dvwa updated

2018-10-12 15:49:58 +00:00 · 2018-10-12 15:49:58 +00:00 · c37af6fc80
commit c37af6fc80
parent 8f3c3af4fb
84 changed files with 1873 additions and 605 deletions
--- a/dvwa/vulnerabilities/sqli/index.php
+++ b/dvwa/vulnerabilities/sqli/index.php
@ -51,7 +51,7 @@ $page[ 'body' ] .= "

 	<div class=\"vulnerable_code_area\">";
 if( $vulnerabilityFile == 'high.php' ) {
-	$page[ 'body' ] .= "Click <a href=\"#\" onClick=\"javascript:popUp('session-input.php');return false;\">here to change your ID</a>.";
+	$page[ 'body' ] .= "Click <a href=\"#\" onclick=\"javascript:popUp('session-input.php');return false;\">here to change your ID</a>.";
 }
 else {
 	$page[ 'body' ] .= "
@ -60,11 +60,8 @@ else {
 				User ID:";
 	if( $vulnerabilityFile == 'medium.php' ) {
 		$page[ 'body' ] .= "\n				<select name=\"id\">";
-		$query  = "SELECT COUNT(*) FROM users;";
-		$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );
-		$num    = mysql_result( $result, 0 );
-		$i      = 0;
-		while( $i < $num ) { $i++; $page[ 'body' ] .= "<option value=\"{$i}\">{$i}</option>"; }
+
+		for( $i = 1; $i < $number_of_rows + 1 ; $i++ ) { $page[ 'body' ] .= "<option value=\"{$i}\">{$i}</option>"; }
 		$page[ 'body' ] .= "</select>";
 	}
 	else
--- a/dvwa/vulnerabilities/sqli/source/high.php
+++ b/dvwa/vulnerabilities/sqli/source/high.php
@ -6,24 +6,19 @@ if( isset( $_SESSION [ 'id' ] ) ) {

 	// Check database
 	$query  = "SELECT first_name, last_name FROM users WHERE user_id = '$id' LIMIT 1;";
-	$result = mysql_query( $query ) or die( '<pre>Something went wrong.</pre>' );
+	$result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>Something went wrong.</pre>' );

 	// Get results
-	$num = mysql_numrows( $result );
-	$i   = 0;
-	while( $i < $num ) {
+	while( $row = mysqli_fetch_assoc( $result ) ) {
 		// Get values
-		$first = mysql_result( $result, $i, "first_name" );
-		$last  = mysql_result( $result, $i, "last_name" );
+		$first = $row["first_name"];
+		$last  = $row["last_name"];

 		// Feedback for end user
 		$html .= "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";
-
-		// Increase loop count
-		$i++;
 	}

-	mysql_close();
+	((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);		
 }

 ?>
--- a/dvwa/vulnerabilities/sqli/source/low.php
+++ b/dvwa/vulnerabilities/sqli/source/low.php
@ -6,24 +6,19 @@ if( isset( $_REQUEST[ 'Submit' ] ) ) {

 	// Check database
 	$query  = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";
-	$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );
+	$result = mysqli_query($GLOBALS["___mysqli_ston"],  $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );

 	// Get results
-	$num = mysql_numrows( $result );
-	$i   = 0;
-	while( $i < $num ) {
+	while( $row = mysqli_fetch_assoc( $result ) ) {
 		// Get values
-		$first = mysql_result( $result, $i, "first_name" );
-		$last  = mysql_result( $result, $i, "last_name" );
+		$first = $row["first_name"];
+		$last  = $row["last_name"];

 		// Feedback for end user
 		$html .= "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";
-
-		// Increase loop count
-		$i++;
 	}

-	mysql_close();
+	mysqli_close($GLOBALS["___mysqli_ston"]);
 }

 ?>
--- a/dvwa/vulnerabilities/sqli/source/medium.php
+++ b/dvwa/vulnerabilities/sqli/source/medium.php
@ -3,28 +3,29 @@
 if( isset( $_POST[ 'Submit' ] ) ) {
 	// Get input
 	$id = $_POST[ 'id' ];
-	$id = mysql_real_escape_string( $id );

-	// Check database
+	$id = mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $id);
+
 	$query  = "SELECT first_name, last_name FROM users WHERE user_id = $id;";
-	$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );
+	$result = mysqli_query($GLOBALS["___mysqli_ston"], $query) or die( '<pre>' . mysqli_error($GLOBALS["___mysqli_ston"]) . '</pre>' );

 	// Get results
-	$num = mysql_numrows( $result );
-	$i   = 0;
-	while( $i < $num ) {
+	while( $row = mysqli_fetch_assoc( $result ) ) {
 		// Display values
-		$first = mysql_result( $result, $i, "first_name" );
-		$last  = mysql_result( $result, $i, "last_name" );
+		$first = $row["first_name"];
+		$last  = $row["last_name"];

 		// Feedback for end user
 		$html .= "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";
-
-		// Increase loop count
-		$i++;
 	}

-	//mysql_close();
 }

+// This is used later on in the index.php page
+// Setting it here so we can close the database connection in here like in the rest of the source scripts
+$query  = "SELECT COUNT(*) FROM users;";
+$result = mysqli_query($GLOBALS["___mysqli_ston"],  $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );
+$number_of_rows = mysqli_fetch_row( $result )[0];
+
+mysqli_close($GLOBALS["___mysqli_ston"]);
 ?>