0

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
	<link rel="shortcut icon" href="./images/favicon.ico" type="image/x-icon" />	
	<link rel="stylesheet" type="text/css" href="./styles/global-styles.css" />
	<link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu.css" />
	<link rel="stylesheet" type="text/css" href="./styles/ddsmoothmenu/ddsmoothmenu-v.css" />

	<script type="text/javascript" src="./javascript/bookmark-site.js"></script>
	<script type="text/javascript" src="./javascript/ddsmoothmenu/ddsmoothmenu.js"></script>
	<script type="text/javascript" src="./javascript/ddsmoothmenu/jquery.min.js">
		/***********************************************
		* Smooth Navigational Menu- (c) Dynamic Drive DHTML code library (www.dynamicdrive.com)
		* This notice MUST stay intact for legal use
		* Visit Dynamic Drive at http://www.dynamicdrive.com/ for full source code
		***********************************************/
	</script>



<script>
(function(w, d, e, u, c, g, a, b){
    w["SSJSConnectorObj"] = {ss_cid : c, domain_info: "auto"};
    w[g] = function(i, j){w["SSJSConnectorObj"][i] = j};
    a = d.createElement(e);
    a.async = true;
    a.src = u;
    b = d.getElementsByTagName(e)[0];
    b.parentNode.insertBefore(a, b);
    
  })(window,document,"script","https://cdn.perfdrive.com/aperture/aperture.js","9756","ssConf");
    

</script>

                    


