first commit

dvwa/vulnerabilities/sqli/source/high.php

@@ -0,0 +1,29 @@
+<?php
+
+if( isset( $_SESSION [ 'id' ] ) ) {
+	// Get input
+	$id = $_SESSION[ 'id' ];
+
+	// Check database
+	$query  = "SELECT first_name, last_name FROM users WHERE user_id = '$id' LIMIT 1;";
+	$result = mysql_query( $query ) or die( '<pre>Something went wrong.</pre>' );
+
+	// Get results
+	$num = mysql_numrows( $result );
+	$i   = 0;
+	while( $i < $num ) {
+		// Get values
+		$first = mysql_result( $result, $i, "first_name" );
+		$last  = mysql_result( $result, $i, "last_name" );
+
+		// Feedback for end user
+		$html .= "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";
+
+		// Increase loop count
+		$i++;
+	}
+
+	mysql_close();
+}
+
+?>

dvwa/vulnerabilities/sqli/source/impossible.php

@@ -0,0 +1,33 @@
+<?php
+
+if( isset( $_GET[ 'Submit' ] ) ) {
+	// Check Anti-CSRF token
+	checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' );
+
+	// Get input
+	$id = $_GET[ 'id' ];
+
+	// Was a number entered?
+	if(is_numeric( $id )) {
+		// Check the database
+		$data = $db->prepare( 'SELECT first_name, last_name FROM users WHERE user_id = (:id) LIMIT 1;' );
+		$data->bindParam( ':id', $id, PDO::PARAM_INT );
+		$data->execute();
+		$row = $data->fetch();
+
+		// Make sure only 1 result is returned
+		if( $data->rowCount() == 1 ) {
+			// Get values
+			$first = $row[ 'first_name' ];
+			$last  = $row[ 'last_name' ];
+
+			// Feedback for end user
+			$html .= "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";
+		}
+	}
+}
+
+// Generate Anti-CSRF token
+generateSessionToken();
+
+?>

dvwa/vulnerabilities/sqli/source/low.php

@@ -0,0 +1,29 @@
+<?php
+
+if( isset( $_REQUEST[ 'Submit' ] ) ) {
+	// Get input
+	$id = $_REQUEST[ 'id' ];
+
+	// Check database
+	$query  = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";
+	$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );
+
+	// Get results
+	$num = mysql_numrows( $result );
+	$i   = 0;
+	while( $i < $num ) {
+		// Get values
+		$first = mysql_result( $result, $i, "first_name" );
+		$last  = mysql_result( $result, $i, "last_name" );
+
+		// Feedback for end user
+		$html .= "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";
+
+		// Increase loop count
+		$i++;
+	}
+
+	mysql_close();
+}
+
+?>

dvwa/vulnerabilities/sqli/source/medium.php

@@ -0,0 +1,30 @@
+<?php
+
+if( isset( $_POST[ 'Submit' ] ) ) {
+	// Get input
+	$id = $_POST[ 'id' ];
+	$id = mysql_real_escape_string( $id );
+
+	// Check database
+	$query  = "SELECT first_name, last_name FROM users WHERE user_id = $id;";
+	$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );
+
+	// Get results
+	$num = mysql_numrows( $result );
+	$i   = 0;
+	while( $i < $num ) {
+		// Display values
+		$first = mysql_result( $result, $i, "first_name" );
+		$last  = mysql_result( $result, $i, "last_name" );
+
+		// Feedback for end user
+		$html .= "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>";
+
+		// Increase loop count
+		$i++;
+	}
+
+	//mysql_close();
+}
+
+?>