本文整理汇总了PHP中dvwaExternalLinkUrlGet函数的典型用法代码示例。如果您正苦于以下问题:PHP dvwaExternalLinkUrlGet函数的具体用法?PHP dvwaExternalLinkUrlGet怎么用?PHP dvwaExternalLinkUrlGet使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了dvwaExternalLinkUrlGet函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: dvwaExternalLinkUrlGet
<?php
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>Vulnerability: File Inclusion</h1>\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<h3>File 2</h3>\r\n\t\t<hr />\r\n\t\t\"<em>I needed a password eight characters long so I picked Snow White and the Seven Dwarves.</em>\" ~ Nick Helm<br /><br />\r\n\t\t[<em><a href=\"?page=include.php\">back</a></em>]\t</div>\r\n\r\n\t<h2>More info</h2>\r\n\t<ul>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://en.wikipedia.org/wiki/Remote_File_Inclusion') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/Top_10_2007-A3') . "</li>\r\n\t</ul>\r\n</div>\n";示例2: dvwaPageStartup
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'Vulnerability: Stored Cross Site Scripting (XSS)';
$page['page_id'] = 'xss_s';
$page['help_button'] = 'xss_s';
$page['source_button'] = 'xss_s';
dvwaDatabaseConnect();
$vulnerabilityFile = '';
switch ($_COOKIE['security']) {
case 'low':
$vulnerabilityFile = 'low.php';
break;
case 'medium':
$vulnerabilityFile = 'medium.php';
break;
case 'high':
default:
$vulnerabilityFile = 'high.php';
break;
}
// Anti-CSRF
if ($vulnerabilityFile == 'high.php') {
generateTokens();
}
require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/xss_s/source/{$vulnerabilityFile}";
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>Vulnerability: Stored Cross Site Scripting (XSS)</h1>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<form method=\"post\" name=\"guestform\" onsubmit=\"return validate_form(this)\">\r\n\t\t\t<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\r\n\t\t\t\t<tr>\r\n\t\t\t\t\t<td width=\"100\">Name *</td>\r\n\t\t\t\t\t<td><input name=\"txtName\" type=\"text\" size=\"30\" maxlength=\"10\"></td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr>\r\n\t\t\t\t\t<td width=\"100\">Message *</td>\r\n\t\t\t\t\t<td><textarea name=\"mtxMessage\" cols=\"50\" rows=\"3\" maxlength=\"50\"></textarea></td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr>\r\n\t\t\t\t\t<td width=\"100\"> </td>\r\n\t\t\t\t\t<td><input name=\"btnSign\" type=\"submit\" value=\"Sign Guestbook\" onClick=\"return checkForm();\"></td>\r\n\t\t\t\t</tr>\r\n\t\t\t</table>";
if ($vulnerabilityFile == 'high.php') {
$page['body'] .= "\t\t\t" . tokenField();
}
$page['body'] .= "\r\n\t\t</form>\r\n\t\t{$html}\r\n\t</div>\r\n\t<br />\r\n\r\n\t" . dvwaGuestbook() . "\r\n\t<br />\r\n\r\n\t<h2>More Information</h2>\r\n\t<ul>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://en.wikipedia.org/wiki/Cross-site_scripting') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.cgisecurity.com/xss-faq.html') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.scriptalert1.com/') . "</li>\r\n\t</ul>\r\n</div>\r\n";
dvwaHtmlEcho($page);示例3: define
<?php
define('DVWA_WEB_PAGE_TO_ROOT', '../../');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'Vulnerability: Brute Force';
$page['page_id'] = 'brute';
dvwaDatabaseConnect();
$vulnerabilityFile = '';
switch ($_COOKIE['security']) {
case 'low':
$vulnerabilityFile = 'low.php';
break;
case 'medium':
$vulnerabilityFile = 'medium.php';
break;
case 'high':
default:
$vulnerabilityFile = 'high.php';
break;
}
require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/brute/source/{$vulnerabilityFile}";
$page['help_button'] = 'brute';
$page['source_button'] = 'brute';
