾¦þÿ€÷~¡ä¹#ýÿhïýü(3s
¬©¹z_”[íúN‚(´nB?b#1±²’õ¹ô€RW{âYFÏkV[Ãr¤*C5Ö†AŠŠPë8ÆÔ«“àZÍUr!ŽRÇIÜìZ
ïÍ¢=¼÷R` ±Žôw/éØ;®ŸÑr½:雐7e¾|•T" t¿°Úõb†¡µ-ÆJO£ªŠ²#|ÿÐq¦:I®‘ÕFo­6,'.Ö¶ô ª^s”º2FmÇN"¦^œÇÈJSÖþLj³^§V"Ô»é8‰‡<CK¡;S³´¾µMX ¸#ýÍ÷X۔áþ‰F“Ô¤+և´N°RQªÑE³ÚËIÄz4̬R³ƒ¦êó»ÂÔå‹4—õ¹Ì,û¹´OUžÕŽ?ÄË5L'ñ
amü¦Eq®8fl®Å%Ä:Ö1|SÄԋ“`­µ/%ü<TXaËzb•—wœ„eleéÖÁëï³¼÷R`ñюdäÏ6Þ/Ë"íïÁ;ëf^'¯^V8ªë¬¶r,'Aï&¶Ž‹¿¦8
ÆÝnìÐÒjŸîg¹PGRôtä¸B©dØMX¦“ ÞâQHÇ=‘"΁›)cJþEQvŠ ¾ûÙ9ônc
êN‚‡¶µ
×!/ÜcÝÓÐpŒá¯_é8‰^–ÇYÖíœâ½—·#ý½ž÷^
–“@±Y|1+øæŠE:BU.–“@¡é¹9dXE)&œFiqq#ð”ó'»qÜ¡™›¢Nj;Ökb&jhõîa: ËrpÜe‡[ôø?”“У‰Õ¸­ýà/"´w'A!”}¢7íê;Âڎû³;ôÏÔqÔ9XW†îÔRý͊ÚÖ6e ‹Ô‘þ~“÷^
ú.«[ÞCq§V[PtÂâ'ÔZpcÐ5#^À,Kz–aZ„œ
U€æ06d.S¿YlcÃSbê*æÐ¥´œ«(YÛçPçOoŽlÐނŒ7dh®BNlšþ°±‡˜ƒÃ h“õdéñÒbù¶#Dh"Ð#°¦è»
ÅG€óΐ×°¥: žþ§kŸ ÑMdbXÁëÖöô´ÜïÔqWy†–k+t¤¿×U–Ý_,ºÅXúû@ç½Tb%¿{‰ØJG.Ü@¡.Y1'AÙzlµ#Ž·ì1sòȯ%G(hU•ËD,<l'0tj
¬ý\x€0s§ÂÅc¬×œïØĨ\ë‹"gËz©n03ÕI„zM|&µYb©Ðwt×í8‰_y†–Bw¾D¶x.%×Öv1ø•®¬•Ž“¨ÒFÕe1вnÜ*ÐÕ´^9 „WMe®
79«8ń);3°֍,*Â'è öÛA²ü@ÑÐÐõ0EKùEäJq/¡VQŠÞ£µä‹étœÄ‘ž¡¥°T墌Z‰¶·MŒÚg©1´^ëÅiucñC+U—sÏ¡H†…u­÷Šœ"Ã,zZ•)ÔùÊÆEb(ÕëÊÑd9ž+Š4*Nу‹ =Rø¨2՝ß!àiµÉ²qnl§¬“`¾÷›µ-½ê¢9?M`­/
\»É¡˜‹•±-ƒ+C7+‘KFOvâJo;‹Ëµí2½Î¼kû2”ýÕ"²2¤S”®?qŒ¼×çaIL§êo€ðô8X¤Eçລö¨øîÀB«0ù%'È␑(» ±“ùHŸ¦ÖJ¸"@LïÛ¿ïö®Ê:‰PzŸö­¥è,1·Ú(s©”œ+㪺øéµeÔn4™Õù9q“³m΍âá×3t¤×÷ζKEß¡I4¹¬0R<%ËÇu Zêfs$ÆùÔø.Lc?V6b,ËBŸ6Á®^V´BÏðB]Õ†2܌e{+¹V1¶õÏÆ^E_ý¶ h˜å‹,¿œÆ¯(îD ™ªI†©æýZQüFФ2ÒO³Žõ] ¤æ¢jÓÚÈ^”3V;p8?å‡a²J”ex1Ë(­I-]M4šLøÚ@l/¶“CZ¿=sɄ.KÖZڶʒþ—ŽÏXÍÏñ–7uÜ<L#AÙ5ëÒE/ûôìUÖëÇA/‹ÍqàXþó]õ;†Äwçw(Yþºà»³<;ëÒEďõŽŠx²s}Éè„ç|«p³´l%ì^Åuä¼û+kš&˜2°ÍDjf‚›w RۇzŸUµÔ!ÔªU«¿štü¬¿Œl_QvØqa{¬9°'L{¬5]Ÿq÷™1Nr±©U«Vß´¤†d|v‹5'wE«T6ÞhY¿ƒØWésf‰ù"渘uz´Ö —«UëÿUKœD.Ý:â0q­`‚‘2S”u'¶hÏä0miM4šÏæÙgsKòsl_Ý"¬Zµj BÓ¦ÿûóáR‰ÑáIEND®B`‚

GET http://www.vulnweb.com/favicon.ico HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://www.vulnweb.com/

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:32:03 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>

GET http://www.vulnweb.com/robots.txt HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>

GET http://www.vulnweb.com/sitemap.xml HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 153
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>