	<script type="text/javascript">
		ddsmoothmenu.init({
			mainmenuid: "smoothmenu1", //menu DIV id
			orientation: 'v', //Horizontal or vertical menu: Set to "h" or "v"
			classname: 'ddsmoothmenu', //class added to menu's outer DIV
			//customtheme: ["#cccc44", "#cccccc"],
			contentsource: "markup" //"markup" or ["container_id", "path_to_menu_file"]
		});
	</script>
	<script type="text/javascript">
		$(function() {
			$('[ReflectedXSSExecutionPoint]').attr("title", "");
			$('[ReflectedXSSExecutionPoint]').balloon();
			$('[CookieTamperingAffectedArea]').attr("title", "");
			$('[CookieTamperingAffectedArea]').balloon();
		});
	</script>
</head>
<body onload="onLoadOfBody(this);">
<table class="main-table-frame" border="1px" cellspacing="0px" cellpadding="0px">
	<tr>
		<td bgcolor="#ccccff" align="center" colspan="7">
			<table width="100%">
				<tr>
					<td style="text-align:center;">
						<span style="text-align:center; font-weight: bold; font-size:30px; text-align: center;">
						<img style="vertical-align: middle; margin-right: 10px;" border="0px" align="top" src="images/coykillericon-50-38.png"/>
							OWASP Mutillidae II: Web Pwn in Mass Production 
						</span>
					</td>
				</tr>		
			</table>
		</td>
	</tr>
	<tr>
		<td bgcolor="#ccccff" align="center" colspan="7">
						<span class="version-header">Version: 2.6.30</span>
			<span id="idSecurityLevelHeading" class="version-header" style="margin-left: 20px;">Security Level: 1 (Client-side Security)</span>
			<span id="idHintsStatusHeading" CookieTamperingAffectedArea="1" class="version-header" style="margin-left: 20px;">Hints: Enabled (1 - 5cr1pt K1dd1e)</span>
			<span id="idSystemInformationHeading" ReflectedXSSExecutionPoint="1" class="version-header" style="margin-left: 20px;">Not Logged In</span>
		</td>
	</tr>
	<tr>
		<td colspan="2" class="header-menu-table">
			<table class="header-menu-table">
				<tr>
					<td><a href="index.php?page=home.php&popUpNotificationCode=HPH0">Home</a></td>
					<td>|</td>
					<td>
						<a href="index.php?page=login.php">Login/Register</a>		
					</td>
					<td>|</td>
										<td><a href="index.php?do=toggle-bubble-hints&page=user-poll.php">Show Popup Hints</a></td>
					<td>|</td>
					<td><a href="index.php?do=toggle-security&page=user-poll.php">Toggle Security</a></td>
					<td>|</td>
					<td><a href="index.php?do=toggle-enforce-ssl&page=user-poll.php">Enforce SSL</a></td>
					<td>|</td>
					<td><a href="set-up-database.php">Reset DB</a></td>
					<td>|</td>
					<td><a href="index.php?page=show-log.php">View Log</a></td>
					<td>|</td>
					<td><a href="index.php?page=captured-data.php">View Captured Data</a></td>
				</tr>
			</table>	
		</td>
	</tr>
	<tr>
		<td style="vertical-align:top;text-align:left;background-color:#ccccff;width:125pt;">
		<div id="smoothmenu1" class="ddsmoothmenu">
	<ul>
		<li style="border-color: #ffffff;border-style: solid;border-width: 1px;">
			<a href="">OWASP 2013</a>
			<ul>
				<li>
					<a href="https://www.owasp.org/index.php/Top_10_2013-A1-Injection" target="_blank">A1 - Injection (SQL)</a>
					<ul>
						<li>
							<a href="">SQLi - Extract Data</a>
							<ul>
								<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
							</ul>
						</li>
						<li>
							<a href="">SQLi - Bypass Authentication</a>
							<ul>
								<li><a href="index.php?page=login.php">Login</a></li>
							</ul>
						</li>
						<li>
							<a href="">SQLi - Insert Injection</a>
							<ul>
								<li><a href="?page=add-to-your-blog.php">Add to your blog</a></li>
								<li><a href="index.php?page=register.php">Register</a></li>
								<li><a href="index.php?page=captured-data.php">View Captured Data</a></li>
							</ul>
						</li>
						<li>
							<a href="">Blind SQL via Timing</a>
							<ul>
								<li><a href="index.php?page=login.php">Login</a></li>
								<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
							</ul>
						</li>
						<li>
							<a href="">SQLMAP Practice</a>
							<ul>
								<li><a href="index.php?page=sqlmap-targets.php">SQLMAP Practice Targets</a></li>
								<li><a href="index.php?page=login.php">Login</a></li>
								<li><a href="index.php?page=view-someones-blog.php">View Someones Blog</a></li>
								<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
							</ul>
						</li>
						<li>
							<a href="">Via JavaScript Object Notation (JSON)</a>
							<ul>
								<li><a href="index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li>
								<li><a href="index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li>
							</ul>
						</li>
						<li>
							<a href="">Via SOAP Web Service</a>
							<ul>
								<li><a href="./webservices/soap/ws-user-account.php">Lookup User</a></li>
							</ul>
						</li>
						<li>
							<a href="">Via REST Web Service</a>
							<ul>
								<li><a href="./webservices/rest/ws-user-account.php">User Account Management</a></li>
							</ul>
						</li>								
					</ul>
				</li>
				<li>
					<a href="https://www.owasp.org/index.php/Top_10_2013-A1-Injection" target="_blank">A1 - Injection (Other)</a>
						<ul>
						<li>
							<a href="">HTML Injection (HTMLi)</a>
							<ul>
								<li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li>
								<li><a href="index.php?page=browser-info.php">Browser Info</a></li>
								<li><a href="index.php?page=dns-lookup.php">DNS Lookup</a></li>
								<li><a href="index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li>
								<li><a href="index.php?page=text-file-viewer.php">Text File Viewer</a></li>
								<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
								<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>
								<li><a href="index.php?page=set-background-color.php">Set Background Color</a></li>
								<li><a href="index.php?page=html5-storage.php">HTML5 Web Storage</a></li>
								<li><a href="index.php?page=capture-data.php">Capture Data Page</a></li>
								<li><a href="index.php?page=captured-data.php">View Captured Data</a></li>
								<li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/how-to-access-Mutillidae-over-Virtual-Box-network.php">Document Viewer</a></li>
								<li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li>
								<li><a href="index.php?page=user-poll.php">Poll Question</a></li>
								<li><a href="index.php?page=register.php">Register User</a></li>
								<li><a href="index.php?page=login.php">Login</a></li>
								<li><a href="index.php?page=back-button-discussion.php">Those &quot;Back&quot; Buttons</a></li>
								<li><a href="index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae">Styling with Mutilidae</a></li>
								<li><a href="index.php?page=password-generator.php&username=anonymous">Password Generator</a></li>
							</ul>
						</li>
						<li>
							<a href="">HTMLi via HTTP Headers</a>
							<ul>
								<li><a href="index.php?page=back-button-discussion.php">Those &quot;Back&quot; Buttons</a></li>
								<li><a href="index.php?page=browser-info.php">Browser Info</a></li>
								<li><a href="index.php?page=site-footer-xss-discussion.php">Site Footer</a><li>
								<li><a href="">HTTP Response Splitting (Hint: Difficult)</a></li>
							</ul>
						</li>
						<li>
							<a href="">HTMLi Via DOM Injection</a>
							<ul>
								<li><a href="index.php?page=html5-storage.php">HTML5 Web Storage</a></li>
								<li><a href="index.php?page=password-generator.php&username=anonymous">Password Generator</a></li>
							</ul>
						</li>								
						<li>
							<a href="">HTMLi Via Cookie Injection</a>
							<ul>
								<li><a href="index.php?page=capture-data.php">Capture Data Page</a></li>
							</ul>
						</li>
						<li>
							<a href="">Frame Source Injection</a>
							<ul>
								<li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/how-to-access-Mutillidae-over-Virtual-Box-network.php">Document Viewer</a></li>
								<li><a href="index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae">Styling with Mutilidae</a></li>
							</ul>
						</li>
						<li>
