sidepanel.php

<div class="list-group">
    <a href="#" class="list-group-item active">Setup</a>
    <a href="/xvwa/" class="list-group-item">Home</a>
    <a href="/xvwa/instruction.php" class="list-group-item">Instructions</a>
    <a href="/xvwa/setup/" class="list-group-item">Setup / Reset</a>
</div>
<div class="list-group">
    <a href="#" class="list-group-item active">Attacks</a>
    <a href="/xvwa/vulnerabilities/sqli/" class="list-group-item">SQL Injection</a>
    <a href="/xvwa/vulnerabilities/sqli_blind/" class="list-group-item">SQL Injection (Blind)</a>
    <a href="/xvwa/vulnerabilities/cmdi/" class="list-group-item">OS Command Injection</a>
    <a href="/xvwa/vulnerabilities/xpath/" class="list-group-item">XPATH Injection</a>
    <a href="/xvwa/vulnerabilities/resci/" class="list-group-item">Unrestricted File Upload</a>
    <a href="/xvwa/vulnerabilities/reflected_xss/" class="list-group-item">XSS - Reflected</a>
    <a href="/xvwa/vulnerabilities/stored_xss/" class="list-group-item">XSS - Stored</a>
    <a href="/xvwa/vulnerabilities/dom_xss/" class="list-group-item">XSS - DOM Based</a>
    <a href="/xvwa/vulnerabilities/ssrf_xspa/" class="list-group-item">SSRF / XSPA</a>
    <a href="/xvwa/vulnerabilities/fi/" class="list-group-item">File Inclusion</a>
    <a href="/xvwa/vulnerabilities/sessionflaws/" class="list-group-item">Session Flaws</a>
    <a href="/xvwa/vulnerabilities/idor/" class="list-group-item">Insecure Direct Object Reference</a>
    <a href="/xvwa/vulnerabilities/missfunc/" class="list-group-item">Missing Functional Access Control</a>
    <a href="/xvwa/vulnerabilities/csrf/" class="list-group-item">CSRF</a>
    <a href="/xvwa/vulnerabilities/crypto/" class="list-group-item">Cryptography</a>
    <a href="/xvwa/vulnerabilities/redirect/" class="list-group-item">Redirects & Forwards</a>
    <a href="/xvwa/vulnerabilities/ssti/" class="list-group-item">Server Side Template Injection</a>
</div>