first commit
This commit is contained in:
OPSXCQ
parent
985a5c928c
commit
f40a84879c
551 changed files with 72374 additions and 24 deletions
35
dvwa/vulnerabilities/csrf/source/high.php
Normal file
35
dvwa/vulnerabilities/csrf/source/high.php
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
<?php
|
||||
|
||||
if( isset( $_GET[ 'Change' ] ) ) {
|
||||
// Check Anti-CSRF token
|
||||
checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );
|
||||
|
||||
// Get input
|
||||
$pass_new = $_GET[ 'password_new' ];
|
||||
$pass_conf = $_GET[ 'password_conf' ];
|
||||
|
||||
// Do the passwords match?
|
||||
if( $pass_new == $pass_conf ) {
|
||||
// They do!
|
||||
$pass_new = mysql_real_escape_string( $pass_new );
|
||||
$pass_new = md5( $pass_new );
|
||||
|
||||
// Update the database
|
||||
$insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
|
||||
$result = mysql_query( $insert ) or die( '<pre>' . mysql_error() . '</pre>' );
|
||||
|
||||
// Feedback for the user
|
||||
$html .= "<pre>Password Changed.</pre>";
|
||||
}
|
||||
else {
|
||||
// Issue with passwords matching
|
||||
$html .= "<pre>Passwords did not match.</pre>";
|
||||
}
|
||||
|
||||
mysql_close();
|
||||
}
|
||||
|
||||
// Generate Anti-CSRF token
|
||||
generateSessionToken();
|
||||
|
||||
?>
|
||||
48
dvwa/vulnerabilities/csrf/source/impossible.php
Normal file
48
dvwa/vulnerabilities/csrf/source/impossible.php
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
<?php
|
||||
|
||||
if( isset( $_GET[ 'Change' ] ) ) {
|
||||
// Check Anti-CSRF token
|
||||
checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );
|
||||
|
||||
// Get input
|
||||
$pass_curr = $_GET[ 'password_current' ];
|
||||
$pass_new = $_GET[ 'password_new' ];
|
||||
$pass_conf = $_GET[ 'password_conf' ];
|
||||
|
||||
// Sanitise current password input
|
||||
$pass_curr = stripslashes( $pass_curr );
|
||||
$pass_curr = mysql_real_escape_string( $pass_curr );
|
||||
$pass_curr = md5( $pass_curr );
|
||||
|
||||
// Check that the current password is correct
|
||||
$data = $db->prepare( 'SELECT password FROM users WHERE user = (:user) AND password = (:password) LIMIT 1;' );
|
||||
$data->bindParam( ':user', dvwaCurrentUser(), PDO::PARAM_STR );
|
||||
$data->bindParam( ':password', $pass_curr, PDO::PARAM_STR );
|
||||
$data->execute();
|
||||
|
||||
// Do both new passwords match and does the current password match the user?
|
||||
if( ( $pass_new == $pass_conf ) && ( $data->rowCount() == 1 ) ) {
|
||||
// It does!
|
||||
$pass_new = stripslashes( $pass_new );
|
||||
$pass_new = mysql_real_escape_string( $pass_new );
|
||||
$pass_new = md5( $pass_new );
|
||||
|
||||
// Update database with new password
|
||||
$data = $db->prepare( 'UPDATE users SET password = (:password) WHERE user = (:user);' );
|
||||
$data->bindParam( ':password', $pass_new, PDO::PARAM_STR );
|
||||
$data->bindParam( ':user', dvwaCurrentUser(), PDO::PARAM_STR );
|
||||
$data->execute();
|
||||
|
||||
// Feedback for the user
|
||||
$html .= "<pre>Password Changed.</pre>";
|
||||
}
|
||||
else {
|
||||
// Issue with passwords matching
|
||||
$html .= "<pre>Passwords did not match or current password incorrect.</pre>";
|
||||
}
|
||||
}
|
||||
|
||||
// Generate Anti-CSRF token
|
||||
generateSessionToken();
|
||||
|
||||
?>
|
||||
29
dvwa/vulnerabilities/csrf/source/low.php
Normal file
29
dvwa/vulnerabilities/csrf/source/low.php
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
<?php
|
||||
|
||||
if( isset( $_GET[ 'Change' ] ) ) {
|
||||
// Get input
|
||||
$pass_new = $_GET[ 'password_new' ];
|
||||
$pass_conf = $_GET[ 'password_conf' ];
|
||||
|
||||
// Do the passwords match?
|
||||
if( $pass_new == $pass_conf ) {
|
||||
// They do!
|
||||
$pass_new = mysql_real_escape_string( $pass_new );
|
||||
$pass_new = md5( $pass_new );
|
||||
|
||||
// Update the database
|
||||
$insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
|
||||
$result = mysql_query( $insert ) or die( '<pre>' . mysql_error() . '</pre>' );
|
||||
|
||||
// Feedback for the user
|
||||
$html .= "<pre>Password Changed.</pre>";
|
||||
}
|
||||
else {
|
||||
// Issue with passwords matching
|
||||
$html .= "<pre>Passwords did not match.</pre>";
|
||||
}
|
||||
|
||||
mysql_close();
|
||||
}
|
||||
|
||||
?>
|
||||
36
dvwa/vulnerabilities/csrf/source/medium.php
Normal file
36
dvwa/vulnerabilities/csrf/source/medium.php
Normal file
|
|
@ -0,0 +1,36 @@
|
|||
<?php
|
||||
|
||||
if( isset( $_GET[ 'Change' ] ) ) {
|
||||
// Checks to see where the request came from
|
||||
if( eregi( $_SERVER[ 'SERVER_NAME' ], $_SERVER[ 'HTTP_REFERER' ] ) ) {
|
||||
// Get input
|
||||
$pass_new = $_GET[ 'password_new' ];
|
||||
$pass_conf = $_GET[ 'password_conf' ];
|
||||
|
||||
// Do the passwords match?
|
||||
if( $pass_new == $pass_conf ) {
|
||||
// They do!
|
||||
$pass_new = mysql_real_escape_string( $pass_new );
|
||||
$pass_new = md5( $pass_new );
|
||||
|
||||
// Update the database
|
||||
$insert = "UPDATE `users` SET password = '$pass_new' WHERE user = '" . dvwaCurrentUser() . "';";
|
||||
$result = mysql_query( $insert ) or die( '<pre>' . mysql_error() . '</pre>' );
|
||||
|
||||
// Feedback for the user
|
||||
$html .= "<pre>Password Changed.</pre>";
|
||||
}
|
||||
else {
|
||||
// Issue with passwords matching
|
||||
$html .= "<pre>Passwords did not match.</pre>";
|
||||
}
|
||||
}
|
||||
else {
|
||||
// Didn't come from a trusted source
|
||||
$html .= "<pre>That request didn't look correct.</pre>";
|
||||
}
|
||||
|
||||
mysql_close();
|
||||
}
|
||||
|
||||
?>
|
||||
Loading…
Add table
Add a link
Reference in a new issue