GET http://www.vulnweb.com/style.css HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://www.vulnweb.com/

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:32:03 GMT
Content-Type: text/css
Content-Length: 9894
Last-Modified: Thu, 19 Jun 2014 11:13:14 GMT
Connection: keep-alive
ETag: "53a2c5ca-26a6"
Accept-Ranges: bytes

/* ------------------
styling for the tables
------------------ */
body
{
line-height: 1.6em;
}
.acunetix-title
{
font-size: 20px;
padding: 12px 15px;
color: #039;
}
#hor-minimalist-a
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
background: #fff;
margin: 45px;
width: 480px;
border-collapse: collapse;
text-align: left;
}
#hor-minimalist-a th
{
font-size: 14px;
font-weight: normal;
color: #039;
padding: 10px 8px;
border-bottom: 2px solid #6678b1;
}
#hor-minimalist-a td
{
color: #669;
padding: 9px 8px 0px 8px;
}
#hor-minimalist-a tbody tr:hover td
{
color: #009;
}
#hor-minimalist-b
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
background: #fff;
margin: 45px;
width: 480px;
border-collapse: collapse;
text-align: left;
}
#hor-minimalist-b th
{
font-size: 14px;
font-weight: normal;
color: #039;
padding: 10px 8px;
border-bottom: 2px solid #6678b1;
}
#hor-minimalist-b td
{
border-bottom: 1px solid #ccc;
color: #669;
padding: 6px 8px;
}
#hor-minimalist-b tbody tr:hover td
{
color: #009;
}
#ver-minimalist
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#ver-minimalist th
{
padding: 8px 2px;
font-weight: normal;
font-size: 14px;
border-bottom: 2px solid #6678b1;
border-right: 30px solid #fff;
border-left: 30px solid #fff;
color: #039;
}
#ver-minimalist td
{
padding: 12px 2px 0px 2px;
border-right: 30px solid #fff;
border-left: 30px solid #fff;
color: #669;
}
#box-table-a
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#box-table-a th
{
font-size: 13px;
font-weight: normal;
padding: 8px;
background: #b9c9fe;
border-top: 4px solid #aabcfe;
border-bottom: 1px solid #fff;
color: #039;
}
#box-table-a td
{
padding: 8px;
background: #e8edff;
border-bottom: 1px solid #fff;
color: #669;
border-top: 1px solid transparent;
}
#box-table-a tr:hover td
{
background: #d0dafd;
color: #339;
}
#box-table-b
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: center;
border-collapse: collapse;
border-top: 7px solid #9baff1;
border-bottom: 7px solid #9baff1;
}
#box-table-b th
{
font-size: 13px;
font-weight: normal;
padding: 8px;
background: #e8edff;
border-right: 1px solid #9baff1;
border-left: 1px solid #9baff1;
color: #039;
}
#box-table-b td
{
padding: 8px;
background: #e8edff;
border-right: 1px solid #aabcfe;
border-left: 1px solid #aabcfe;
color: #669;
}
#hor-zebra
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#hor-zebra th
{
font-size: 14px;
font-weight: normal;
padding: 10px 8px;
color: #039;
}
#hor-zebra td
{
padding: 8px;
color: #669;
}
#hor-zebra .odd
{
background: #e8edff;
}
#ver-zebra
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#ver-zebra th
{
font-size: 14px;
font-weight: normal;
padding: 12px 15px;
border-right: 1px solid #fff;
border-left: 1px solid #fff;
color: #039;
}
#ver-zebra td
{
padding: 8px 15px;
border-right: 1px solid #fff;
border-left: 1px solid #fff;
color: #669;
}
.vzebra-odd
{
background: #eff2ff;
}
.vzebra-even
{
background: #e8edff;
}
#ver-zebra #vzebra-adventure, #ver-zebra #vzebra-children
{
background: #d0dafd;
border-bottom: 1px solid #c8d4fd;
}
#ver-zebra #vzebra-comedy, #ver-zebra #vzebra-action
{
background: #dce4ff;
border-bottom: 1px solid #d6dfff;
}
#one-column-emphasis
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 650px;
text-align: left;
border-collapse: collapse;
}
#one-column-emphasis th
{
font-size: 14px;
font-weight: normal;
padding: 12px 15px;
color: #039;
}
#one-column-emphasis td
{
padding: 10px 15px;
color: #669;
border-top: 1px solid #e8edff;
}
.oce-first
{
background: #d0dafd;
border-right: 10px solid transparent;
border-left: 10px solid transparent;
}
#one-column-emphasis tr:hover td
{
color: #339;
background: #eff2ff;
}
#newspaper-a
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
border: 1px solid #69c;
}
#newspaper-a th
{
padding: 12px 17px 12px 17px;
font-weight: normal;
font-size: 14px;
color: #039;
border-bottom: 1px dashed #69c;
}
#newspaper-a td
{
padding: 7px 17px 7px 17px;
color: #669;
}
#newspaper-a tbody tr:hover td
{
color: #339;
background: #d0dafd;
}
#newspaper-b
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
border: 1px solid #69c;
}
#newspaper-b th
{
padding: 15px 10px 10px 10px;
font-weight: normal;
font-size: 14px;
color: #039;
}
#newspaper-b tbody
{
background: #e8edff;
}
#newspaper-b td
{
padding: 10px;
color: #669;
border-top: 1px dashed #fff;
}
#newspaper-b tbody tr:hover td
{
color: #339;
background: #d0dafd;
}
#newspaper-c
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
border: 1px solid #6cf;
}
#newspaper-c th
{
padding: 20px;
font-weight: normal;
font-size: 13px;
color: #039;
text-transform: uppercase;
border-right: 1px solid #0865c2;
border-top: 1px solid #0865c2;
border-left: 1px solid #0865c2;
border-bottom: 1px solid #fff;
}
#newspaper-c td
{
padding: 10px 20px;
color: #669;
border-right: 1px dashed #6cf;
}
#rounded-corner
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#rounded-corner thead th.rounded-company
{
background: #b9c9fe url('table-images/left.png') left -1px no-repeat;
}
#rounded-corner thead th.rounded-q4
{
background: #b9c9fe url('table-images/right.png') right -1px no-repeat;
}
#rounded-corner th
{
padding: 8px;
font-weight: normal;
font-size: 13px;
color: #039;
background: #b9c9fe;
}
#rounded-corner td
{
padding: 8px;
background: #e8edff;
border-top: 1px solid #fff;
color: #669;
}
#rounded-corner tfoot td.rounded-foot-left
{
background: #e8edff url('table-images/botleft.png') left bottom no-repeat;
}
#rounded-corner tfoot td.rounded-foot-right
{
background: #e8edff url('table-images/botright.png') right bottom no-repeat;
}
#rounded-corner tbody tr:hover td
{
background: #d0dafd;
}
#background-image
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
background: url('table-images/blurry.jpg') 330px 59px no-repeat;
}
#background-image th
{
padding: 12px;
font-weight: normal;
font-size: 14px;
color: #339;
}
#background-image td
{
padding: 9px 12px;
color: #669;
border-top: 1px solid #fff;
}
#background-image tfoot td
{
font-size: 11px;
}
#background-image tbody td
{
background: url('table-images/back.png');
}
* html #background-image tbody td
{
/*
----------------------------
PUT THIS ON IE6 ONLY STYLE
AS THE RULE INVALIDATES
YOUR STYLESHEET
----------------------------
*/
filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src='table-images/back.png',sizingMethod='crop');
background: none;
}
#background-image tbody tr:hover td
{
color: #339;
background: none;
}
#gradient-style
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#gradient-style th
{
font-size: 13px;
font-weight: normal;
padding: 8px;
background: #b9c9fe url('table-images/gradhead.png') repeat-x;
border-top: 2px solid #d3ddff;
border-bottom: 1px solid #fff;
color: #039;
}
#gradient-style td
{
padding: 8px;
border-bottom: 1px solid #fff;
color: #669;
border-top: 1px solid #fff;
background: #e8edff url('table-images/gradback.png') repeat-x;
}
#gradient-style tfoot tr td
{
background: #e8edff;
font-size: 12px;
color: #99c;
}
#gradient-style tbody tr:hover td
{
background: #d0dafd url('table-images/gradhover.png') repeat-x;
color: #339;
}
#pattern-style-a
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
background: url('table-images/pattern.png');
}
#pattern-style-a thead tr
{
background: url('table-images/pattern-head.png');
}
#pattern-style-a th
{
font-size: 13px;
font-weight: normal;
padding: 8px;
border-bottom: 1px solid #fff;
color: #039;
}
#pattern-style-a td
{
padding: 8px;
border-bottom: 1px solid #fff;
color: #669;
border-top: 1px solid transparent;
}
#pattern-style-a tbody tr:hover td
{
color: #339;
background: #fff;
}
#pattern-style-b
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
background: url('table-images/patternb.png');
}
#pattern-style-b thead tr
{
background: url('table-images/patternb-head.png');
}
#pattern-style-b th
{
font-size: 13px;
font-weight: normal;
padding: 8px;
border-bottom: 1px solid #fff;
color: #039;
}
#pattern-style-b td
{
padding: 8px;
border-bottom: 1px solid #fff;
color: #669;
border-top: 1px solid transparent;
}
#pattern-style-b tbody tr:hover td
{
color: #339;
background: #cdcdee;
}