							<a href="">Command Injection</a>
							<ul>
								<li><a href="index.php?page=dns-lookup.php">DNS Lookup</a></li>
								<li><a href="./webservices/soap/ws-lookup-dns-record.php">DNS Lookup (SOAP Web Service)</a></li>
							</ul>
						</li>
						<li>
							<a href="">JavaScript Injection</a>
							<ul>
								<li><a href="index.php?page=back-button-discussion.php">Those &quot;Back&quot; Buttons</a></li>
								<li><a href="index.php?page=password-generator.php&username=anonymous">Password Generator</a></li>
								<li><a href="index.php?page=browser-info.php">Browser Info</a></li>
							</ul>
						</li>
						<li>
							<a href="">HTTP Parameter Pollution</a>
							<ul>
								<li><a href="index.php?page=user-poll.php">Poll Question</a></li>
								<li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/how-to-access-Mutillidae-over-Virtual-Box-network.php">Document Viewer</a></li>
							</ul>
						</li>
						<li>
							<a href="">Cascading Style Injection</a>
							<ul>
								<li><a href="index.php?page=set-background-color.php">Set Background Color</a></li>
							</ul>
						</li>
						<li>
							<a href="">JavaScript Object Notation (JSON) Injection</a>
							<ul>
								<li><a href="index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li>
								<li><a href="index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li>
							</ul>
						</li>
						<li>
							<a href="">Buffer Overflow</a>
							<ul>
								<li><a href="index.php?page=repeater.php">Repeater</a></li>
							</ul>
						</li>
						<li>
							<a href="">Parameter Addition</a>
							<ul>
								<li><a href="index.php?page=repeater.php">Repeater</a></li>
								<li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li>								
							</ul>
						</li>
						<li>
							<a href="">XML External Entity Injection</a>
							<ul>
								<li><a href="index.php?page=xml-validator.php">XML Validator</a></li>
							</ul>
						</li>
						<li>
							<a href="">XML Entity Expansion</a>
							<ul>
								<li><a href="index.php?page=xml-validator.php">XML Validator</a></li>
							</ul>
						</li>
						<li>
							<a href="">XML Injection</a>
							<ul>
								<li><a href="index.php?page=xml-validator.php">XML Validator</a></li>
							</ul>
						</li>
						<li>
							<a href="">XPath Injection</a>
							<ul>
								<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>
							</ul>
						</li>
						<li>
							<a href="">Application Log Injection</a>
							<ul>
								<li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li>
								<li><a href="index.php?page=dns-lookup.php">DNS Lookup</a></li>
								<li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/how-to-access-Mutillidae-over-Virtual-Box-network.php">Document Viewer</a></li>
								<li><a href="index.php?page=capture-data.php">Capture Data Page</a></li>
								<li><a href="index.php?page=login.php">Login</a></li>
								<li><a href="index.php?page=register.php">Register User</a></li>
								<li><a href="index.php?page=source-viewer.php">Source Viewer</a></li>
								<li><a href="index.php?page=text-file-viewer.php">Text File Viewer</a></li>
							</ul>
						</li>
						<li>
							<a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">CBC-bit Flipping</a>
						</li>
					</ul>
				</li>
				<li>
					<a href="https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management" target="_blank">
						A2 - Broken Authentication and Session Management
					</a>
					<ul>
						<li><a href="">Authentication Bypass</a>
							<ul>
								<li><a href="">Via Brute Force</a>
									<ul>
										<li><a href="index.php?page=login.php">Login</a></li>
									</ul>
								</li>
								<li><a href="index.php?page=privilege-escalation.php">Via Cookies</a></li>
								<li><a href="">Via SQL Injection</a>
									<ul>
										<li><a href="index.php?page=login.php">Login</a></li>
									</ul>
								</li>
							</ul>
						</li>
						<li><a href="">Priviliege Escalation</a>
							<ul>
								<li><a href="index.php?page=privilege-escalation.php">Via Cookies</a></li>
								<li><a href="index.php?page=login.php">Login</a></li>
								<li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">Via CBC-bit Flipping</a></li>
							</ul>								
						</li>
						<li><a href="">Username Enumeration</a>
							<ul>
								<li><a href="index.php?page=login.php">Login</a></li>
								<li><a href="./webservices/soap/ws-user-account.php">Lookup User (SOAP Web Service)</a></li>
								<li><a href="./webservices/rest/ws-user-account.php">User Account Management(REST Web Service)</a></li>
							</ul>
						</li>							
					</ul>
				</li>
				<li>
					<a href="https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_%28XSS%29" target="_blank">A3 - Cross Site Scripting (XSS)</a>
					<ul>
						<li>
							<a href="">Reflected (First Order)</a>
							<ul>
								<li><a href="index.php?page=dns-lookup.php">DNS Lookup</a></li>
								<li><a href="index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li>
								<li><a href="index.php?page=text-file-viewer.php">Text File Viewer</a></li>
								<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
								<li><a href="index.php?page=set-background-color.php">Set Background Color</a></li>
								<li><a href="index.php?page=html5-storage.php">HTML5 Web Storage</a></li>
								<li><a href="index.php?page=capture-data.php">Capture Data Page</a></li>
								<li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/how-to-access-Mutillidae-over-Virtual-Box-network.php">Document Viewer</a></li>
								<li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li>
								<li><a href="index.php?page=xml-validator.php">XML Validator</a></li>
								<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>	
								<li><a href="index.php?page=user-poll.php">Poll Question</a></li>
								<li><a href="index.php?page=register.php">Register User</a></li>
								<li><a href="index.php?page=browser-info.php">Browser Info</a></li>
								<li><a href="index.php?page=back-button-discussion.php">Those &quot;Back&quot; Buttons</a></li>
								<li><a href="index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae">Styling with Mutilidae</a></li>
								<li><a href="index.php?page=password-generator.php&username=anonymous">Password Generator</a></li>
								<li><a href="index.php?page=client-side-control-challenge.php">Client-side Control Challenge</a></li>
							</ul>
						</li>
						<li>
							<a href="">Persistent (Second Order)</a>
							<ul>
								<li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li>
								<li><a href="index.php?page=view-someones-blog.php">View someone's blog</a></li>
								<li><a href="index.php?page=show-log.php">Show Log</a><li>
							</ul>
						</li>
						<li>
							<a href="">DOM-Based</a>
							<ul>
								<li><a href="index.php?page=html5-storage.php">HTML5 Web Storage</a></li>
								<li><a href="index.php?page=password-generator.php&username=anonymous">Password Generator</a></li>
							</ul>
						</li>								
						<li>
							<a href="">Via "Input" (GET/POST)</a>
							<ul>
								<li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li>
								<li><a href="index.php?page=view-someones-blog.php">View someone's blog</a></li>
								<li><a href="index.php?page=show-log.php">Show Log</a><li>
								<li><a href="index.php?page=text-file-viewer.php">Text File Viewer</a></li>
								<li><a href="index.php?page=dns-lookup.php">DNS Lookup</a></li>
								<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
								<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>
								<li><a href="index.php">Missing HTTPOnly Attribute</a></li>
								<li><a href="index.php?page=set-background-color.php">Set Background Color</a></li>
								<li><a href="index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li>
								<li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/how-to-access-Mutillidae-over-Virtual-Box-network.php">Document Viewer</a></li>
