dvwa updated

2018-10-12 15:49:58 +00:00 · 2018-10-12 15:49:58 +00:00 · c37af6fc80
commit c37af6fc80
parent 8f3c3af4fb
84 changed files with 1873 additions and 605 deletions
--- a/dvwa/vulnerabilities/weak_id/index.php
+++ b/dvwa/vulnerabilities/weak_id/index.php
@ -0,0 +1,60 @@
+<?php
+
+define( 'DVWA_WEB_PAGE_TO_ROOT', '../../' );
+require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
+
+dvwaPageStartup( array( 'authenticated', 'phpids' ) );
+
+$page = dvwaPageNewGrab();
+$page[ 'title' ]   = 'Vulnerability: Weak Session IDs' . $page[ 'title_separator' ].$page[ 'title' ];
+$page[ 'page_id' ] = 'weak_id';
+$page[ 'help_button' ]   = 'weak_id';
+$page[ 'source_button' ] = 'weak_id';
+dvwaDatabaseConnect();
+
+$method            = 'GET';
+$vulnerabilityFile = '';
+switch( $_COOKIE[ 'security' ] ) {
+	case 'low':
+		$vulnerabilityFile = 'low.php';
+		break;
+	case 'medium':
+		$vulnerabilityFile = 'medium.php';
+		break;
+	case 'high':
+		$vulnerabilityFile = 'high.php';
+		break;
+	default:
+		$vulnerabilityFile = 'impossible.php';
+		$method = 'POST';
+		break;
+}
+
+require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/weak_id/source/{$vulnerabilityFile}";
+
+
+$page[ 'body' ] .= <<<EOF
+<div class="body_padded">
+	<h1>Vulnerability: Weak Session IDs</h1>
+	<p>
+		This page will set a new cookie called dvwaSession each time the button is clicked.<br />
+	</p>
+	<form method="post">
+		<input type="submit" value="Generate" />
+	</form>
+$html
+
+EOF;
+
+/*
+Maybe display this, don't think it is needed though
+if (isset ($cookie_value)) {
+	$page[ 'body' ] .= <<<EOF
+	The new cookie value is $cookie_value
+EOF;
+}
+*/
+
+dvwaHtmlEcho( $page );
+
+?>