dvwa updated

2018-10-12 15:49:58 +00:00 · 2018-10-12 15:49:58 +00:00 · c37af6fc80
commit c37af6fc80
parent 8f3c3af4fb
84 changed files with 1873 additions and 605 deletions
--- a/dvwa/vulnerabilities/brute/source/high.php
+++ b/dvwa/vulnerabilities/brute/source/high.php
@ -7,21 +7,22 @@ if( isset( $_GET[ 'Login' ] ) ) {
 	// Sanitise username input
 	$user = $_GET[ 'username' ];
 	$user = stripslashes( $user );
-	$user = mysql_real_escape_string( $user );
+	$user = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"],  $user ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));

 	// Sanitise password input
 	$pass = $_GET[ 'password' ];
 	$pass = stripslashes( $pass );
-	$pass = mysql_real_escape_string( $pass );
+	$pass = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"],  $pass ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
 	$pass = md5( $pass );

 	// Check database
 	$query  = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';";
-	$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );
+	$result = mysqli_query($GLOBALS["___mysqli_ston"],  $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );

-	if( $result && mysql_num_rows( $result ) == 1 ) {
+	if( $result && mysqli_num_rows( $result ) == 1 ) {
 		// Get users details
-		$avatar = mysql_result( $result, 0, "avatar" );
+		$row    = mysqli_fetch_assoc( $result );
+		$avatar = $row["avatar"];

 		// Login successful
 		$html .= "<p>Welcome to the password protected area {$user}</p>";
@ -33,7 +34,7 @@ if( isset( $_GET[ 'Login' ] ) ) {
 		$html .= "<pre><br />Username and/or password incorrect.</pre>";
 	}

-	mysql_close();
+	((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
 }

 // Generate Anti-CSRF token