dvwa updated

2018-10-12 15:49:58 +00:00 · 2018-10-12 15:49:58 +00:00 · c37af6fc80
commit c37af6fc80
parent 8f3c3af4fb
84 changed files with 1873 additions and 605 deletions
--- a/dvwa/vulnerabilities/sqli_blind/index.php
+++ b/dvwa/vulnerabilities/sqli_blind/index.php
@ -51,7 +51,7 @@ $page[ 'body' ] .= "

 	<div class=\"vulnerable_code_area\">";
 if( $vulnerabilityFile == 'high.php' ) {
-	$page[ 'body' ] .= "Click <a href=\"#\" onClick=\"javascript:popUp('cookie-input.php');return false;\">here to change your ID</a>.";
+	$page[ 'body' ] .= "Click <a href=\"#\" onclick=\"javascript:popUp('cookie-input.php');return false;\">here to change your ID</a>.";
 }
 else {
 	$page[ 'body' ] .= "
@ -61,8 +61,8 @@ else {
 	if( $vulnerabilityFile == 'medium.php' ) {
 		$page[ 'body' ] .= "\n				<select name=\"id\">";
 		$query  = "SELECT COUNT(*) FROM users;";
-		$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );
-		$num    = mysql_result( $result, 0 );
+		$result = mysqli_query($GLOBALS["___mysqli_ston"],  $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );
+		$num    = mysqli_fetch_row( $result )[0];
 		$i      = 0;
 		while( $i < $num ) { $i++; $page[ 'body' ] .= "<option value=\"{$i}\">{$i}</option>"; }
 		$page[ 'body' ] .= "</select>";
--- a/dvwa/vulnerabilities/sqli_blind/source/high.php
+++ b/dvwa/vulnerabilities/sqli_blind/source/high.php
@ -6,10 +6,10 @@ if( isset( $_COOKIE[ 'id' ] ) ) {

 	// Check database
 	$getid  = "SELECT first_name, last_name FROM users WHERE user_id = '$id' LIMIT 1;";
-	$result = mysql_query( $getid ); // Removed 'or die' to suppress mysql errors
+	$result = mysqli_query($GLOBALS["___mysqli_ston"],  $getid ); // Removed 'or die' to suppress mysql errors

 	// Get results
-	$num = @mysql_numrows( $result ); // The '@' character suppresses errors
+	$num = @mysqli_num_rows( $result ); // The '@' character suppresses errors
 	if( $num > 0 ) {
 		// Feedback for end user
 		$html .= '<pre>User ID exists in the database.</pre>';
@ -27,7 +27,7 @@ if( isset( $_COOKIE[ 'id' ] ) ) {
 		$html .= '<pre>User ID is MISSING from the database.</pre>';
 	}

-	mysql_close();
+	((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
 }

 ?>
--- a/dvwa/vulnerabilities/sqli_blind/source/low.php
+++ b/dvwa/vulnerabilities/sqli_blind/source/low.php
@ -6,10 +6,10 @@ if( isset( $_GET[ 'Submit' ] ) ) {

 	// Check database
 	$getid  = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";
-	$result = mysql_query( $getid ); // Removed 'or die' to suppress mysql errors
+	$result = mysqli_query($GLOBALS["___mysqli_ston"],  $getid ); // Removed 'or die' to suppress mysql errors

 	// Get results
-	$num = @mysql_numrows( $result ); // The '@' character suppresses errors
+	$num = @mysqli_num_rows( $result ); // The '@' character suppresses errors
 	if( $num > 0 ) {
 		// Feedback for end user
 		$html .= '<pre>User ID exists in the database.</pre>';
@ -22,7 +22,7 @@ if( isset( $_GET[ 'Submit' ] ) ) {
 		$html .= '<pre>User ID is MISSING from the database.</pre>';
 	}

-	mysql_close();
+	((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
 }

 ?>
--- a/dvwa/vulnerabilities/sqli_blind/source/medium.php
+++ b/dvwa/vulnerabilities/sqli_blind/source/medium.php
@ -3,14 +3,14 @@
 if( isset( $_POST[ 'Submit' ]  ) ) {
 	// Get input
 	$id = $_POST[ 'id' ];
-	$id = mysql_real_escape_string( $id );
+	$id = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"],  $id ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));

 	// Check database
 	$getid  = "SELECT first_name, last_name FROM users WHERE user_id = $id;";
-	$result = mysql_query( $getid ); // Removed 'or die' to suppress mysql errors
+	$result = mysqli_query($GLOBALS["___mysqli_ston"],  $getid ); // Removed 'or die' to suppress mysql errors

 	// Get results
-	$num = @mysql_numrows( $result ); // The '@' character suppresses errors
+	$num = @mysqli_num_rows( $result ); // The '@' character suppresses errors
 	if( $num > 0 ) {
 		// Feedback for end user
 		$html .= '<pre>User ID exists in the database.</pre>';