alban/docker-vulnerable-dvwa
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

dvwa updated

Browse source
This commit is contained in:
OPSXCQ 2018-10-12 15:49:58 +00:00
parent 8f3c3af4fb
commit c37af6fc80
No known key found for this signature in database
GPG key ID: 9AD730FE9CDE5661
84 changed files with 1873 additions and 605 deletions
Download patch file Download diff file Expand all files Collapse all files

82
dvwa/vulnerabilities/view_source.php
View file

@ -12,44 +12,67 @@ $id = $_GET[ 'id' ];
$security = $_GET[ 'security' ];
if( $id == 'fi' ) {
$vuln = 'File Inclusion';
}
elseif( $id == 'brute' ) {
$vuln = 'Brute Force';
}
elseif( $id == 'csrf' ) {
$vuln = 'CSRF';
}
elseif( $id == 'exec' ) {
$vuln = 'Command Injection';
}
elseif( $id == 'sqli' ) {
$vuln = 'SQL Injection';
}
elseif( $id == 'sqli_blind' ) {
$vuln = 'SQL Injection (Blind)';
}
elseif( $id == 'upload' ) {
$vuln = 'File Upload';
}
elseif( $id == 'xss_r' ) {
$vuln = 'XSS (Reflected)';
}
elseif( $id == 'captcha' ) {
$vuln = 'Insecure CAPTCHA';
}
else {
$vuln = 'XSS (Stored)';
switch ($id) {
case "fi" :
$vuln = 'File Inclusion';
break;
case "brute" :
$vuln = 'Brute Force';
break;
case "csrf" :
$vuln = 'CSRF';
break;
case "exec" :
$vuln = 'Command Injection';
break;
case "sqli" :
$vuln = 'SQL Injection';
break;
case "sqli_blind" :
$vuln = 'SQL Injection (Blind)';
break;
case "upload" :
$vuln = 'File Upload';
break;
case "xss_r" :
$vuln = 'Reflected XSS';
break;
case "xss_s" :
$vuln = 'Stored XSS';
break;
case "weak_id" :
$vuln = 'Weak Session IDs';
break;
case "javascript" :
$vuln = 'JavaScript';
break;
default:
$vuln = "Unknown Vulnerability";
}
$source = @file_get_contents( DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.php" );
$source = str_replace( array( '$html .=' ), array( 'echo' ), $source );
$js_html = "";
if (file_exists (DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.js")) {
$js_source = @file_get_contents( DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.js" );
$js_html = "
<h2>vulnerabilities/{$id}/source/{$security}.js</h2>
<div id=\"code\">
<table width='100%' bgcolor='white' style=\"border:2px #C0C0C0 solid\">
<tr>
<td><div id=\"code\">" . highlight_string( $js_source, true ) . "</div></td>
</tr>
</table>
</div>
";
}
$page[ 'body' ] .= "
<div class=\"body_padded\">
<h1>{$vuln} Source</h1>
<h2>vulnerabilities/{$id}/source/{$security}.php</h2>
<div id=\"code\">
<table width='100%' bgcolor='white' style=\"border:2px #C0C0C0 solid\">
<tr>
@ -57,6 +80,7 @@ $page[ 'body' ] .= "
</tr>
</table>
</div>
{$js_html}
<br /> <br />
<form>