Well done!

"; } else { $message = "

Invalid token.

"; } break; case 'medium': if ($token == strrev("XXsuccessXX")) { $message = "

Well done!

"; } else { $message = "

Invalid token.

"; } break; case 'high': if ($token == hash("sha256", hash("sha256", "XX" . strrev("success")) . "ZZ")) { $message = "

Well done!

"; } else { $message = "

Invalid token.

"; } break; default: $vulnerabilityFile = 'impossible.php'; break; } } else { $message = "

You got the phrase wrong.

"; } } else { $message = "

Missing phrase or token.

"; } } if ( $_COOKIE[ 'security' ] == "impossible" ) { $page[ 'body' ] = <<

Vulnerability: JavaScript Attacks

You can never trust anything that comes from the user or prevent them from messing with it and so there is no impossible level.

EOF; } else { $page[ 'body' ] = <<

Vulnerability: JavaScript Attacks

Submit the word "success" to win.

$message
EOF; } require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/javascript/source/{$vulnerabilityFile}"; $page[ 'body' ] .= << EOF; $page[ 'body' ] .= "

More Information

  • " . dvwaExternalLinkUrlGet( 'https://www.w3schools.com/js/' ) . "
  • " . dvwaExternalLinkUrlGet( 'https://www.youtube.com/watch?v=cs7EQdWO5o0&index=17&list=WL' ) . "
  • " . dvwaExternalLinkUrlGet( 'https://ponyfoo.com/articles/es6-proxies-in-depth' ) . "

Module developed by Digininja.

\n"; dvwaHtmlEcho( $page ); ?>