							</ul>
						</li>
						<li>
							<a href="">Via HTTP Headers</a>
							<ul>
								<li><a href="index.php?page=browser-info.php">Browser Info</a></li>
								<li><a href="index.php?page=show-log.php">Show Log</a><li>
								<li><a href="index.php?page=site-footer-xss-discussion.php">Site Footer</a><li>
								<li><a href="index.php?page=back-button-discussion.php">Those &quot;Back&quot; Buttons</a></li>
							</ul>
						</li>
						<li>
							<a href="">Via HTTP Attribute</a>
							<ul>
								<li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/how-to-access-Mutillidae-over-Virtual-Box-network.php">Document Viewer</a></li>
							</ul>								
						</li>								
						<li>
							<a href="">Via Misconfiguration</a>
							<ul>
								<li><a href="index.php">Missing HTTPOnly Attribute</a></li>
							</ul>
						</li>
						<li>
							<a href="">Against HTML5 Web Storage</a>
							<ul>
								<li><a href="index.php?page=html5-storage.php">HTML5 Web Storage</a></li>
							</ul>
						</li>
						<li>
							<a href="">Against JSON</a>
							<ul>
								<li><a href="index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li>
							</ul>
						</li>
						<li>
							<a href="">Via Cookie Injection</a>
							<ul>
								<li><a href="index.php?page=capture-data.php">Capture Data Page</a></li>
							</ul>
						</li>
						<li>
							<a href="">Via XML Injection</a>
							<ul>
								<li><a href="index.php?page=xml-validator.php">XML Validator</a></li>
							</ul>
						</li>
						<li>
							<a href="">Via XPath Injection</a>
							<ul>
								<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>
							</ul>
						</li>						
						<li>
							<a href="">Via Path Relative Style Sheet Injection</a>
							<ul>
								<li><a href="index.php?page=styling-frame.php&page-to-frame=styling.php%3Fpage-title%3DStyling+with+Mutillidae">Styling with Mutilidae</a></li>
							</ul>
						</li>
						<li>
							<a href="">BeeF Framework Targets</a>
							<ul>
								<li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li>
								<li><a href="index.php?page=view-someones-blog.php">View someone's blog</a></li>
								<li><a href="index.php?page=show-log.php">Show Log</a><li>
								<li><a href="index.php?page=dns-lookup.php">DNS Lookup</a></li>
								<li><a href="index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li>
								<li><a href="index.php?page=text-file-viewer.php">Text File Viewer</a></li>
								<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
								<li><a href="index.php?page=set-background-color.php">Set Background Color</a></li>
								<li><a href="index.php?page=html5-storage.php">HTML5 Web Storage</a></li>
								<li><a href="index.php?page=capture-data.php">Capture Data Page</a></li>
								<li><a href="index.php?page=document-viewer.php&PathToDocument=documentation/how-to-access-Mutillidae-over-Virtual-Box-network.php">Document Viewer</a></li>
								<li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li>
								<li><a href="index.php?page=xml-validator.php">XML Validator</a></li>
								<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>
								<li><a href="index.php?page=user-poll.php">Poll Question</a></li>
								<li><a href="index.php?page=register.php">Register User</a></li>
								<li><a href="index.php?page=password-generator.php&username=anonymous">Password Generator</a></li>
							</ul>
						</li>
					</ul>
				</li>
				<li>
					<a href="https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References" target="_blank">A4 - Insecure Direct Object References</a>
					<ul>
						<li><a href="index.php?page=text-file-viewer.php">Text File Viewer</a></li>
						<li><a href="index.php?page=source-viewer.php">Source Viewer</a></li>
						<li><a href="index.php?page=credits.php">Credits</a></li>
						<li><a href="index.php?page=privilege-escalation.php">Cookies</a></li>
						<li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li>
					</ul>
				</li>
				<li>
					<a href="https://www.owasp.org/index.php/Top_10_2013-A5-Security_Misconfiguration" target="_blank">A5 - Security Misconfiguration</a>
					<ul>
						<li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li>
						<li><a href="index.php?page=directory-browsing.php">Directory Browsing</a></li>
						<li>
							<a href="">Method Tampering (GET for POST)</a>
							<ul>
								<li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li>
								<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
								<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>
								<li><a href="index.php?page=user-poll.php">Poll Question</a></li>
								<li><a href="index.php?page=dns-lookup.php">DNS Lookup</a></li>
							</ul>
						</li>
						<li>
							<a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a>
						</li>
						<li>
							<a href="index.php?page=upload-file.php">Unrestricted File Upload</a>
						</li>
					</ul>
				</li>
				<li>
					<a href="https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure" target="_blank">A6 - Sensitive Data Exposure</a>
					<ul>
						<li>
							<a href="">Information Disclosure</a>
							<ul>
								<li><a href="index.php?page=phpmyadmin.php">PHP MyAdmin Console</a></li>
								<li><a href="index.php?page=phpinfo.php">PHP Info Page</a></li>
								<li><a href="index.php?page=robots-txt.php">Robots.txt</a></li>
								<li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li>
								<li><a href="index.php?page=html5-storage.php">HTML5 Web Storage</a></li>
								<li><a href="index.php">Cache-Control</a></li>
								<li><a href="index.php">X-Powered-By HTTP Header</a></li>
								<li><a href="index.php">HTML/JavaScript Comments</a></li>
								<li><a href="index.php?page=framing.php">Click-Jacking</a></li>
								<li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li>
							</ul>
						</li>
						<li>
							<a href="">Application Path Disclosure</a>
							<ul>
								<li><a href="index.php?page=phpmyadmin.php">PHP MyAdmin Console</a></li>
								<li><a href="index.php?page=phpinfo.php">PHP Info Page</a></li>
								<li><a href="index.php?page=robots-txt.php">Robots.txt</a></li>
							</ul>
						</li>
						<li>
							<a href="">Platform Path Disclosure</a>
							<ul>
								<li><a href="index.php?page=phpmyadmin.php">PHP MyAdmin Console</a></li>
								<li><a href="index.php?page=phpinfo.php">PHP Info Page</a></li>
							</ul>
						</li>
					</ul>
				</li>
				<li>
					<a href="https://www.owasp.org/index.php/Top_10_2013-A7-Missing_Function_Level_Access_Control" target="_blank">A7 - Missing Function Level Access Control</a>
					<ul>
						<li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li>
						<li><a href="index.php?page=client-side-control-challenge.php">Client-side Control Challenge</a></li>
						<li><a href="index.php?page=robots-txt.php">Robots.txt</a></li>
					</ul>
				</li>
				<li>
					<a href="https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_%28CSRF%29" target="_blank">A8 - Cross Site Request Forgery (CSRF)</a>
					<ul>
						<li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li>
						<li><a href="index.php?page=register.php">Register User</a></li>
						<li><a href="index.php?page=user-poll.php">Poll Question</a></li>
					</ul>
				</li>
				<li>
					<a href="https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities" target="_blank">A9 - Using Components with Known Vulnerabilities</a>
					<ul>
						<li><a href="index.php?page=phpmyadmin.php">PHP MyAdmin Console</a></li>
						<li><a href="index.php?page=phpinfo.php">PHP Info Page</a></li>
						<li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">CBC-bit Flipping</a></li>
					</ul>
				</li>
				<li>
					<a href="https://www.owasp.org/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards" target="_blank">A10 - Unvalidated Redirects and Forwards</a>
					<ul>
						<li><a href="?page=credits.php">Credits</a></li>
												<a href="">Setup/reset the DB (Disabled: Not Admin)</a></li>
								