Ensure that your web server, application server, load balancer, etc. is configured to suppress the "Server" header or provide generic details.

The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.

GET http://www.vulnweb.com HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 4018
Last-Modified: Tue, 28 Jul 2020 09:20:49 GMT
Connection: keep-alive
ETag: "5f1fedf1-fb2"
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Acunetix Web Vulnerability Scanner - Test websites</title>
<style type="text/css">
<!--
@import url("style.css");
-->
</style>
</head>
<body>
<center>
<br>
<a href='https://www.acunetix.com/'><img src='acunetix-logo.png' border='0' alt="Acunetix website security"></a><br><br>
<div>Vulnerable test websites for <a href='https://www.acunetix.com/vulnerability-scanner/'>Acunetix Web Vulnerability Scanner</a>.</div>
<table id="one-column-emphasis" summary="Acunetix test websites" style="width:60%">
<colgroup>
<col>
</colgroup>
<thead>
<tr style="font-size:14px">
<th scope="col"><b>Name</b></th>
<th scope="col"><b>URL</b></th>
<th scope="col"><b>Technologies</b></th>
<th scope="col"><b>Resources</b></th>
</tr>
</thead>
<tbody>
<tr style="font-size:14px">
<td>SecurityTweets</td>
<td><a href='http://testhtml5.vulnweb.com/'>http://testhtml5.vulnweb.com</a></td>
<td>nginx, Python, Flask, CouchDB</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/html5-website-security/'>Review</a> Acunetix HTML5 scanner or <a href='https://www.acunetix.com/vulnerability-scanner/crawling-html5-javascript-websites/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuart</td>
<td><a href='http://testphp.vulnweb.com/'>http://testphp.vulnweb.com</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/php-security-scanner/'>Review</a> Acunetix PHP scanner or <a href='https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuforum</td>
<td><a href='http://testasp.vulnweb.com/'>http://testasp.vulnweb.com</a></td>
<td>IIS, ASP, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/sql-injection/'>Review</a> Acunetix SQL scanner or <a href='https://www.acunetix.com/websitesecurity/sql-injection/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acublog</td>
<td><a href='http://testaspnet.vulnweb.com/'>http://testaspnet.vulnweb.com</a></td>
<td>IIS, ASP.NET, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/'>Review</a> Acunetix network scanner or <a href='https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>REST API</td>
<td><a href='http://rest.vulnweb.com/'>http://rest.vulnweb.com/</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>Review</a> Acunetix scanner or <a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>learn more</a> on the topic.</td>
</tr>
</tbody>
</table>
<div style="background-color:lightgray;width:60%;text-align:center;font-size:14px">
<p style="padding-left:140px;padding-right:140px"><b>Warning</b>: This site hosts intentionally vulnerable web applications. You can use these applications to understand how programming and configuration errors lead to security breaches. We created the site to help you test Acunetix but you may also use it for manual penetration testing or for educational purposes. It will help you learn about vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), and many more.</p>
</div>
</center>
</body>
</html>

