dvwa updated

dvwa/vulnerabilities/captcha/help/help.php

@@ -6,7 +6,7 @@
 	<tr>
 	<td><div id="code">
 		<h3>About</h3>
-		<p>A <?php echo dvwaExternalLinkUrlGet( 'http://www.captcha.net/', 'CAPTCHA' ); ?> is a program that can tell whether its user is a human or a computer. You've probably seen
+		<p>A <?php echo dvwaExternalLinkUrlGet( 'https://en.wikipedia.org/wiki/CAPTCHA', 'CAPTCHA' ); ?> is a program that can tell whether its user is a human or a computer. You've probably seen
 			them - colourful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from
 			"bots", or automated programs usually written to generate spam. No computer program can read distorted text as well as humans can, so bots
 			cannot navigate sites protected by CAPTCHAs.</p>
@@ -58,5 +58,5 @@
 
 	<br />
 
-	<p>Reference: <?php echo dvwaExternalLinkUrlGet( 'http://www.captcha.net/' ); ?></p>
+	<p>Reference: <?php echo dvwaExternalLinkUrlGet( 'https://en.wikipedia.org/wiki/CAPTCHA' ); ?></p>
 </div>

dvwa/vulnerabilities/captcha/index.php

@@ -36,8 +36,8 @@ require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/captcha/source/{$vulnerabi
 // Check if we have a reCAPTCHA key
 $WarningHtml = '';
 if( $_DVWA[ 'recaptcha_public_key' ] == "" ) {
-	$WarningHtml = "<div class=\"warning\"><em>reCAPTCHA API key missing</em> from config file: " . realpath( dirname( dirname( getcwd() ) ) . "/config/config.inc.php" ) . "</div>";
-	$html = "<em>Please register for a key</em> from reCAPTCHA: " . dvwaExternalLinkUrlGet('https://www.google.com/recaptcha/admin/create');
+	$WarningHtml = "<div class=\"warning\"><em>reCAPTCHA API key missing</em> from config file: " . realpath( getcwd() . DIRECTORY_SEPARATOR . DVWA_WEB_PAGE_TO_ROOT . "config" . DIRECTORY_SEPARATOR . "config.inc.php" ) . "</div>";
+	$html = "<em>Please register for a key</em> from reCAPTCHA: " . dvwaExternalLinkUrlGet( 'https://www.google.com/recaptcha/admin/create' );
 	$hide_form = true;
 }
 
@@ -87,7 +87,7 @@ $page[ 'body' ] .= "
 
 	<h2>More Information</h2>
 	<ul>
-		<li>" . dvwaExternalLinkUrlGet( 'http://www.captcha.net/' ) . "</li>
+		<li>" . dvwaExternalLinkUrlGet( 'https://en.wikipedia.org/wiki/CAPTCHA' ) . "</li>
 		<li>" . dvwaExternalLinkUrlGet( 'https://www.google.com/recaptcha/' ) . "</li>
 		<li>" . dvwaExternalLinkUrlGet( 'https://www.owasp.org/index.php/Testing_for_Captcha_(OWASP-AT-012)' ) . "</li>
 	</ul>

dvwa/vulnerabilities/captcha/source/high.php

@@ -9,39 +9,44 @@ if( isset( $_POST[ 'Change' ] ) ) {
 	$pass_conf = $_POST[ 'password_conf' ];
 
 	// Check CAPTCHA from 3rd party
-	$resp = recaptcha_check_answer( $_DVWA[ 'recaptcha_private_key' ],
-		$_SERVER[ 'REMOTE_ADDR' ],
-		$_POST[ 'recaptcha_challenge_field' ],
-		$_POST[ 'recaptcha_response_field' ] );
+	$resp = recaptcha_check_answer(
+		$_DVWA[ 'recaptcha_private_key' ],
+		$_POST['g-recaptcha-response']
+	);
 