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>Vulnerability: Brute Force</h1>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\r\n\t\t<h2>Login</h2>\r\n\r\n\t\t<form action=\"#\" method=\"GET\">\r\n\t\t\tUsername:<br><input type=\"text\" name=\"username\"><br>\r\n\t\t\tPassword:<br><input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password\"><br>\r\n\t\t\t<input type=\"submit\" value=\"Login\" name=\"Login\">\r\n\t\t</form>\r\n\r\n\t\t{$html}\r\n\r\n\t</div>\r\n\r\n\t<h2>More info</h2>\r\n\t<ul>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.owasp.org/index.php/Testing_for_Brute_Force_%28OWASP-AT-004%29') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.securityfocus.com/infocus/1192') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.sillychicken.co.nz/Security/how-to-brute-force-http-forms-in-windows.html') . "</li>\r\n\t</ul>\r\n</div>\r\n";
dvwaHtmlEcho($page);示例4: mysql_real_escape_string
$pass = mysql_real_escape_string($pass);
$pass = md5($pass);
$query = "SELECT table_schema, table_name, create_time\r\n\t\t\t\tFROM information_schema.tables\r\n\t\t\t\tWHERE table_schema='{$_DVWA['db_database']}' AND table_name='users'\r\n\t\t\t\tLIMIT 1";
$result = @mysql_query($query);
if (mysql_num_rows($result) != 1) {
dvwaMessagePush("First time using DVWA.<br />Need to run 'setup.php'.");
dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'setup.php');
}
$query = "SELECT * FROM `users` WHERE user='{$user}' AND password='{$pass}';";
$result = @mysql_query($query) or die('<pre>' . mysql_error() . '.<br />Try <a href="setup.php">installing again</a>.</pre>');
if ($result && mysql_num_rows($result) == 1) {
// Login Successful...
dvwaMessagePush("You have logged in as '{$user}'");
dvwaLogin($user);
dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'index.php');
}
// Login failed
dvwaMessagePush('Login failed');
dvwaRedirect('login.php');
}
$messagesHtml = messagesPopAllToHtml();
Header('Cache-Control: no-cache, must-revalidate');
// HTTP/1.1
Header('Content-Type: text/html;charset=utf-8');
// TODO- proper XHTML headers...
Header('Expires: Tue, 23 Jun 2009 12:00:00 GMT');
// Date in the past
// Anti-CSRF
generateSessionToken();
echo "\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n\r\n\t<head>\r\n\r\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\r\n\r\n\t\t<title>Login :: Damn Vulnerable Web Application (DVWA) v" . dvwaVersionGet() . "</title>\r\n\r\n\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/login.css\" />\r\n\r\n\t</head>\r\n\r\n\t<body>\r\n\r\n\t<div id=\"wrapper\">\r\n\r\n\t<div id=\"header\">\r\n\r\n\t<br />\r\n\r\n\t<p><img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/login_logo.png\" /></p>\r\n\r\n\t<br />\r\n\r\n\t</div> <!--<div id=\"header\">-->\r\n\r\n\t<div id=\"content\">\r\n\r\n\t<form action=\"login.php\" method=\"post\">\r\n\r\n\t<fieldset>\r\n\r\n\t\t\t<label for=\"user\">Username</label> <input type=\"text\" class=\"loginInput\" size=\"20\" name=\"username\"><br />\r\n\r\n\r\n\t\t\t<label for=\"pass\">Password</label> <input type=\"password\" class=\"loginInput\" AUTOCOMPLETE=\"off\" size=\"20\" name=\"password\"><br />\r\n\r\n\t\t\t<br />\r\n\r\n\t\t\t<p class=\"submit\"><input type=\"submit\" value=\"Login\" name=\"Login\"></p>\r\n\r\n\t</fieldset>\r\n\r\n\t" . tokenField() . "\r\n\r\n\t</form>\r\n\r\n\t<br />\r\n\r\n\t{$messagesHtml}\r\n\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\r\n\t<!-- <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/RandomStorm.png\" /> -->\r\n\t</div > <!--<div id=\"content\">-->\r\n\r\n\t<div id=\"footer\">\r\n\r\n\t<p>" . dvwaExternalLinkUrlGet('http://www.dvwa.co.uk/', 'Damn Vulnerable Web Application (DVWA)') . " is a RandomStorm OpenSource project.</p>\r\n\r\n\t</div> <!--<div id=\"footer\"> -->\r\n\r\n\t</div> <!--<div id=\"wrapper\"> -->\r\n\r\n\t</body>\r\n\r\n</html>";示例5: define
