docker-vulnerable-dvwa/dvwa/vulnerabilities/view_source.php

<?php

define( 'DVWA_WEB_PAGE_TO_ROOT', '../' );
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';

dvwaPageStartup( array( 'authenticated', 'phpids' ) );

$page = dvwaPageNewGrab();
$page[ 'title' ] .= 'Source' . $page[ 'title_separator' ].$page[ 'title' ];

$id       = $_GET[ 'id' ];
$security = $_GET[ 'security' ];


switch ($id) {
	case "fi" :
		$vuln = 'File Inclusion';
		break;
	case "brute" :
		$vuln = 'Brute Force';
		break;
	case "csrf" :
		$vuln = 'CSRF';
		break;
	case "exec" :
		$vuln = 'Command Injection';
		break;
	case "sqli" :
		$vuln = 'SQL Injection';
		break;
	case "sqli_blind" :
		$vuln = 'SQL Injection (Blind)';
		break;
	case "upload" :
		$vuln = 'File Upload';
		break;
	case "xss_r" :
		$vuln = 'Reflected XSS';
		break;
	case "xss_s" :
		$vuln = 'Stored XSS';
		break;
	case "weak_id" :
		$vuln = 'Weak Session IDs';
		break;
	case "javascript" :
		$vuln = 'JavaScript';
		break;
	default:
		$vuln = "Unknown Vulnerability";
}

$source = @file_get_contents( DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.php" );
$source = str_replace( array( '$html .=' ), array( 'echo' ), $source );

$js_html = "";
if (file_exists (DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.js")) {
	$js_source = @file_get_contents( DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.js" );
	$js_html = "
	<h2>vulnerabilities/{$id}/source/{$security}.js</h2>
	<div id=\"code\">
		<table width='100%' bgcolor='white' style=\"border:2px #C0C0C0 solid\">
			<tr>
				<td><div id=\"code\">" . highlight_string( $js_source, true ) . "</div></td>
			</tr>
		</table>
	</div>
	";
}

$page[ 'body' ] .= "
<div class=\"body_padded\">
	<h1>{$vuln} Source</h1>

	<h2>vulnerabilities/{$id}/source/{$security}.php</h2>
	<div id=\"code\">
		<table width='100%' bgcolor='white' style=\"border:2px #C0C0C0 solid\">
			<tr>
				<td><div id=\"code\">" . highlight_string( $source, true ) . "</div></td>
			</tr>
		</table>
	</div>
	{$js_html}
	<br /> <br />

	<form>
		<input type=\"button\" value=\"Compare All Levels\" onclick=\"window.location.href='view_source_all.php?id=$id'\">
	</form>
</div>\n";

dvwaSourceHtmlEcho( $page );

?>
first commit 2016-12-02 19:19:11 +00:00			`<?php`

			`define( 'DVWA_WEB_PAGE_TO_ROOT', '../' );`
			`require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';`

			`dvwaPageStartup( array( 'authenticated', 'phpids' ) );`

			`$page = dvwaPageNewGrab();`
			`$page[ 'title' ] .= 'Source' . $page[ 'title_separator' ].$page[ 'title' ];`

			`$id = $_GET[ 'id' ];`
			`$security = $_GET[ 'security' ];`


dvwa updated 2018-10-12 15:49:58 +00:00			`switch ($id) {`
			`case "fi" :`
			`$vuln = 'File Inclusion';`
			`break;`
			`case "brute" :`
			`$vuln = 'Brute Force';`
			`break;`
			`case "csrf" :`
			`$vuln = 'CSRF';`
			`break;`
			`case "exec" :`
			`$vuln = 'Command Injection';`
			`break;`
			`case "sqli" :`
			`$vuln = 'SQL Injection';`
			`break;`
			`case "sqli_blind" :`
			`$vuln = 'SQL Injection (Blind)';`
			`break;`
			`case "upload" :`
			`$vuln = 'File Upload';`
			`break;`
			`case "xss_r" :`
			`$vuln = 'Reflected XSS';`
			`break;`
			`case "xss_s" :`
			`$vuln = 'Stored XSS';`
			`break;`
			`case "weak_id" :`
			`$vuln = 'Weak Session IDs';`
			`break;`
			`case "javascript" :`
			`$vuln = 'JavaScript';`
			`break;`
			`default:`
			`$vuln = "Unknown Vulnerability";`
first commit 2016-12-02 19:19:11 +00:00			`}`

			`$source = @file_get_contents( DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.php" );`
			`$source = str_replace( array( '$html .=' ), array( 'echo' ), $source );`

dvwa updated 2018-10-12 15:49:58 +00:00			`$js_html = "";`
			`if (file_exists (DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.js")) {`
			`$js_source = @file_get_contents( DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.js" );`
			`$js_html = "`
			`<h2>vulnerabilities/{$id}/source/{$security}.js</h2>`
			`<div id=\"code\">`
			`<table width='100%' bgcolor='white' style=\"border:2px #C0C0C0 solid\">`
			`<tr>`
			`<td><div id=\"code\">" . highlight_string( $js_source, true ) . "</div></td>`
			`</tr>`
			`</table>`
			`</div>`
			`";`
			`}`

first commit 2016-12-02 19:19:11 +00:00			`$page[ 'body' ] .= "`
			`<div class=\"body_padded\">`
			`<h1>{$vuln} Source</h1>`

dvwa updated 2018-10-12 15:49:58 +00:00			`<h2>vulnerabilities/{$id}/source/{$security}.php</h2>`
first commit 2016-12-02 19:19:11 +00:00			`<div id=\"code\">`
			`<table width='100%' bgcolor='white' style=\"border:2px #C0C0C0 solid\">`
			`<tr>`
			`<td><div id=\"code\">" . highlight_string( $source, true ) . "</div></td>`
			`</tr>`
			`</table>`
			`</div>`
dvwa updated 2018-10-12 15:49:58 +00:00			`{$js_html}`
first commit 2016-12-02 19:19:11 +00:00			`<br /> <br />`

			`<form>`
			`<input type=\"button\" value=\"Compare All Levels\" onclick=\"window.location.href='view_source_all.php?id=$id'\">`
			`</form>`
			`</div>\n";`

			`dvwaSourceHtmlEcho( $page );`

			`?>`