					</ul>
				</li>
			</ul>
		</li>
	</ul>
	<ul>
		<li style="border-color: #ffffff;border-style: solid;border-width: 1px;">
			<a href="">OWASP 2010</a>
			<ul>
				<li>
					<a href="http://www.owasp.org/index.php/Top_10_2010-A7" target="_blank">2010 A7 - Insecure Cryptographic Storage</a>
					<ul>
						<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
						<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>
						<li><a href="index.php?page=html5-storage.php">HTML5 Web Storage</a></li>
						<li><a href="index.php?page=view-user-privilege-level.php&iv=6bc24fc1ab650b25b4114e93a98f1eba">View User Privileges</a></li>
					</ul>
				</li>
				<li>
					<a href="http://www.owasp.org/index.php/Top_10_2010-A8" target="_blank">2010 A8 - Failure to Restrict URL Access</a>
					<ul>
						<li><a href="index.php?page=phpmyadmin.php">PHP MyAdmin Console</a></li>
						<li><a href="index.php?page=source-viewer.php">Source Viewer</a></li>
						<li><a href="index.php?page=secret-administrative-pages.php">"Secret" Administrative Pages</a></li>
						<li><a href="index.php?page=robots-txt.php">Robots.txt</a></li>
						<li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li>
						<li><a href="index.php?page=phpinfo.php">PHP Info Page</a></li>					
					</ul>
				</li>
				<li>
					<a href="http://www.owasp.org/index.php/Top_10_2010-A9" target="_blank">2010 A9 - Insufficient Transport Layer Protection</a>
					<ul>
						<li><a href="index.php?page=ssl-misconfiguration.php">SSL Misconfiguration</a></li>
						<li><a href="index.php?page=login.php">Login</a></li>
						<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
						<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>
					</ul>
				</li>
			</ul>
		</li>
	</ul>	
	<ul>
		<li style="border-color: #ffffff;border-style: solid;border-width: 1px;">
			<a href="">OWASP 2007</a>
			<ul>
				<li>
					<a href="http://www.owasp.org/index.php/Top_10_2007-A3" target="_blank">OWASP 2007 A3 - Malicious File Execution</a>
					<ul>
						<li><a href="?page=text-file-viewer.php">Text File Viewer</a></li>
						<li><a href="?page=source-viewer.php">Source Viewer</a></li>
					</ul>		
				</li>
				<li>
					<a href="http://www.owasp.org/index.php/Top_10_2007-A6" target="_blank">OWASP 2007 A6 - Information Leakage</a>
					<ul>
						<li><a href="index.php">Cache-Control</a></li>
						<li><a href="index.php">X-Powered-By HTTP Header</a></li>
						<li><a href="index.php">HTML/JavaScript Comments</a></li>
						<li><a href="index.php?page=framing.php">Click-Jacking</a></li>
						<li><a href="framer.html">Cross-Site Framing (Third-Party Framing)</a></li>
						<li><a href="index.php?page=html5-storage.php">HTML5 Web Storage</a></li>
						<li><a href="index.php?page=phpmyadmin.php">PHP MyAdmin Console</a></li>
						<li><a href="index.php?page=phpinfo.php">PHP Info Page</a></li>
						<li><a href="index.php?page=robots-txt.php">Robots.txt</a></li>
					</ul>		
				</li>
				<li>
					<a href="http://www.owasp.org/index.php/Top_10_2007-A6" target="_blank">OWASP 2007 A6 - Improper Error Handling</a>
					<ul>
						<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
						<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>
						<li><a href="index.php?page=login.php">Login</a></li>
						<li><a href="index.php?page=register.php">Register</a></li>
						<li><a href="index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li>
						<li><a href="index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li>
						<li><a href="./webservices/soap/ws-user-account.php">Lookup User (SOAP Web Service)</a></li>
					</ul>		
				</li>
			</ul>
		</li>
	</ul>	
	<ul>
		<li style="border-color: #ffffff; border-style: solid;border-width: 1px;">
			<a href="">Web Services</a>
			<ul>
				<li>
					<a href="">SOAP</a>
					<ul>
						<li>
							<a href="">Test Page</a>
							<ul>
								<li><a href="./webservices/soap/ws-hello-world.php">Hello World</a></li>
							</ul>
						</li>
						<li>
							<a href="">Command Injection</a>
							<ul>
								<li><a href="./webservices/soap/ws-lookup-dns-record.php">DNS Lookup</a></li>
							</ul>
						</li>
						<li>
							<a href="">SQL Injection</a>
							<ul>
								<li><a href="./webservices/soap/ws-user-account.php">Lookup User</a></li>
							</ul>
						</li>
						<li>
							<a href="">Username Enumeration</a>
							<ul>
								<li><a href="./webservices/soap/ws-user-account.php">Lookup User</a></li>
							</ul>
						</li>
					</ul>
				</li>
				<li>
					<a href="">REST</a>
					<ul>
						<li>
							<a href="">SQL Injection</a>
							<ul>
								<li><a href="./webservices/rest/ws-user-account.php">User Account Management</a></li>
							</ul>
						</li>
						<li>
							<a href="">Username Enumeration</a>
							<ul>
								<li><a href="./webservices/rest/ws-user-account.php">User Account Management</a></li>
							</ul>
						</li>
					</ul>
				</li>						
			</ul>
		</li>
		<li style="border-color: #ffffff; border-style: solid;border-width: 1px;">
			<a href="">HTML 5</a>
			<ul>
				<li>
					<a href="">HTML 5 Web Storage</a>
					<ul>
						<li><a href="index.php?page=html5-storage.php">HTML5 Web Storage</a></li>
					</ul>
				</li>
				<li>
					<a href="">JavaScript Object Notation (JSON)</a>
					<ul>
						<li><a href="index.php?page=pen-test-tool-lookup.php">Pen Test Tool Lookup</a></li>
						<li><a href="index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li>
					</ul>
				</li>
				<li>
					<a href="">Asyncronous JavaScript and XML (AJAX)</a>
					<ul>
						<li><a href="index.php?page=pen-test-tool-lookup-ajax.php">Pen Test Tool Lookup (AJAX)</a></li>
					</ul>
				</li>
			</ul>
		</li>
		<li style="border-color: #ffffff; border-style: solid;border-width: 1px;">
			<a href="">Others</a>
			<ul>			
				<li>
					<a href="">Client-side "Security" Controls</a>
					<ul>
						<li><a href="index.php?page=client-side-control-challenge.php">Client-side Control Challenge</a></li>
					</ul>
				</li>
				<li>
					<a href="">Cross-Frame Framing (Third-party Framing)</a>
					<ul>
						<li><a href="index.php?page=framer.html">Framer</a></li>
					</ul>
				</li>
				<li>
					<a href="">Unrestricted File Upload</a>
					<ul>
						<li><a href="index.php?page=upload-file.php">File Upload</a></li>
					</ul>
				</li>
				<li>
					<a href="">XML External Entity Injection</a>
					<ul>
						<li><a href="index.php?page=xml-validator.php">XML Validator</a></li>
					</ul>
				</li>
				<li>
					<a href="">XPath Injection</a>
					<ul>
						<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>
					</ul>
				</li>				
				<li>
					<a href="">Local File Inclusion</a>
					<ul>
						<li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li>
					</ul>
				</li>
				<li>
					<a href="">Remote File Inclusion</a>
					<ul>
						<li><a href="index.php?page=arbitrary-file-inclusion.php">Arbitrary File Inclusion</a></li>
					</ul>
				</li>
				<li>
					<a href="">Denial of Service</a>
					<ul>
						<li><a href="?page=text-file-viewer.php">Text File Viewer</a></li>
						<li><a href="?page=show-log.php">Show Web Log</a><li>
					</ul>		
				</li>
				<li>
					<a href="">JavaScript Validation Bypass</a>
					<ul>
						<li><a href="index.php?page=login.php">Login</a></li>
						<li><a href="index.php?page=user-info.php">User Info (SQL)</a></li>
						<li><a href="index.php?page=user-info-xpath.php">User Info (XPath)</a></li>
						<li><a href="index.php?page=add-to-your-blog.php">Add to your blog</a></li>
						<li><a href="index.php?page=html5-storage.php">HTML5 Web Storage</a></li>
						<li><a href="index.php?page=dns-lookup.php">DNS Lookup</a></li>
						<li><a href="index.php?page=repeater.php">Repeater</a></li>
					</ul>		
				</li>
				<li>
					<a href="index.php?page=user-agent-impersonation.php">User-Agent Impersonation</a>
				</li>
				<li>
					<a href="">Data Capture Pages</a>
					<ul>
						<li><a href="index.php?page=capture-data.php">Data Capture</a></li>
						<li><a href="index.php?page=captured-data.php">View Captured Data</a></li>
					</ul>		
				</li>
			</ul>
		</li>
		<li style="border-color: #ffffff;border-style: solid;border-width: 1px;">
			<a href="">Documentation</a>
			<ul>
				<li><a href="index.php?page=documentation/change-log.html">Change Log</a></li>
				<li><a href="index.php?page=credits.php">Credits</a></li>
				<li>
					<a href="index.php?page=documentation/how-to-access-Mutillidae-over-Virtual-Box-network.php">
						How to Access Mutillidae over Virtual Box "Host Only" Network
					</a>
				</li>
				<li><a href="index.php?page=installation.php">Installation Instructions</a></li>
				<li><a href="./documentation/mutillidae-installation-on-xampp-win7.pdf" target="_blank">Installation Instructions: Windows 7 (PDF)</a></li>
				<li><a href="index.php?page=documentation/vulnerabilities.php">Listing of Vulnerabilities</a></li>
				<li>
					<a href="https://www.sans.org/reading-room/whitepapers/application/introduction-owasp-mutillidae-ii-web-pen-test-training-environment-34380" target="_blank">
						Whitepaper: Introduction to OWASP Mutillidae II Web Pen Test Training Environment
					</a>
				</li>
			</ul>
		</li>
		<li style="border-color: #ffffff;border-style: solid;border-width: 1px;">
			<a href="">Resources</a>
			<ul>
				<li>
					<a onclick="bookmarkSite();" href="">
						Bookmark Site
					</a>
				</li>
				<li>
					<a href="http://sourceforge.net/projects/mutillidae/files/mutillidae-project/" target="_blank">
						Latest Version of OWASP Mutillidae II
					</a>
				</li>
				<li>
					<a href="https://www.owasp.org/index.php/Top_Ten" target="_blank">
						OWASP Top Ten
					</a>
				</li>
				<li>
					<a href="https://addons.mozilla.org/en-US/firefox/collections/jdruin/pro-web-developer-qa-pack/" target="_blank">
						Professional Web Application Developer Quality Assurance Pack
					</a>
				</li>
				<li>
					<a href="http://samurai.inguardians.com/" target="_blank">
						Samurai Web Testing Framework
					</a>
				</li>
			</ul>
		</li>
	</ul>
	<br style="clear: left" />
</div>
<div>&nbsp;</div>
<div class="label" style="text-align: center;">
	<a 
		href="https://www.sans.org/reading-room/whitepapers/application/introduction-owasp-mutillidae-ii-web-pen-test-training-environment-34380" 
		target="_blank"
		title="Whitepaper: Introduction to OWASP Mutillidae II Web Pen Test Training Environment"
	>			
		<img align="middle" alt="Webpwnized Twitter Channel" src="./images/pdf-icon-48-48.png" />
		<br/>
		Getting Started: Project Whitepaper
	</a>
</div>		
			
