Path Relative Stylesheet Injection: Within this page is an iframe containing another page. The page being framed is vulnerable to path relative stylesheet injection.

Application Log Injection: Some inputs on this page are recorded into log records which can be read by visiting the Show Log page. Vulnerabilities on the Show Log page may allow injections in log records to execute.

Frame Source Injection: By controlling the parameter which determines the src attribute of a pages frame, a carefully injected value can load any arbitrary page into the frame.

Remote File Inclusion: This page is vulnerable to remote file inclusion if the PHP server configuration parameters "allow_url_fopen" and "allow_url_include" are set to "On" in php.ini.

Local File Inclusion: This page is vulnerable to local file inclusion if the user account under which PHP is running has access to files besides the intended web site files.

Insecure Direct Object Reference: This page refers directly to resources by there real name or identifier making it possible to modify the name/ID to access other resources. Determine what resources are fetched. Provide the name or ID of a different resource. Resources can be filenames, record identifiers or others.

HTML Injection: It is possible to inject your own HTML into this page because the input is not encoded prior to be used as output. Determine which input field contributes output here and inject HTML, CSS, and/or Javascripts in order to alter the client-side code of this page.

Reflected Cross-Site Scripting: This page is vulnerable to reflected cross-site scripting because the input is not encoded prior to be used as output. Determine which input field contributes output here and inject scripts. Try to redirect the user to the capture-data.php page which records cookies and other parameters. Visit the captured-data.php page to view captured data.