GET http://www.vulnweb.com/ HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: text/html
Content-Length: 4018
Last-Modified: Tue, 28 Jul 2020 09:20:49 GMT
Connection: keep-alive
ETag: "5f1fedf1-fb2"
Accept-Ranges: bytes

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Acunetix Web Vulnerability Scanner - Test websites</title>
<style type="text/css">
<!--
@import url("style.css");
-->
</style>
</head>
<body>
<center>
<br>
<a href='https://www.acunetix.com/'><img src='acunetix-logo.png' border='0' alt="Acunetix website security"></a><br><br>
<div>Vulnerable test websites for <a href='https://www.acunetix.com/vulnerability-scanner/'>Acunetix Web Vulnerability Scanner</a>.</div>
<table id="one-column-emphasis" summary="Acunetix test websites" style="width:60%">
<colgroup>
<col>
</colgroup>
<thead>
<tr style="font-size:14px">
<th scope="col"><b>Name</b></th>
<th scope="col"><b>URL</b></th>
<th scope="col"><b>Technologies</b></th>
<th scope="col"><b>Resources</b></th>
</tr>
</thead>
<tbody>
<tr style="font-size:14px">
<td>SecurityTweets</td>
<td><a href='http://testhtml5.vulnweb.com/'>http://testhtml5.vulnweb.com</a></td>
<td>nginx, Python, Flask, CouchDB</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/html5-website-security/'>Review</a> Acunetix HTML5 scanner or <a href='https://www.acunetix.com/vulnerability-scanner/crawling-html5-javascript-websites/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuart</td>
<td><a href='http://testphp.vulnweb.com/'>http://testphp.vulnweb.com</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/php-security-scanner/'>Review</a> Acunetix PHP scanner or <a href='https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acuforum</td>
<td><a href='http://testasp.vulnweb.com/'>http://testasp.vulnweb.com</a></td>
<td>IIS, ASP, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/sql-injection/'>Review</a> Acunetix SQL scanner or <a href='https://www.acunetix.com/websitesecurity/sql-injection/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>Acublog</td>
<td><a href='http://testaspnet.vulnweb.com/'>http://testaspnet.vulnweb.com</a></td>
<td>IIS, ASP.NET, Microsoft SQL Server</td>
<td><a href='https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/'>Review</a> Acunetix network scanner or <a href='https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/'>learn more</a> on the topic.</td>
</tr>
<tr style="font-size:14px">
<td>REST API</td>
<td><a href='http://rest.vulnweb.com/'>http://rest.vulnweb.com/</a></td>
<td>Apache, PHP, MySQL</td>
<td><a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>Review</a> Acunetix scanner or <a href='https://www.acunetix.com/blog/articles/rest-api-security-testing-acunetix/'>learn more</a> on the topic.</td>
</tr>
</tbody>
</table>
<div style="background-color:lightgray;width:60%;text-align:center;font-size:14px">
<p style="padding-left:140px;padding-right:140px"><b>Warning</b>: This site hosts intentionally vulnerable web applications. You can use these applications to understand how programming and configuration errors lead to security breaches. We created the site to help you test Acunetix but you may also use it for manual penetration testing or for educational purposes. It will help you learn about vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), and many more.</p>
</div>
</center>
</body>
</html>

GET http://www.vulnweb.com/acunetix-logo.png HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; x64; rv:105.0esr) Gecko/20010101 Firefox/105.0esr
Pragma: no-cache
Cache-Control: no-cache
Referer: http://www.vulnweb.com

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:31:55 GMT
Content-Type: image/png
Content-Length: 4474
Last-Modified: Thu, 19 Jun 2014 11:18:40 GMT
Connection: keep-alive
ETag: "53a2c710-117a"
Accept-Ranges: bytes