<?php
define('DVWA_WEB_PAGE_TO_ROOT', '../../');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'Vulnerability: Brute Force';
$page['page_id'] = 'exec';
dvwaDatabaseConnect();
$vulnerabilityFile = '';
switch ($_COOKIE['security']) {
case 'low':
$vulnerabilityFile = 'low.php';
break;
case 'medium':
$vulnerabilityFile = 'medium.php';
break;
case 'high':
default:
$vulnerabilityFile = 'high.php';
break;
}
require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/exec/source/{$vulnerabilityFile}";
$page['help_button'] = 'exec';
$page['source_button'] = 'exec';
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>Vulnerability: Command Execution</h1>\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\r\n\t\t<h2>Ping for FREE</h2>\r\n\r\n\t\t<p>Enter an IP address below:</p>\r\n\t\t<form name=\"ping\" action=\"#\" method=\"post\">\r\n\t\t\t<input type=\"text\" name=\"ip\" size=\"30\">\r\n\t\t\t<input type=\"submit\" value=\"submit\" name=\"submit\">\r\n\t\t</form>\r\n\r\n\t\t{$html}\r\n\r\n\t</div>\r\n\r\n\t<h2>More info</h2>\r\n\t<ul>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.ss64.com/bash/') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.ss64.com/nt/') . "</li>\r\n\t</ul>\r\n</div>\r\n";
dvwaHtmlEcho($page);示例6: define
define('DVWA_WEB_PAGE_TO_ROOT', '../../');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'WooYun-2014-52248';
$page['page_id'] = 'WooYun-2014-52248';
dvwaDatabaseConnect();
$vulnerabilityFile = '';
switch ($_COOKIE['security']) {
case 'low':
$vulnerabilityFile = 'low.php';
break;
case 'medium':
$vulnerabilityFile = 'medium.php';
break;
case 'high':
default:
$vulnerabilityFile = 'high.php';
break;
}
require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/WooYun-2014-52248/source/{$vulnerabilityFile}";
$page['help_button'] = 'WooYun-2014-52248';
$page['source_button'] = 'WooYun-2014-52248';
$magicQuotesWarningHtml = '';
// Check if Magic Quotes are on or off
if (ini_get('magic_quotes_gpc') == true) {
$magicQuotesWarningHtml = "\t<div class=\"warning\">Magic Quotes are on, you will not be able to inject SQL.</div>";
}
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\r\n\t<HeadlineFont><span class=\"label label-primary\">WooYun-2014-52248</span></HeadlineFont>\r\n\r\n\t<br>\t<br>\t<br>\t<br>\t<br>\r\n\r\n\t{$magicQuotesWarningHtml}\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\r\n\t\t<h3>Login User ID:</h3>\r\n\r\n\t\t<form action=\"#\" method=\"GET\">\r\n\t\t\t<input type=\"text\" name=\"id\" class=\"form-control\" style=\"width:50%;\">\r\n\t\t\t<input type=\"submit\" name=\"Submit\" value=\"Submit\" class=\"btn btn-lg btn-info\">\r\n\t\t</form>\r\n\r\n\t\t{$html}\r\n\r\n\r\n\t</div>\r\n\r\n\t<br>\r\n\t<br>\r\n\t<br>\r\n\t<div class=\"panel panel-primary\">\r\n <div class=\"panel-heading\">\r\n <h3 class=\"panel-title\">Original Bug Report</h3>\r\n </div>\r\n <div class=\"panel-body\">\r\n \t<li>" . dvwaExternalLinkUrlGet('http://www.wooyun.org/bugs/wooyun-2014-052248') . "</li>\r\n </div>\r\n </div>\r\n\r\n</div>\r\n";
dvwaHtmlEcho($page);示例7: queries
However due to the SQL query not having quotes around the parameter, this will not fully protect the query from being altered.</p>
<p>The text box has been replaced with a pre-defined dropdown list and uses POST to submit the form.</p>
<pre>Spoiler: <span class="spoiler">?id=a UNION SELECT 1,2;-- -&Submit=Submit</span>.</pre>
<br />
<h3>High Level</h3>
<p>This is very similar to the low level, however this time the attacker is inputting the value in a different manner.
