alban/docker-vulnerable-dvwa
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

dvwa updated

Browse source
This commit is contained in:
OPSXCQ 2018-10-12 15:49:58 +00:00
parent 8f3c3af4fb
commit c37af6fc80
No known key found for this signature in database
GPG key ID: 9AD730FE9CDE5661
84 changed files with 1873 additions and 605 deletions
Download patch file Download diff file Expand all files Collapse all files

4
dvwa/vulnerabilities/xss_s/source/impossible.php
View file

@ -10,12 +10,12 @@ if( isset( $_POST[ 'btnSign' ] ) ) {
// Sanitize message input
$message = stripslashes( $message );
$message = mysql_real_escape_string( $message );
$message = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $message ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
$message = htmlspecialchars( $message );
// Sanitize name input
$name = stripslashes( $name );
$name = mysql_real_escape_string( $name );
$name = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $name ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
$name = htmlspecialchars( $name );
// Update database