‰PNG

IHDR
* '®H
sRGB®ÎégAMA±üa pHYs."."
ªâݒtEXtSoftwarePaint.NET v3.5.11GóB7éIDATx^í ´E†ɼ$(Ì‘¸‹¨ ¢ˆ"( ‚,ŠÑ#ÁsT@EEePTWQ6Ã"(èQ
Žˆ‚
*ëÑož²/
‚„Íÿ›×=©TnUwõ̼™`ÿç|'/3Ý5=Ý}oWÝ{«fZ­Zµ®•Ä†âóâOâå¢H늳ÄBñO±§XALµ¦gÿÖªUkz«8IÜ"wØXÄ´†ð÷‹©Ví$jÕ þ,|C‡"'ñ aíw³ W2•ê¿“X0}δv£5{b¬µ‘ØVì*vËØ%{÷VŸ;7Û«V­'¤ª:‰Ã…µßcb1•ê“hËàeô;ŠcÄÕb‘x¼€Å5âX1¯Ýh®š5W«ÖEUÄ.ÂÚï
1Õq‰êN⺙kN“qo,Ž…åR¸_Ì›Ö=ŒZOUu+‹ßwŸEâ bªUÍIȐ7g‹G…eð½@›çˆWeW«ÖòªªNÍ?G ²#ÃPš“á¶Ä‰™![ÞOøŒ5”Y3ûøZµ–7õâ$FEåœÄ &bqKfÀSÉmb¢Ԙx£ØW#Î?ßûˆW+ª¼b€*b¬ùLñnñ1_p§‹ˆśÅj¢¬hÓ:>¨"«ÉÚ|ñÔ|›ø¢8Uœ!NŸ\®O¿Åq¼H¼O*N?|ö·Ä®b‘*÷{†œÄ&ÂÝ\•¹n±m E±¶fˆ¸d +ŠýÄ#Â2â©à1qฎ%;¬~‰.܉‚ñžu1]ÆŇãEÔüU¤£ÿ¤¸VXŸëó°ø¥ØJpqcâf´Žñ×¢Š®V{O¾Èõs^ým¯¹V‡‰û„õ]sîŸO½êgô/a}–لÅ;D™Ôãó„û]Ùßjw±p·£&ÂÕ¶Â}?‡‡F.žšmam»‹²âhµQŸÑZYÆyœc¬Ãf~»ÑìG
è)âûâQa]Ä8ç.’õþÕ¢Œ¸ép:w «2ðä{º‰¸ŽµßoEQùgµÇùôÅ0Ñ:¿7
´© ïￃã®:ül*Ë<,þ&61á$¬}‹àpµ°¶û…pµ£9"+ŽºHۈP_ááF{Vk%%ñËX‡É í±9½<Q^*nÖI)Ë¿EÈË8 nôó„µ*·‹-„¥Qu¯÷:¯¥p 7"Œ÷ïÂj/…GÄ!‡ciªÌß k[8VÄÄPâlaí{¹à{ÚN‚¤ŒñÏ8G‰£Ú³æuµ-qsöòäv¡«g½^ä$Ö×kߪ<(xªøE'q(ÓՏq‰(u_OX%νÀĪë™j'ê…z8µÍEHûk¿ċ²Ï³ŒêH▁Žé¡½@”½9é’Þ*—YïLj9 Œ‰ÜÚχ|G[Û¸pa_#\¢“è<ыô,A,ÉÚ?‡n9©~°äo^³¶uù†ðTÃpˆž$±*k†Ç֝ y(ôa‘kY'Ñkm(,S19lÒ±–™M‡è6t³NHÆÍÉáB³=1¢î¤«¾,èÖ[ûùĜ9okŸnNJréñð„`XE ”±%=n’Ðøþ#Ü1ûòà$nßdu^+Ú}Tœ#bΑÜý®¾8o—
k_ €úNaEï1Œw‰k_à:Ì®è%\Ì 9›ó…»Ý…«T'ˆXû:_dͬm~¸ ‚¥Äx£µŠŒïbÏG™+ÚcÍâÍd4Û:!€ÞOu_‰Ä“–´Úp 9‰„µ}Îiâi¢H¤A­!½Ry8¶\£î$xrÏ!‘z&aí¤¬CbƤµÐ[°22¾xX/¬6ËÍW­“¨â$°ʶ­ýˆÿ¸
î×ëaCïymáji»Ñíãáò㪘øҌÙýÿþÓ H_V[9–“ [ëɐL‰±l$îùþ<u_(|²“ î£Œ¨ÑÇ­6ˆ XÂ
„bOnÑÁ×å'Âj¸v!M¥“@îikß ÄÐúqV\kɹšk6ep·{¸<°PÇNÍBH\Dÿ„ä¸c¯q­öÀr±^iÌ*AØ·V1'7ªNãI™òüaµCìÈêIR#`mO¯ñù"UMrT{B½’©vèSÂÚ¨­aèa½wœ°ä:‰ÖAžñõƒ‡Åu⢌ÙkÖ¶½ÀpÂÆ
VþAT1N„
°bÕ®å$XxÄږ,VçP¤¼°+¤Quo)zªæˆ!ùbõ'k[ÆáUE Üjv–†á$ˆcqo[û/d—¬×gK“N¢=֚!CëWÉ5™‡ÅÎbŽ;£“™£ú,z,óÄù¢_”»Û¦5¶åbø'$‡ыBsþ}'Aˆ…µíÑbE'Ák}ªB©~F‡^e(àI<‡L¨Œ [COáa8 „ã,ªbÍ¡úóÕ"¤I'!#ÛÉ3ºªLæY>¡'«¯ m·×gûöÊ{²¦]…‚Wrz­Ü$³bµí; Òp¡ŒÄ §þŽ¢“ âÑ¥ê\á·[
W[k;à³6T%ä|®–†å$ÐÂjÃç S×Iœé\.P/a™H¯œÁJÖbUœÙË]iŸÕ´ïy^[U xçëHa˜ªFâŠÈ7µ ~Û¾“ ’ìoÜpŒu©Qt7‰*"#á·¾“(ký„Ì’U<L'AöçÂj'çbQô°œ>MÝô†ì>ÏàR¹DÆÞíîË1àx¶gˆ;Ó¾™ F`ôt±¹;Ѿ3õÚ…ÕvY©?€Ê“ÊìUô–(ÏöÛöùvà©VSèU£è$ò¹©*ë$Hg[Û zŠVli˜N‘Ù uyÀ±"w‘¦cÌ[zƖÊ=‚.uGãNçd‹7à4Ž•Qw#Óú{m½v§³M˜¬â*T¼Ä´à^…“à©è·];‰I ËI0[ÔÚnÐX