The input values are being transferred to the vulnerable query via session variables using another page, rather than a direct GET request.</p>
<pre>Spoiler: <span class="spoiler">ID: a' UNION SELECT "text1","text2";-- -&Submit=Submit</span>.</pre>
<br />
<h3>Impossible Level</h3>
<p>The queries are now parameterized queries (rather than being dynamic). This means the query has been defined by the developer,
and has distinguish which sections are code, and the rest is data.</p>
</div></td>
</tr>
</table>
</div>
<br />
<p>Reference: <?php
echo dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/SQL_Injection');
?>
</p>
</div>
示例8: Forgery
<h3>Medium Level</h3>
<p>For the medium level challenge, there is a check to see where the last requested page came from. The developer believes if it matches the current domain,
it must of come from the web application so it can be trusted.</p>
<p>It may be required to link in multiple vulnerabilities to exploit this vector, such as reflective XSS.</p>
<br />
<h3>High Level</h3>
<p>In the high level, the developer has added an "anti Cross-Site Request Forgery (CSRF) token". In order by bypass this protection method, another vulnerability will be required.</p>
<pre>Spoiler: <span class="spoiler">e.g. Javascript is a executed on the client side, in the browser</span>.</pre>
<br />
<h3>Impossible Level</h3>
<p>In the impossible level, the challenge will extent the high level and asks for the current user's password. As this cannot be found out (only predicted or brute forced),
there is not an attack vector here.</p>
</div></td>
</tr>
</table>
</div>
<br />
<p>Reference: <?php
echo dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)');
?>
</p>
</div>
示例9: define
<?php
define('DVWA_WEB_PAGE_TO_ROOT', '');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('phpids'));
$page = dvwaPageNewGrab();
$page['title'] = 'About' . $page['title_separator'] . $page['title'];
$page['page_id'] = 'about';
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>About</h2>\r\n\t<p>Version " . dvwaVersionGet() . " (Release date: " . dvwaReleaseDateGet() . ")</p>\r\n\t<p>Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment</p>\r\n\t<p>The official documentation for DVWA can be found <a href=\"docs/DVWA_v1.3.pdf\">here</a>.</p>\r\n\t<p>DVWA is a RandomStorm OpenSource project. All material is copyright 2008-2015 RandomStorm & Ryan Dewhurst.</p>\r\n\r\n\t<h2>Links</h2>\r\n\t<ul>\r\n\t\t<li>Homepage: " . dvwaExternalLinkUrlGet('http://www.dvwa.co.uk/') . "</li>\r\n\t\t<li>Project Home: " . dvwaExternalLinkUrlGet('https://github.com/RandomStorm/DVWA') . "</li>\r\n\t\t<li>Bug Tracker: " . dvwaExternalLinkUrlGet('https://github.com/RandomStorm/DVWA/issues') . "</li>\r\n\t\t<li>Souce Control: " . dvwaExternalLinkUrlGet('https://github.com/RandomStorm/DVWA/commits/master') . "</li>\r\n\t\t<li>Wiki: " . dvwaExternalLinkUrlGet('https://github.com/RandomStorm/DVWA/wiki') . "</li>\r\n\t</ul>\r\n\r\n\t<h2>Credits</h2>\r\n\t<ul>\r\n\t\t<li>Brooks Garrett: " . dvwaExternalLinkUrlGet('http://brooksgarrett.com/', 'www.brooksgarrett.com') . "</li>\r\n\t\t<li>Craig</li>\r\n\t\t<li>g0tmi1k: " . dvwaExternalLinkUrlGet('https://blog.g0tmi1k.com/', 'g0tmi1k.com') . "</li>\r\n\t\t<li>Jamesr: " . dvwaExternalLinkUrlGet('https://www.creativenucleus.com/', 'www.creativenucleus.com') . " / " . dvwaExternalLinkUrlGet('http://www.designnewcastle.co.uk/', 'www.designnewcastle.co.uk') . "</li>\r\n\t\t<li>Jason