		<div>&nbsp;</div>
		<div>&nbsp;</div>
		<div class="label" style="text-align: center;">
			<a href="https://twitter.com/webpwnized" target="_blank">
				<img align="middle" alt="Webpwnized Twitter Channel" src="./images/twitter-bird-48-48.png" />
				<br/>
				Release Announcements
			</a>
		</div>		
		<div>&nbsp;</div>
		<div>&nbsp;</div>
		<div class="label" style="text-align: center;">
			<a href="http://www.youtube.com/user/webpwnized" style="white-space:nowrap;" target="_blank">
				<img align="middle" alt="Webpwnized YouTube Channel" src="./images/youtube-48-48.png" />
				<br/>
				Video<br/>Tutorials
			</a>
		</div>
		<div>&nbsp;</div>
		<div>&nbsp;</div>	
		<div class="label" style="text-align: center;">
			<a href="https://www.owasp.org" target="_blank">
				<img alt="OWASP" style="border-width: 0px;" src="./images/owasp-logo-120-90.png" />
				<br/>
				OWASP
			</a>
		</div>
	</td>
	<td valign="top">
		<blockquote>
		<!-- Begin Content -->


<!-- Bubble hints code -->

<script type="text/javascript">
	$(function() {
		$('[ReflectedXSSExecutionPoint]').attr("title", "");
		$('[ReflectedXSSExecutionPoint]').balloon();
		$('[ParameterPollutionInjectionPoint]').attr("title", "");
		$('[ParameterPollutionInjectionPoint]').balloon();
	});
</script>

<div class="page-title">User Poll</div>



<script type="text/javascript">
	$(function() {
		$('[HTMLEventReflectedXSSExecutionPoint]').attr("title", "");
		$('[HTMLEventReflectedXSSExecutionPoint]').balloon();
	});
</script>

