docker-vulnerable-dvwa/dvwa/vulnerabilities/csrf/source/low.php

<?php

if( isset( $_GET[ 'Change' ] ) ) {
	// Get input
	$pass_new  = $_GET[ 'password_new' ];
	$pass_conf = $_GET[ 'password_conf' ];

	// Do the passwords match?
	if( $pass_new == $pass_conf ) {
		// They do!
		$pass_new = mysql_real_escape_string( $pass_new );
		$pass_new = md5( $pass_new );

		// Update the database
		$insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
		$result = mysql_query( $insert ) or die( '<pre>' . mysql_error() . '</pre>' );

		// Feedback for the user
		$html .= "<pre>Password Changed.</pre>";
	}
	else {
		// Issue with passwords matching
		$html .= "<pre>Passwords did not match.</pre>";
	}

	mysql_close();
}

?>
first commit 2016-12-02 19:19:11 +00:00			`<?php`

			`if( isset( $_GET[ 'Change' ] ) ) {`
			`// Get input`
			`$pass_new = $_GET[ 'password_new' ];`
			`$pass_conf = $_GET[ 'password_conf' ];`

			`// Do the passwords match?`
			`if( $pass_new == $pass_conf ) {`
			`// They do!`
			`$pass_new = mysql_real_escape_string( $pass_new );`
			`$pass_new = md5( $pass_new );`

			`// Update the database`
			$insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
			`$result = mysql_query( $insert ) or die( '<pre>' . mysql_error() . '</pre>' );`

			`// Feedback for the user`
			`$html .= "<pre>Password Changed.</pre>";`
			`}`
			`else {`
			`// Issue with passwords matching`
			`$html .= "<pre>Passwords did not match.</pre>";`
			`}`

			`mysql_close();`
			`}`

			`?>`