Jones: " . dvwaExternalLinkUrlGet('http://www.linux-ninja.com/', 'www.linux-ninja.com') . "</li>\r\n\t\t<li>RandomStorm: " . dvwaExternalLinkUrlGet('https://www.randomstorm.com/', 'www.randomstorm.com') . "</li>\r\n\t\t<li>Ryan Dewhurst: " . dvwaExternalLinkUrlGet('https://www.dewhurstsecurity.com/', 'www.dewhurstsecurity.com') . "</li>\r\n\t\t<li>Shinkurt: " . dvwaExternalLinkUrlGet('http://www.paulosyibelo.com/', 'www.paulosyibelo.com') . "</li>\r\n\t\t<li>Tedi Heriyanto: " . dvwaExternalLinkUrlGet('http://tedi.heriyanto.net/', 'tedi.heriyanto.net') . "</li>\r\n\t\t<li>Tom Mackenzie: " . dvwaExternalLinkUrlGet('https://www.tmacuk.co.uk/', 'www.tmacuk.co.uk') . "</li>\r\n\t</ul>\r\n\t<ul>\r\n\t\t<li>PHPIDS - Copyright (c) 2007 " . dvwaExternalLinkUrlGet('http://github.com/PHPIDS/PHPIDS', 'PHPIDS group') . "</li>\r\n\t</ul>\r\n\r\n\t<h2>License</h2>\r\n\t<p>Damn Vulnerable Web Application (DVWA) is free software: you can redistribute it and/or modify\r\n\tit under the terms of the GNU General Public License as published by\r\n\tthe Free Software Foundation, either version 3 of the License, or\r\n\t(at your option) any later version.</p>\r\n\t<p>The PHPIDS library is included, in good faith, with this DVWA distribution. The operation of PHPIDS is provided without support from the DVWA team. It is licensed under <a href=\"" . DVWA_WEB_PAGE_TO_ROOT . "instructions.php?doc=PHPIDS-license\">separate terms</a> to the DVWA code.</p>\r\n\r\n\t<h2>Development</h2>\r\n\t<p>Everyone is welcome to contribute and help make DVWA as successful as it can be. All contributors can have their name and link (if they wish) placed in the credits section. To contribute pick an Issue from the Project Home to work on or submit a patch to the Issues list.</p>\r\n</div>\n";
dvwaHtmlEcho($page);
exit;示例10: dvwaPageStartup
<?php
const DVWA_WEB_PAGE_TO_ROOT = '';
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'About';
$page['page_id'] = 'about';
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>About</h1>\r\n\r\n\t<p>\r\n\tVersion " . dvwaVersionGet() . " (Release date: " . dvwaReleaseDateGet() . ")\r\n\t<br /><br />\r\n\tDVWA is a RandomStorm OpenSource project. All material is copyright 2008-2011 RandomStorm & Ryan Dewhurst.\r\n\t</p>\r\n\r\n\t<h2>Links</h2>\r\n\r\n\t<ul>\r\n\t\t<li>Homepage: " . dvwaExternalLinkUrlGet('http://www.dvwa.co.uk/') . "</li>\r\n\t\t<li>Project Home: " . dvwaExternalLinkUrlGet('http://code.google.com/p/dvwa/') . "</li>\r\n\t\t<li>Issues: " . dvwaExternalLinkUrlGet('http://code.google.com/p/dvwa/issues/list') . "</li>\r\n\t\t<li>SVN: " . dvwaExternalLinkUrlGet('http://dvwa.googlecode.com/svn/trunk/') . "</li>\r\n\r\n\t</ul>\r\n\r\n\t<h2>Credits</h2>\r\n\r\n\t<ul>\r\n\t\t<li>Craig: " . dvwaExternalLinkUrlGet('http://www.youreadmyblog.info/', 'www.youreadmyblog.info') . "</li>\r\n\t\t<li>Jamesr: " . dvwaExternalLinkUrlGet('http://www.creativenucleus.com/', 'www.creativenucleus.com') . " / " . dvwaExternalLinkUrlGet('http://www.designnewcastle.co.uk/', 'www.designnewcastle.co.uk') . "</li>\r\n\t\t<li>Ryan Dewhurst: " . dvwaExternalLinkUrlGet('http://www.ethicalhack3r.co.uk/', 'www.ethicalhack3r.co.uk') . "</li>\r\n\t\t<li>Tedi Heriyanto: " . dvwaExternalLinkUrlGet('http://tedi.heriyanto.net/', 'http://tedi.heriyanto.net') . "</li>\r\n\t\t<li>Tom Mackenzie: " . dvwaExternalLinkUrlGet('http://www.tmacuk.co.uk/', 'www.tmacuk.co.uk') . "</li>\r\n\t\t<li>RandomStorm: " . dvwaExternalLinkUrlGet('http://www.randomstorm.com/', 'www.randomstorm.com') . "</li>\r\n\t\t<li>Jason Jones: " . dvwaExternalLinkUrlGet('http://www.linux-ninja.com/', 'www.linux-ninja.com') . "</li>\r\n\t\t<li>Brooks Garrett: " . dvwaExternalLinkUrlGet('http://brooksgarrett.com/', 'www.brooksgarrett.com') . "</li>\r\n\t</ul>\r\n\r\n\t<ul>\r\n\t\t<li>PHPIDS - Copyright (c) 2007 " . dvwaExternalLinkUrlGet('http://php-ids.org/', 'PHPIDS group') . "</li>\r\n\t</ul>\r\n\r\n\t<h2>License</h2>\r\n\r\n\t<p>Damn Vulnerable Web App (DVWA) is free software: you can redistribute it and/or modify\r\n\tit under the terms of the GNU General Public License as published by\r\n\tthe Free Software Foundation, either version 3 of the License, or\r\n\t(at your option) any later version.</p>\r\n\r\n\t<p>The PHPIDS library is included, in good faith, with this DVWA distribution. The operation of PHPIDS is provided without support from the DVWA team. It is licensed under <a href=\"" . DVWA_WEB_PAGE_TO_ROOT . "instructions.php?doc=PHPIDS-license\">separate terms</a> to the DVWA code.</p>\r\n\r\n\t<h2>Development</h2>\r\n\r\n\t<p>Everyone is welcome to contribute and help make DVWA as successful as it can be. All contributors can have their name and link (if they wish) placed in the credits section. To contribute pick an Issue from the Project Home to work on or submit a patch to the Issues list.</p>\r\n\t\r\n\r\n</div>\r\n";
dvwaHtmlEcho($page);
exit;示例11: dvwaExternalLinkUrlGet
echo dvwaExternalLinkUrlGet('https://secure.php.net/manual/en/wrappers.php', 'PHP Streams');
?>
</span>.</pre>
<br />
<h3>High Level</h3>
<p>The developer has had enough. They decided to only allow certain files to be used. However as there are multiple files with the same basename,
they use a wildcard to include them all.</p>
<pre>Spoiler: <span class="spoiler">LFI: The filename only has start with a certain value.</span>.
Spoiler: <span class="spoiler">RFI: Need to link in another vulnerability, such as file upload</span>.</pre>
<br />
<h3>Impossible Level</h3>
<p>The developer calls it quits and hardcodes only the allowed pages, with there exact filenames. By doing this, it removes all avenues of attack.</p>
</div></td>
</tr>
</table>
</div>
<br />
<p>Reference: <?php
echo dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/Top_10_2007-A3');
?>
</p>
</div>
示例12: define
<?php
define('DVWA_WEB_PAGE_TO_ROOT', '../../');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'Vulnerability: Cross Site Request Forgery (CSRF)';
$page['page_id'] = 'csrf';
dvwaDatabaseConnect();
$vulnerabilityFile = '';
switch ($_COOKIE['security']) {
case 'low':
$vulnerabilityFile = 'low.php';
break;
case 'medium':
$vulnerabilityFile = 'medium.php';
break;
case 'high':
default:
$vulnerabilityFile = 'high.php';
break;
}
require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/csrf/source/{$vulnerabilityFile}";
$page['help_button'] = 'csrf';
$page['source_button'] = 'csrf';
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n <h1>Vulnerability: Cross Site Request Forgery (CSRF)</h1>\r\n <div class=\"vulnerable_code_area\">\r\n\t<h3>Change your admin password:</h3>\r\n\t<br />\r\n\t<form action=\"#\" method=\"GET\">";
if (dvwaSecurityLevelGet() == 'high') {
$page['body'] .= "\r\n\t Current password:<br />\r\n\t <input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_current\"><br />";
}