<div style="margin: 5px;">
	<span style="font-weight: bold; margin-right: 50px;" HTMLEventReflectedXSSExecutionPoint="1">
	<a 	onclick="document.location.href='https://websegura.radwarelatam.com/mutillidae/index.php?do=toggle-security&page=user-poll.php';">
		<img	src="./images/back-button-64-64.png" 
				alt="Go Back" 
				align="middle" 
		/>
		&nbsp;
		Back
	</a>
	</span>
	<span 	style="white-space: nowrap; font-weight: bold;" 
		title="Click here to see the primary goal of this page. (Additional vulnerabilities will exist on a page)">
	<a 	href="./includes/pop-up-help-context-generator.php?pagename=user-poll.php" 
		class="colorbox"
		title="Help me with page user-poll.php" style="color: #000000;">
		<img alt="Help Me!" align="middle" src="./images/help-easy-button-48-48.png" />
		Help Me!
	</a>
</span>	
</div><script>
	var gLastPHeaderOpened = null;
	var gLastPBodyOpened = null;
	var gLastPImageOpened = null;

	var sectionClosing = function(/*HTML-ELEMENT*/ pBody){
		return (pBody.style.display == "");
	};

	var openBody = function(
		/*HTML-ELEMENT*/ pHeader,
		/*HTML-ELEMENT*/ pBody, 
		/*HTML-IMG-ELEMENT*/ pImage
	){	
		pBody.style.display = "";
		pImage.src = "./images/up_arrow_16_16.png";
		pHeader.title = "Click to close this section";

		/* Try to remember this hint is open */
		gLastPHeaderOpened = pHeader;
		gLastPBodyOpened = pBody;
		gLastPImageOpened = pImage;			
	};//end if

	var closeBody = function(
			/*HTML-ELEMENT*/ pHeader,
			/*HTML-ELEMENT*/ pBody, 
			/*HTML-IMG-ELEMENT*/ pImage
		){	
			pBody.style.display = "none";
			pImage.src = "./images/down_arrow_16_16.png";
			pHeader.title = "Click to open this section";
		};//end if

	var closeCurrentlyOpenBody = function(
			/*HTML-ELEMENT*/ pHeader,
			/*HTML-ELEMENT*/ pBody, 
			/*HTML-IMG-ELEMENT*/ pImage
		){	
		/* Try to close currently open hint */
		if (pHeader && pHeader.id != "idHintWrapperHeader"){
			closeBody(pHeader,pBody,pImage);
		};// end if
	};//end if

	var toggleBody = function(
		/*HTML-ELEMENT*/ pHeader,
		/*HTML-ELEMENT*/ pBody, 
		/*HTML-IMG-ELEMENT*/ pImage
	){
		if(sectionClosing(pBody)){
			closeBody(pHeader,pBody,pImage);			
		}else{
			closeCurrentlyOpenBody(gLastPHeaderOpened,gLastPBodyOpened,gLastPImageOpened);
			openBody(pHeader,pBody,pImage);
		};// end if sectionClosing()

	};// end function toggleBody

</script>
<div  	class="hint-wrapper-header" 
		id="idHintWrapperHeader"
		title="Click to open this section"
		onclick="toggleBody(this, window.document.getElementById('idHintWrapperBody'), window.document.getElementById('idHintWrapperHeaderImage'));"
		onmouseover="this.style.backgroundColor='#cccccc';this.style.color='#ffffff';"
		onmouseout="this.style.backgroundColor='#FFFFFF';this.style.color='#000000';"
		style="display: block";
>
	<img id="idHintWrapperHeaderImage" align="left" style="padding-right: 5px;" alt="Expand Hints" src="./images/down_arrow_16_16.png" />
	Hints and Videos
</div>
<div id="idHintWrapperBody" class="hint-wrapper-body" style="display: none;">
	<div class="hint-header"><img src="images/link-icon-16-16.png" style="margin-right: 5px;" /><a class="hint-header" href="level-1-hints-page-wrapper.php?level1HintIncludeFile=11" title="Click to open Cross-site Scripting (XSS) hint in new tab" target="_blank" />Cross-site Scripting (XSS)</a></div><div class="hint-header"><img src="images/link-icon-16-16.png" style="margin-right: 5px;" /><a class="hint-header" href="level-1-hints-page-wrapper.php?level1HintIncludeFile=12" title="Click to open HTML Injection (HTMLi) hint in new tab" target="_blank" />HTML Injection (HTMLi)</a></div><div class="hint-header"><img src="images/link-icon-16-16.png" style="margin-right: 5px;" /><a class="hint-header" href="level-1-hints-page-wrapper.php?level1HintIncludeFile=14" title="Click to open Cross-site Request Forgery (CSRF) hint in new tab" target="_blank" />Cross-site Request Forgery (CSRF)</a></div><div class="hint-header"><img src="images/link-icon-16-16.png" style="margin-right: 5px;" /><a class="hint-header" href="level-1-hints-page-wrapper.php?level1HintIncludeFile=21" title="Click to open Parameter Pollution hint in new tab" target="_blank" />Parameter Pollution</a></div><div class="hint-header"><img src="images/link-icon-16-16.png" style="margin-right: 5px;" /><a class="hint-header" href="level-1-hints-page-wrapper.php?level1HintIncludeFile=30" title="Click to open Method Tampering hint in new tab" target="_blank" />Method Tampering</a></div><div class="hint-header"><img src="images/link-icon-16-16.png" style="margin-right: 5px;" /><a class="hint-header" href="level-1-hints-page-wrapper.php?level1HintIncludeFile=10" title="Click to open SQL Injection (SQLi) hint in new tab" target="_blank" />SQL Injection (SQLi)</a></div><div class="hint-header"><img src="images/link-icon-16-16.png" style="margin-right: 5px;" /><a class="hint-header" href="level-1-hints-page-wrapper.php?level1HintIncludeFile=53" title="Click to open SQL Injection with SQLMap hint in new tab" target="_blank" />SQL Injection with SQLMap</a></div></div>
<fieldset>
	<legend>User Poll</legend>
	<form 	action="index.php" 
			method="GET"
			enctype="application/x-www-form-urlencoded" 
			id="idPollForm">
		<input type="hidden" name="page" value="user-poll.php" />
		<input name="csrf-token" type="hidden" value="7777" />
		<table style="margin-left:auto; margin-right:auto;">
			<tr id="id-bad-vote-tr" style="display: none;">
				<td class="error-message">
					Validation Error: HTTP Parameter Pollution Detected. Vote cannot be trusted.
				</td>
			</tr>
			<tr><td></td></tr>
			<tr>
				<td id="id-poll-form-header-td" class="form-header">Choose Your Favorite Security Tool</td>
			</tr>
			<tr><td></td></tr>
			<tr><th class="label">Initial your choice to make your vote count</th></tr>
			<tr><td></td></tr>
			<tr>
				<td>
					<input name="choice" id="id_choice" type="radio" required="true" value="nmap" checked="checked" />&nbsp;&nbsp;nmap<br />
					<input name="choice" id="id_choice" type="radio" required="true" value="wireshark" />&nbsp;&nbsp;wireshark<br />
					<input name="choice" id="id_choice" type="radio" required="true" value="tcpdump" />&nbsp;&nbsp;tcpdump<br />
					<input name="choice" id="id_choice" type="radio" required="true" value="netcat" />&nbsp;&nbsp;netcat<br />
					<input name="choice" id="id_choice" type="radio" required="true" value="metasploit" />&nbsp;&nbsp;metasploit<br />
					<input name="choice" id="id_choice" type="radio" required="true" value="kismet" />&nbsp;&nbsp;kismet<br />
					<input name="choice" id="id_choice" type="radio" required="true" value="Cain" />&nbsp;&nbsp;Cain<br />
					<input name="choice" id="id_choice" type="radio" required="true" value="Ettercap" />&nbsp;&nbsp;Ettercap<br />
					<input name="choice" id="id_choice" type="radio" required="true" value="Paros" />&nbsp;&nbsp;Paros<br />
					<input name="choice" id="id_choice" type="radio" required="true" value="Burp Suite" />&nbsp;&nbsp;Burp Suite<br />
					<input name="choice" id="id_choice" type="radio" required="true" value="Sysinternals" />&nbsp;&nbsp;Sysinternals<br />
					<input name="choice" id="id_choice" type="radio" required="true" value="inSIDDer" />&nbsp;&nbsp;inSIDDer
				</td>
			</tr>
			<tr>
				<td class="label">
					Your Initials:<input type="text" name="initials" required="true" ParameterPollutionInjectionPoint="1" value=""/>
				</td>
			</tr>
			<tr><td></td></tr>
			<tr>
				<td style="text-align:center;">
					<input name="user-poll-php-submit-button" class="button" type="submit" value="Submit Vote" />
				</td>
			</tr>
			<tr><td></td></tr>
			<tr><td></td></tr>
			<tr>
				<td class="report-header" ReflectedXSSExecutionPoint="1">
				No choice selected				</td>
			</tr>
		</table>
	</form>
</fieldset>