Ôa; z7 «-z²Û‹"uœÄþž¡¥Â4çŽÆÇ:ÅXçzïÇ8KN¥k(úÿ^Þû©PLäŠ .Ö bi°^ÅV Ëw¡12Oi¢žÂúl&UÑòà$Þ/¬íÍ(:‰ÐªÛ9ÄYŠ²k'qªgh)Ü¥@7u¢ÿâ½_†²ÝYe›,Ë­Þû)0s›ÀR¦R3&J§­¶}'Á´òPà’ú‰AŠõ2¬Ï¥2¯ŠB¥FÉI„b@@Ÿà °4L'+(sam‘X ¹ã$.ó-léH¾¦þÿ€÷~¡ä¹#ýÿhïýü(3s
¬©¹z_”[íúN‚(´nB?b#1±²’õ¹ô€RW{âYFÏkV[Ãr¤*C5Ö†AŠŠPë8ÆÔ«“àZÍUr!ŽRÇIÜìZ
ïÍ¢=¼÷R` ±Žôw/éØ;®ŸÑr½:雐7e¾|•T" t¿°Úõb†¡µ-ÆJO£ªŠ²#|ÿÐq¦:I®‘ÕFo­6,'.Ö¶ô ª^s”º2FmÇN"¦^œÇÈJSÖþLj³^§V"Ô»é8‰‡<CK¡;S³´¾µMX ¸#ýÍ÷X۔áþ‰F“Ô¤+և´N°RQªÑE³ÚËIÄz4̬R³ƒ¦êó»ÂÔå‹4—õ¹Ì,û¹´OUžÕŽ?ÄË5L'ñ
amü¦Eq®8fl®Å%Ä:Ö1|SÄԋ“`­µ/%ü<TXaËzb•—wœ„eleéÖÁëï³¼÷R`ñюdäÏ6Þ/Ë"íïÁ;ëf^'¯^V8ªë¬¶r,'Aï&¶Ž‹¿¦8
ÆÝnìÐÒjŸîg¹PGRôtä¸B©dØMX¦“ ÞâQHÇ=‘"΁›)cJþEQvŠ ¾ûÙ9ônc
êN‚‡¶µ
×!/ÜcÝÓÐpŒá¯_é8‰^–ÇYÖíœâ½—·#ý½ž÷^
–“@±Y|1+øæŠE:BU.–“@¡é¹9dXE)&œFiqq#ð”ó'»qÜ¡™›¢Nj;Ökb&jhõîa: ËrpÜe‡[ôø?”“У‰Õ¸­ýà/"´w'A!”}¢7íê;Âڎû³;ôÏÔqÔ9XW†îÔRý͊ÚÖ6e ‹Ô‘þ~“÷^
ú.«[ÞCq§V[PtÂâ'ÔZpcÐ5#^À,Kz–aZ„œ
U€æ06d.S¿YlcÃSbê*æÐ¥´œ«(YÛçPçOoŽlÐނŒ7dh®BNlšþ°±‡˜ƒÃ h“õdéñÒbù¶#Dh"Ð#°¦è»
ÅG€óΐ×°¥: žþ§kŸ ÑMdbXÁëÖöô´ÜïÔqWy†–k+t¤¿×U–Ý_,ºÅXúû@ç½Tb%¿{‰ØJG.Ü@¡.Y1'AÙzlµ#Ž·ì1sòȯ%G(hU•ËD,<l'0tj
¬ý\x€0s§ÂÅc¬×œïØĨ\ë‹"gËz©n03ÕI„zM|&µYb©Ðwt×í8‰_y†–Bw¾D¶x.%×Öv1ø•®¬•Ž“¨ÒFÕe1вnÜ*ÐÕ´^9 „WMe®
79«8ń);3°֍,*Â'è öÛA²ü@ÑÐÐõ0EKùEäJq/¡VQŠÞ£µä‹étœÄ‘ž¡¥°T墌Z‰¶·MŒÚg©1´^ëÅiucñC+U—sÏ¡H†…u­÷Šœ"Ã,zZ•)ÔùÊÆEb(ÕëÊÑd9ž+Š4*Nу‹ =Rø¨2՝ß!àiµÉ²qnl§¬“`¾÷›µ-½ê¢9?M`­/
\»É¡˜‹•±-ƒ+C7+‘KFOvâJo;‹Ëµí2½Î¼kû2”ýÕ"²2¤S”®?qŒ¼×çaIL§êo€ðô8X¤Eçລö¨øîÀB«0ù%'È␑(» ±“ùHŸ¦ÖJ¸"@LïÛ¿ïö®Ê:‰PzŸö­¥è,1·Ú(s©”œ+㪺øéµeÔn4™Õù9q“³m΍âá×3t¤×÷ζKEß¡I4¹¬0R<%ËÇu Zêfs$ÆùÔø.Lc?V6b,ËBŸ6Á®^V´BÏðB]Õ†2܌e{+¹V1¶õÏÆ^E_ý¶ h˜å‹,¿œÆ¯(îD ™ªI†©æýZQüFФ2ÒO³Žõ] ¤æ¢jÓÚÈ^”3V;p8?å‡a²J”ex1Ë(­I-]M4šLøÚ@l/¶“CZ¿=sɄ.KÖZڶʒþ—ŽÏXÍÏñ–7uÜ<L#AÙ5ëÒE/ûôìUÖëÇA/‹ÍqàXþó]õ;†Äwçw(Yþºà»³<;ëÒEďõŽŠx²s}Éè„ç|«p³´l%ì^Åuä¼û+kš&˜2°ÍDjf‚›w RۇzŸUµÔ!ÔªU«¿štü¬¿Œl_QvØqa{¬9°'L{¬5]Ÿq÷™1Nr±©U«Vß´¤†d|v‹5'wE«T6ÞhY¿ƒØWésf‰ù"渘uz´Ö —«UëÿUKœD.Ý:â0q­`‚‘2S”u'¶hÏä0miM4šÏæÙgsKòsl_Ý"¬Zµj BÓ¦ÿûóáR‰ÑáIEND®B`‚