$page['body'] .= "\r\n\t New password:<br />\r\n\t <input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_new\"><br />\r\n\t Confirm new password:<br />\r\n\t <input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_conf\"><br />\r\n\t <input type=\"submit\" value=\"Change\" name=\"Change\">\r\n\t</form>\r\n\t{$html}\r\n </div>\r\n\r\n <h2>More info</h2>\r\n <ul>\r\n\t<li>" . dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/Cross-Site_Request_Forgery') . "</li>\r\n\t<li>" . dvwaExternalLinkUrlGet('http://www.cgisecurity.com/csrf-faq.html') . "</li>\r\n\t<li>" . dvwaExternalLinkUrlGet('https://en.wikipedia.org/wiki/Cross-site_request_forgery ') . "</li>\r\n </ul>\r\n</div>\r\n";
dvwaHtmlEcho($page);示例13: switch
if (isset($_GET['phpids'])) {
switch ($_GET['phpids']) {
case 'on':
dvwaPhpIdsEnabledSet(true);
dvwaMessagePush("PHPIDS is now enabled");
break;
case 'off':
dvwaPhpIdsEnabledSet(false);
dvwaMessagePush("PHPIDS is now disabled");
break;
}
dvwaPageReload();
}
$securityOptionsHtml = '';
$securityLevelHtml = '';
foreach (array('low', 'medium', 'high') as $securityLevel) {
$selected = '';
if ($securityLevel == dvwaSecurityLevelGet()) {
$selected = ' selected="selected"';
$securityLevelHtml = "<p>Security Level is currently <em>{$securityLevel}</em>.<p>";
}
$securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>{$securityLevel}</option>";
}
$phpIdsHtml = 'PHPIDS is currently ';
if (dvwaPhpIdsIsEnabled()) {
$phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">disable PHPIDS</a>]';
} else {
$phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">enable PHPIDS</a>]';
}
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\"></h1>\r\n\r\n\t<br />\r\n\t\r\n\t<h2>Script Security</h2>\r\n\r\n\t{$securityHtml}\r\n\r\n\t<form action=\"#\" method=\"POST\">\r\n\t\t{$securityLevelHtml}\r\n\t\t<p>You can set the security level to low, medium or high.</p>\r\n\t\t<p>The security level changes the vulnerability level of DVWA.</p>\r\n\r\n\t\t<select name=\"security\">\r\n\t\t\t{$securityOptionsHtml}\r\n\t\t</select>\r\n\t\t<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">\r\n\t</form>\r\n\r\n\t<br />\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>PHPIDS</h2>\r\n\r\n\t<p>" . dvwaExternalLinkUrlGet('http://php-ids.org/', 'PHPIDS') . " v." . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) is a security layer for PHP based web applications. </p>\r\n\t<p>You can enable PHPIDS across this site for the duration of your session.</p>\r\n\r\n\t<p>{$phpIdsHtml}</p>\r\n\t[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -\r\n\t[<a href=\"ids_log.php\">View IDS log</a>]\r\n\t\r\n</div>\r\n";
dvwaHtmlEcho($page);示例14: dvwaPhpIdsEnabledSet
dvwaPhpIdsEnabledSet(false);
dvwaMessagePush("PHPIDS is now disabled");
break;
}
dvwaPageReload();
}
$securityOptionsHtml = '';
$securityLevelHtml = '';
foreach (array('low', 'medium', 'high', 'impossible') as $securityLevel) {
$selected = '';
if ($securityLevel == dvwaSecurityLevelGet()) {
$selected = ' selected="selected"';
$securityLevelHtml = "<p>Security level is currently: <em>{$securityLevel}</em>.<p>";
}
$securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>" . ucfirst($securityLevel) . "</option>";
}
$phpIdsHtml = 'PHPIDS is currently: ';
if (dvwaPhpIdsIsEnabled()) {
$phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">Disable PHPIDS</a>]';
} else {
$phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">Enable PHPIDS</a>]';
}
// Anti-CSRF
generateSessionToken();
// Able to write to the PHPIDS log file?