<script type="text/javascript">
	try{
		document.getElementById("id_choice").focus();
	}catch(e){
		alert('Error trying to set focus on field choice: ' + e.message);
	}// end try
</script>



		<!-- I think the database password is set to blank or perhaps samurai.
			It depends on whether you installed this web app from irongeeks site or
			are using it inside Kevin Johnsons Samurai web testing framework.
			It is ok to put the password in HTML comments because no user will ever see
			this comment. I remember that security instructor saying we should use the
			framework comment symbols (ASP.NET, JAVA, PHP, Etc.)
			rather than HTML comments, but we all know those
			security instructors are just making all this up. -->			<!-- End Content -->
		</blockquote>
			</td>
		</tr>
	</table>

		   	
<!-- Bubble hints code -->

<script type="text/javascript">
	$(function() {
		$('[ReflectedXSSExecutionPoint]').attr("title", "");
		$('[ReflectedXSSExecutionPoint]').balloon();
	});
</script>

	<div style="border: 1px solid black;">
		<div ReflectedXSSExecutionPoint="1" class="footer">Browser: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)</div>
		<div class="footer">PHP Version: 5.6.40-0+deb8u12</div>
	</div>
</body>
</html><script type="text/javascript">if(top != self) top.location.replace(location);</script><script type="text/javascript">
			try{
				//if(!window.localStorage.length){
					window.localStorage.setItem("SelfDestructSequence1","Destruct sequence 1, code 1-1A");
					window.localStorage.setItem("SelfDestructSequence2","Destruct sequence 2, code 1-1A-2B");
					window.localStorage.setItem("SelfDestructSequence3","Destruct sequence 3, code 1B-2B-3");
					window.localStorage.setItem("MessageOfTheDay","Go Cats!");
					window.localStorage.setItem("SecureMessage","Shh. Do not tell anyone.");
					window.localStorage.setItem("FYI","A couple of keys are not showing in this list. Why?");
				//}//end if
				//if(!window.sessionStorage.length){
					window.sessionStorage.setItem("AuthorizationLevel", "0");
					window.sessionStorage.setItem("ChuckNorrisJoke1","When Alexander Bell invented the telephone he had 3 missed calls from Chuck Norris");
					window.sessionStorage.setItem("ChuckNorrisJoke2","Death once had a near-Chuck Norris experience");
					window.sessionStorage.setItem("ChuckNorrisJoke3","He counted to infinity; twice");
					window.sessionStorage.setItem("ChuckNorrisJoke4","Chuck Norris can slam a revolving door");
					window.sessionStorage.setItem("ChuckNorrisJoke5","Chuck Norris can cut through a hot knife with butter");
					window.sessionStorage.setItem("SecureKey", "You cannot see me on the HTML5 Storage page. I wonder why?");
				//}//end if
			}catch(e){
				//alert(e);
				/* Do nothing. Older browsers do not support HTML5 web storage */
			};
		</script><script type="text/javascript" src="javascript/jQuery/jquery.js"></script><script type="text/javascript" src="./javascript/jQuery/jquery.balloon.js"></script><script src="javascript/jQuery/colorbox/jquery.colorbox-min.js"></script><link rel="stylesheet" href="javascript/jQuery/colorbox/colorbox.css" />
	<script>
		$(document).ready(function () {
			$('a.colorbox').colorbox({width:'700px',opacity:'0.60'});
		});
	</script>
	
<link rel="stylesheet" type="text/css" href="styles/gritter/jquery.gritter.css" />
<script type="text/javascript" src="javascript/gritter/jquery.gritter.min.js"></script>
<script>
$.gritter.add({
    // (string | mandatory) the heading of the notification
    title: 'Status Update',
    // (string | mandatory) the text inside the notification
    text: 'Security level set to 1. Try Slightly Harder.',
    // time until fade begins
    time: 5000
});
</script>