GET http://www.vulnweb.com/style.css HTTP/1.1
Host: www.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://www.vulnweb.com/

HTTP/1.1 200 OK
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:32:03 GMT
Content-Type: text/css
Content-Length: 9894
Last-Modified: Thu, 19 Jun 2014 11:13:14 GMT
Connection: keep-alive
ETag: "53a2c5ca-26a6"
Accept-Ranges: bytes

/* ------------------
styling for the tables
------------------ */
body
{
line-height: 1.6em;
}
.acunetix-title
{
font-size: 20px;
padding: 12px 15px;
color: #039;
}
#hor-minimalist-a
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
background: #fff;
margin: 45px;
width: 480px;
border-collapse: collapse;
text-align: left;
}
#hor-minimalist-a th
{
font-size: 14px;
font-weight: normal;
color: #039;
padding: 10px 8px;
border-bottom: 2px solid #6678b1;
}
#hor-minimalist-a td
{
color: #669;
padding: 9px 8px 0px 8px;
}
#hor-minimalist-a tbody tr:hover td
{
color: #009;
}
#hor-minimalist-b
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
background: #fff;
margin: 45px;
width: 480px;
border-collapse: collapse;
text-align: left;
}
#hor-minimalist-b th
{
font-size: 14px;
font-weight: normal;
color: #039;
padding: 10px 8px;
border-bottom: 2px solid #6678b1;
}
#hor-minimalist-b td
{
border-bottom: 1px solid #ccc;
color: #669;
padding: 6px 8px;
}
#hor-minimalist-b tbody tr:hover td
{
color: #009;
}
#ver-minimalist
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#ver-minimalist th
{
padding: 8px 2px;
font-weight: normal;
font-size: 14px;
border-bottom: 2px solid #6678b1;
border-right: 30px solid #fff;
border-left: 30px solid #fff;
color: #039;
}
#ver-minimalist td
{
padding: 12px 2px 0px 2px;
border-right: 30px solid #fff;
border-left: 30px solid #fff;
color: #669;
}
#box-table-a
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#box-table-a th
{
font-size: 13px;
font-weight: normal;
padding: 8px;
background: #b9c9fe;
border-top: 4px solid #aabcfe;
border-bottom: 1px solid #fff;
color: #039;
}
#box-table-a td
{
padding: 8px;
background: #e8edff;
border-bottom: 1px solid #fff;
color: #669;
border-top: 1px solid transparent;
}
#box-table-a tr:hover td
{
background: #d0dafd;
color: #339;
}
#box-table-b
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: center;
border-collapse: collapse;
border-top: 7px solid #9baff1;
border-bottom: 7px solid #9baff1;
}
#box-table-b th
{
font-size: 13px;
font-weight: normal;
padding: 8px;
background: #e8edff;
border-right: 1px solid #9baff1;
border-left: 1px solid #9baff1;
color: #039;
}
#box-table-b td
{
padding: 8px;
background: #e8edff;
border-right: 1px solid #aabcfe;
border-left: 1px solid #aabcfe;
color: #669;
}
#hor-zebra
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#hor-zebra th
{
font-size: 14px;
font-weight: normal;
padding: 10px 8px;
color: #039;
}
#hor-zebra td
{
padding: 8px;
color: #669;
}
#hor-zebra .odd
{
background: #e8edff;
}
#ver-zebra
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#ver-zebra th
{
font-size: 14px;
font-weight: normal;
padding: 12px 15px;
border-right: 1px solid #fff;
border-left: 1px solid #fff;
color: #039;
}
#ver-zebra td
{
padding: 8px 15px;
border-right: 1px solid #fff;
border-left: 1px solid #fff;
color: #669;
}
.vzebra-odd
{
background: #eff2ff;
}
.vzebra-even
{
background: #e8edff;
}
#ver-zebra #vzebra-adventure, #ver-zebra #vzebra-children
{
background: #d0dafd;
border-bottom: 1px solid #c8d4fd;
}
#ver-zebra #vzebra-comedy, #ver-zebra #vzebra-action
{
background: #dce4ff;
border-bottom: 1px solid #d6dfff;
}
#one-column-emphasis
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 650px;
text-align: left;
border-collapse: collapse;
}
#one-column-emphasis th
{
font-size: 14px;
font-weight: normal;
padding: 12px 15px;
color: #039;
}
#one-column-emphasis td
{
padding: 10px 15px;
color: #669;
border-top: 1px solid #e8edff;
}
.oce-first
{
background: #d0dafd;
border-right: 10px solid transparent;
border-left: 10px solid transparent;
}
#one-column-emphasis tr:hover td
{
color: #339;
background: #eff2ff;
}
#newspaper-a
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
border: 1px solid #69c;
}
#newspaper-a th
{
padding: 12px 17px 12px 17px;
font-weight: normal;
font-size: 14px;
color: #039;
border-bottom: 1px dashed #69c;
}
#newspaper-a td
{
padding: 7px 17px 7px 17px;
color: #669;
}
#newspaper-a tbody tr:hover td
{
color: #339;
background: #d0dafd;
}
#newspaper-b
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
border: 1px solid #69c;
}
#newspaper-b th
{
padding: 15px 10px 10px 10px;
font-weight: normal;
font-size: 14px;
color: #039;
}
#newspaper-b tbody
{
background: #e8edff;
}
#newspaper-b td
{
padding: 10px;
color: #669;
border-top: 1px dashed #fff;
}
#newspaper-b tbody tr:hover td
{
color: #339;
background: #d0dafd;
}
#newspaper-c
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
border: 1px solid #6cf;
}
#newspaper-c th
{
padding: 20px;
font-weight: normal;
font-size: 13px;
color: #039;
text-transform: uppercase;
border-right: 1px solid #0865c2;
border-top: 1px solid #0865c2;
border-left: 1px solid #0865c2;
border-bottom: 1px solid #fff;
}
#newspaper-c td
{
padding: 10px 20px;
color: #669;
border-right: 1px dashed #6cf;
}
#rounded-corner
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#rounded-corner thead th.rounded-company
{
background: #b9c9fe url('table-images/left.png') left -1px no-repeat;
}
#rounded-corner thead th.rounded-q4
{
background: #b9c9fe url('table-images/right.png') right -1px no-repeat;
}
#rounded-corner th
{
padding: 8px;
font-weight: normal;
font-size: 13px;