$WarningHtml = '';
if (!is_writable($PHPIDSPath)) {
$WarningHtml .= "<div class=\"warning\"><em>Cannot write to the PHPIDS log file</em>: {$PHPIDSPath}</div>";
}
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\" /></h1>\r\n\t<br />\r\n\r\n\t<h2>Security Level</h2>\r\n\r\n\t{$securityHtml}\r\n\r\n\t<form action=\"#\" method=\"POST\">\r\n\t\t{$securityLevelHtml}\r\n\t\t<p>You can set the security level to low, medium, high or impossible. The security level changes the vulnerability level of DVWA:</p>\r\n\t\t<ol>\r\n\t\t\t<li> Low - This security level is completely vulnerable and <em>has no security measures at all</em>. It's use is to be as an example of how web application vulnerabilities manifest through bad coding practices and to serve as a platform to teach or learn basic exploitation techniques.</li>\r\n\t\t\t<li> Medium - This setting is mainly to give an example to the user of <em>bad security practices</em>, where the developer has tried but failed to secure an application. It also acts as a challenge to users to refine their exploitation techniques.</li>\r\n\t\t\t<li> High - This option is an extension to the medium difficulty, with a mixture of <em>harder or alternative bad practices</em> to attempt to secure the code. The vulnerability may not allow the same extent of the exploitation, similar in various Capture The Flags (CTFs) competitions.</li>\r\n\t\t\t<li> Impossible - This level should be <em>secure against all vulnerabilities</em>. It is used to compare the vulnerable source code to the secure source code.<br />\r\n\t\t\t\tPriority to DVWA v1.9, this level was known as 'high'.</li>\r\n\t\t</ol>\r\n\t\t<select name=\"security\">\r\n\t\t\t{$securityOptionsHtml}\r\n\t\t</select>\r\n\t\t<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">\r\n\t\t" . tokenField() . "\r\n\t</form>\r\n\r\n\t<br />\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>PHPIDS</h2>\r\n\t{$WarningHtml}\r\n\t<p>" . dvwaExternalLinkUrlGet('https://github.com/PHPIDS/PHPIDS', 'PHPIDS') . " v" . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) is a security layer for PHP based web applications.</p>\r\n\t<p>PHPIDS works by filtering any user supplied input against a blacklist of potentially malicious code. It is used in DVWA to serve as a live example of how Web Application Firewalls (WAFs) can help improve security and in some cases how WAFs can be circumvented.</p>\r\n\t<p>You can enable PHPIDS across this site for the duration of your session.</p>\r\n\r\n\t<p>{$phpIdsHtml}</p>\r\n\t[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -\r\n\t[<a href=\"ids_log.php\">View IDS log</a>]\r\n</div>";
dvwaHtmlEcho($page);示例15: dvwaDatabaseConnect
$page['help_button'] = 'csrf';
$page['source_button'] = 'csrf';
dvwaDatabaseConnect();
$vulnerabilityFile = '';
switch ($_COOKIE['security']) {
case 'low':
$vulnerabilityFile = 'low.php';
break;
case 'medium':
$vulnerabilityFile = 'medium.php';
break;
case 'high':
default:
$vulnerabilityFile = 'high.php';
break;
}
// Anti-CSRF
if ($vulnerabilityFile == 'high.php') {
generateTokens();
}
require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/csrf/source/{$vulnerabilityFile}";
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n <h1>Vulnerability: Cross Site Request Forgery (CSRF)</h1>\r\n\r\n <div class=\"vulnerable_code_area\">\r\n\t\t<h3>Change your admin password:</h3>\r\n\t\t<br />\r\n\r\n\t\t<form action=\"#\" method=\"GET\">";
if (dvwaSecurityLevelGet() == 'high') {
$page['body'] .= "\r\n\t\t\tCurrent password:<br />\r\n\t\t\t<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_current\"><br />";
}
$page['body'] .= "\r\n\t\t\tNew password:<br />\r\n\t\t\t<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_new\"><br />\r\n\t\t\tConfirm new password:<br />\r\n\t\t\t<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_conf\"><br />\r\n\t\t\t<br />\r\n\t\t\t<input type=\"submit\" value=\"Change\" name=\"Change\">";
if ($vulnerabilityFile == 'high.php') {
$page['body'] .= "\t\t\t" . tokenField();
}
$page['body'] .= "\r\n\t\t</form>\r\n\t\t{$html}\r\n </div>\r\n\r\n <h2>More Information</h2>\r\n <ul>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/Cross-Site_Request_Forgery') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.cgisecurity.com/csrf-faq.html') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://en.wikipedia.org/wiki/Cross-site_request_forgery ') . "</li>\r\n </ul>\r\n</div>\r\n";
dvwaHtmlEcho($page);