-	// Did the CAPTCHA fail?
-	if( !$resp->is_valid && ( $_POST[ 'recaptcha_response_field' ] != 'hidd3n_valu3' || $_SERVER[ 'HTTP_USER_AGENT' ] != 'reCAPTCHA' ) ) {
+	if (
+		$resp || 
+		(
+			$_POST[ 'g-recaptcha-response' ] == 'hidd3n_valu3'
+			&& $_SERVER[ 'HTTP_USER_AGENT' ] == 'reCAPTCHA'
+		)
+	){
+		// CAPTCHA was correct. Do both new passwords match?
+		if ($pass_new == $pass_conf) {
+			$pass_new = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"],  $pass_new ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
+			$pass_new = md5( $pass_new );
+
+			// Update database
+			$insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "' LIMIT 1;";
+			$result = mysqli_query($GLOBALS["___mysqli_ston"],  $insert ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );
+
+			// Feedback for user
+			$html .= "<pre>Password Changed.</pre>";
+
+		} else {
+			// Ops. Password mismatch
+			$html     .= "<pre>Both passwords must match.</pre>";
+			$hide_form = false;
+		}
+
+	} else {
 		// What happens when the CAPTCHA was entered incorrectly
 		$html     .= "<pre><br />The CAPTCHA was incorrect. Please try again.</pre>";
 		$hide_form = false;
 		return;
 	}
-	else {
-		// CAPTCHA was correct. Do both new passwords match?
-		if( $pass_new == $pass_conf ) {
-			$pass_new = mysql_real_escape_string( $pass_new );
-			$pass_new = md5( $pass_new );
 
-			// Update database
-			$insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "' LIMIT 1;";
-			$result = mysql_query( $insert ) or die( '<pre>' . mysql_error() . '</pre>' );
-
-			// Feedback for user
-			$html .= "<pre>Password Changed.</pre>";
-		}
-		else {
-			// Ops. Password mismatch
-			$html     .= "<pre>Both passwords must match.</pre>";
-			$hide_form = false;
-		}
-	}
-
-	mysql_close();
+	((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
 }
 
 // Generate Anti-CSRF token

dvwa/vulnerabilities/captcha/source/impossible.php

@@ -10,27 +10,27 @@ if( isset( $_POST[ 'Change' ] ) ) {
 	// Get input
 	$pass_new  = $_POST[ 'password_new' ];
 	$pass_new  = stripslashes( $pass_new );
-	$pass_new  = mysql_real_escape_string( $pass_new );
+	$pass_new  = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"],  $pass_new ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
 	$pass_new  = md5( $pass_new );
 
 	$pass_conf = $_POST[ 'password_conf' ];
 	$pass_conf = stripslashes( $pass_conf );
-	$pass_conf = mysql_real_escape_string( $pass_conf );
+	$pass_conf = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"],  $pass_conf ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
 	$pass_conf = md5( $pass_conf );
 
 	$pass_curr = $_POST[ 'password_current' ];
 	$pass_curr = stripslashes( $pass_curr );
-	$pass_curr = mysql_real_escape_string( $pass_curr );
+	$pass_curr = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"],  $pass_curr ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
 	$pass_curr = md5( $pass_curr );
 
 	// Check CAPTCHA from 3rd party
-	$resp = recaptcha_check_answer( $_DVWA[ 'recaptcha_private_key' ],
-		$_SERVER[ 'REMOTE_ADDR' ],
-		$_POST[ 'recaptcha_challenge_field' ],
-		$_POST[ 'recaptcha_response_field' ] );
+	$resp = recaptcha_check_answer(
+		$_DVWA[ 'recaptcha_private_key' ],
+		$_POST['g-recaptcha-response']
+	);
 
 	// Did the CAPTCHA fail?
-	if( !$resp->is_valid ) {
+	if( !$resp ) {
 		// What happens when the CAPTCHA was entered incorrectly
 		$html .= "<pre><br />The CAPTCHA was incorrect. Please try again.</pre>";
 		$hide_form = false;

dvwa/vulnerabilities/captcha/source/low.php

@@ -9,13 +9,13 @@ if( isset( $_POST[ 'Change' ] ) && ( $_POST[ 'step' ] == '1' ) ) {
 	$pass_conf = $_POST[ 'password_conf' ];
 