color: #039;
background: #b9c9fe;
}
#rounded-corner td
{
padding: 8px;
background: #e8edff;
border-top: 1px solid #fff;
color: #669;
}
#rounded-corner tfoot td.rounded-foot-left
{
background: #e8edff url('table-images/botleft.png') left bottom no-repeat;
}
#rounded-corner tfoot td.rounded-foot-right
{
background: #e8edff url('table-images/botright.png') right bottom no-repeat;
}
#rounded-corner tbody tr:hover td
{
background: #d0dafd;
}
#background-image
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
background: url('table-images/blurry.jpg') 330px 59px no-repeat;
}
#background-image th
{
padding: 12px;
font-weight: normal;
font-size: 14px;
color: #339;
}
#background-image td
{
padding: 9px 12px;
color: #669;
border-top: 1px solid #fff;
}
#background-image tfoot td
{
font-size: 11px;
}
#background-image tbody td
{
background: url('table-images/back.png');
}
* html #background-image tbody td
{
/*
----------------------------
PUT THIS ON IE6 ONLY STYLE
AS THE RULE INVALIDATES
YOUR STYLESHEET
----------------------------
*/
filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src='table-images/back.png',sizingMethod='crop');
background: none;
}
#background-image tbody tr:hover td
{
color: #339;
background: none;
}
#gradient-style
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
}
#gradient-style th
{
font-size: 13px;
font-weight: normal;
padding: 8px;
background: #b9c9fe url('table-images/gradhead.png') repeat-x;
border-top: 2px solid #d3ddff;
border-bottom: 1px solid #fff;
color: #039;
}
#gradient-style td
{
padding: 8px;
border-bottom: 1px solid #fff;
color: #669;
border-top: 1px solid #fff;
background: #e8edff url('table-images/gradback.png') repeat-x;
}
#gradient-style tfoot tr td
{
background: #e8edff;
font-size: 12px;
color: #99c;
}
#gradient-style tbody tr:hover td
{
background: #d0dafd url('table-images/gradhover.png') repeat-x;
color: #339;
}
#pattern-style-a
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
background: url('table-images/pattern.png');
}
#pattern-style-a thead tr
{
background: url('table-images/pattern-head.png');
}
#pattern-style-a th
{
font-size: 13px;
font-weight: normal;
padding: 8px;
border-bottom: 1px solid #fff;
color: #039;
}
#pattern-style-a td
{
padding: 8px;
border-bottom: 1px solid #fff;
color: #669;
border-top: 1px solid transparent;
}
#pattern-style-a tbody tr:hover td
{
color: #339;
background: #fff;
}
#pattern-style-b
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 480px;
text-align: left;
border-collapse: collapse;
background: url('table-images/patternb.png');
}
#pattern-style-b thead tr
{
background: url('table-images/patternb-head.png');
}
#pattern-style-b th
{
font-size: 13px;
font-weight: normal;
padding: 8px;
border-bottom: 1px solid #fff;
color: #039;
}
#pattern-style-b td
{
padding: 8px;
border-bottom: 1px solid #fff;
color: #669;
border-top: 1px solid transparent;
}
#pattern-style-b tbody tr:hover td
{
color: #339;
background: #cdcdee;
}

Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.

Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.

GET http://www.vulnweb.com/favicon.ico HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://www.vulnweb.com/

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:00 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/favicon.ico HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://www.vulnweb.com/

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:00 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/favicon.ico HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://www.vulnweb.com/

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:00 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/favicon.ico HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://www.vulnweb.com/

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:00 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/favicon.ico HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://www.vulnweb.com/

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:01 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/robots.txt HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:01 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/robots.txt HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:01 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/robots.txt HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:01 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/robots.txt HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:01 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/robots.txt HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:02 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/sitemap.xml HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:02 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/sitemap.xml HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:01 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/sitemap.xml HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:01 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/sitemap.xml HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3739.0 Safari/537.36 Edg/75.0.109.0
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:02 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

GET http://www.vulnweb.com/sitemap.xml HTTP/1.1
Host: www.vulnweb.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.19.0
Date: Wed, 14 Dec 2022 06:34:02 GMT
Content-Type: text/html
Content-Length: 555
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->