 	// Check CAPTCHA from 3rd party
-	$resp = recaptcha_check_answer( $_DVWA[ 'recaptcha_private_key' ],
-		$_SERVER[ 'REMOTE_ADDR' ],
-		$_POST[ 'recaptcha_challenge_field' ],
-		$_POST[ 'recaptcha_response_field' ] );
+	$resp = recaptcha_check_answer(
+		$_DVWA[ 'recaptcha_private_key'],
+		$_POST['g-recaptcha-response']
+	);
 
 	// Did the CAPTCHA fail?
-	if( !$resp->is_valid ) {
+	if( !$resp ) {
 		// What happens when the CAPTCHA was entered incorrectly
 		$html     .= "<pre><br />The CAPTCHA was incorrect. Please try again.</pre>";
 		$hide_form = false;
@@ -53,12 +53,12 @@ if( isset( $_POST[ 'Change' ] ) && ( $_POST[ 'step' ] == '2' ) ) {
 	// Check to see if both password match
 	if( $pass_new == $pass_conf ) {
 		// They do!
-		$pass_new = mysql_real_escape_string( $pass_new );
+		$pass_new = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"],  $pass_new ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
 		$pass_new = md5( $pass_new );
 
 		// Update database
 		$insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
-		$result = mysql_query( $insert ) or die( '<pre>' . mysql_error() . '</pre>' );
+		$result = mysqli_query($GLOBALS["___mysqli_ston"],  $insert ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );
 
 		// Feedback for the end user
 		$html .= "<pre>Password Changed.</pre>";
@@ -69,7 +69,7 @@ if( isset( $_POST[ 'Change' ] ) && ( $_POST[ 'step' ] == '2' ) ) {
 		$hide_form = false;
 	}
 
-	mysql_close();
+	((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
 }
 
 ?>

dvwa/vulnerabilities/captcha/source/medium.php

@@ -9,13 +9,13 @@ if( isset( $_POST[ 'Change' ] ) && ( $_POST[ 'step' ] == '1' ) ) {
 	$pass_conf = $_POST[ 'password_conf' ];
 
 	// Check CAPTCHA from 3rd party
-	$resp = recaptcha_check_answer( $_DVWA[ 'recaptcha_private_key' ],
-		$_SERVER[ 'REMOTE_ADDR' ],
-		$_POST[ 'recaptcha_challenge_field' ],
-		$_POST[ 'recaptcha_response_field' ] );
+	$resp = recaptcha_check_answer(
+		$_DVWA[ 'recaptcha_private_key' ],
+		$_POST['g-recaptcha-response']
+	);
 
 	// Did the CAPTCHA fail?
-	if( !$resp->is_valid ) {
+	if( !$resp ) {
 		// What happens when the CAPTCHA was entered incorrectly
 		$html     .= "<pre><br />The CAPTCHA was incorrect. Please try again.</pre>";
 		$hide_form = false;
@@ -61,12 +61,12 @@ if( isset( $_POST[ 'Change' ] ) && ( $_POST[ 'step' ] == '2' ) ) {
 	// Check to see if both password match
 	if( $pass_new == $pass_conf ) {
 		// They do!
-		$pass_new = mysql_real_escape_string( $pass_new );
+		$pass_new = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"],  $pass_new ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
 		$pass_new = md5( $pass_new );
 
 		// Update database
 		$insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
-		$result = mysql_query( $insert ) or die( '<pre>' . mysql_error() . '</pre>' );
+		$result = mysqli_query($GLOBALS["___mysqli_ston"],  $insert ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );
 
 		// Feedback for the end user
 		$html .= "<pre>Password Changed.</pre>";
@@ -77,7 +77,7 @@ if( isset( $_POST[ 'Change' ] ) && ( $_POST[ 'step' ] == '2' ) ) {
 		$hide_form = false;
 	}
 
-	mysql_close();
+	((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
 }
 
 ?>