/**
* Updates an applicant's status and staff comments.
*
* This function performs 0, 1, or 2 database updates.
* - If $newStatus is not an empty string, the database updates
* - If $staffComments is not an empty string, the database updates
*
* @param $recordId id of applicant who needs to be updated
* @param $oldStatus old status of the applicant
* @param $newStatus new status of the applicant
* @param $staffComments comments provided by the staff
*/
function updateApplicant($recordId, $oldStatus, $newStatus, $staffComments)
{
$update_status = updateStatus($recordId, $oldStatus, $newStatus);
$update_staff_comments = updateStaffComments($recordId, $staffComments);
if ($update_status or $update_staff_comments) {
$update_msg = "";
if ($update_status) {
$update_msg = "<p>Status changed from: {$oldStatus} ==> {$newStatus}</p>";
}
if ($update_staff_comments) {
$update_msg .= "<p>Comments added: {$staffComments}</p>";
}
?>
<div class="panelsuccess">
<h3>Update Successful</h3>
<h4>
<?php
echo $update_msg;
?>
</h4>
<p><label>Click <span style="color:red">Select Volunteer</span> to view updated data</label></p>
</div>
<?php
}
}
function removeFromWatchlist($selectedids,$couid)
{
if ($selectedids != -1) {
foreach ($selectedids as $sid) {
updateStatus(0, $sid, $couid); // update watchlist status for each student on course base
}
}
}
function testDirectObjectRefs($arrayOfURLs, $testId)
{
connectToDb($db);
updateStatus($db, "Testing all URLs for Insecure Direct Object References...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Identifying which URLs have parameters");
$log->lwrite("All URLs found during crawl:");
$urlsWithParameters = array();
foreach ($arrayOfURLs as $currentUrl) {
$log->lwrite($currentUrl);
if (strpos($currentUrl, "?")) {
array_push($urlsWithParameters, $currentUrl);
}
}
$log->lwrite("URLs with parameters:");
foreach ($urlsWithParameters as $currentUrl) {
$log->lwrite($currentUrl);
}
$log->lwrite("Testing each URL that has parameters");
foreach ($urlsWithParameters as $currentUrl) {
$parsedUrl = parse_url($currentUrl);
if ($parsedUrl) {
$query = $parsedUrl['query'];
$parameters = array();
parse_str($query, $parameters);
foreach ($parameters as $para) {
if (preg_match('/\\.([^\\.]+)$/', $para)) {
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$tableName = 'test' . $testId;
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'idor' AND method = 'get' AND url = '{$currentUrl}' AND attack_str = '{$para}'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'idor', 'get', $currentUrl, $para);
}
}
}
}
} else {
$log->lwrite("Could not parse malformed URL: {$currentUrl}");
}
}
}
function emailPdfToUser($fileName, $username, $email, $testId)
{
connectToDb($db);
updateStatus($db, "Emailing PDF report to {$email}...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting email PDF function for test: {$testId}");
if (file_exists($fileName)) {
$log->lwrite("File: {$fileName} exists");
$fileatt = $fileName;
// Path to the file
$fileatt_type = "application/pdf";
// File Type
$fileatt_name = 'Test_' . $testId . '.pdf';
// Filename that will be used for the file as the attachment
$email_from = "*****@*****.**";
// Who the email is from, don't think this does anything
$email_subject = "WebVulScan Detailed Report";
// The Subject of the email
$email_message = "Hello {$username},<br><br>";
$email_message .= 'Thank you for scanning with WebVulScan. Please find the scan results attached in the PDF report.<br><br>';
$email_message .= 'Please reply to this email if you have any questions.<br><br>';
$email_message .= 'Kind Regards,<br><br>';
$email_message .= 'WebVulScan Team<br>';
$email_to = $email;
// Who the email is to
$headers = "From: " . $email_from;
$file = fopen($fileatt, 'rb');
$data = fread($file, filesize($fileatt));
fclose($file);
$semi_rand = md5(time());
$mime_boundary = "==Multipart_Boundary_x{$semi_rand}x";
$headers .= "\nMIME-Version: 1.0\n" . "Content-Type: multipart/mixed;\n" . " boundary=\"{$mime_boundary}\"";
$email_message .= "This is a multi-part message in MIME format.\n\n" . "--{$mime_boundary}\n" . "Content-Type:text/html; charset=\"iso-8859-1\"\n" . "Content-Transfer-Encoding: 7bit\n\n" . ($email_message .= "\n\n");
$data = chunk_split(base64_encode($data));
$email_message .= "--{$mime_boundary}\n" . "Content-Type: {$fileatt_type};\n" . " name=\"{$fileatt_name}\"\n" . "Content-Transfer-Encoding: base64\n\n" . ($data .= "\n\n" . "--{$mime_boundary}--\n");
$mailSent = mail($email_to, $email_subject, $email_message, $headers);
if ($mailSent) {
$log->lwrite("{$fileName} successfully sent to {$email}");
} else {
$log->lwrite("There was a problem sending {$fileName} to {$email}");
}
} else {
$log->lwrite("File: {$fileName} does not exist");
}
}
/**
* Updates a records's status.
*
* This function performs 0, 1, or 2 database updates.
* - If $newStatus is not an empty string, the database updates
*
* @param $recordId id of applicant who needs to be updated
* @param $oldStatus old status of the applicant
* @param $newStatus new status of the applicant
* @param $table_name Name of the table to update
* @param $status_column name of status column
* @param $id_column name of id column
* @param $note Note to be put in meta data table
*/
function updateRecord($recordId, $oldStatus, $newStatus, $table_name, $status_column, $id_column, $note)
{
$update_status = updateStatus($recordId, $oldStatus, $newStatus, $table_name, $status_column, $id_column, $note);
if ($update_status) {
$update_msg = "";
if ($update_status) {
$update_msg = "<p>Status changed from: {$oldStatus} ==> {$newStatus}</p>";
}
?>
<div class="panelsuccess">
<h3>Update Successful</h3>
<h4>
<?php
echo $update_msg;
?>
</h4>
<p><label>Click <span style="color:red">Select Applicant</span> to view updated data</label></p>
</div>
<?php
}
}
/**
* Deletes the selected server
*/
function delete($server_id)
{
global $fmdb, $__FM_CONFIG;
/** Does the server_id exist for this account? */
$server_serial_no = getNameFromID($server_id, 'fm_' . $__FM_CONFIG[$_SESSION['module']]['prefix'] . 'servers', 'server_', 'server_id', 'server_serial_no');
basicGet('fm_' . $__FM_CONFIG[$_SESSION['module']]['prefix'] . 'servers', $server_serial_no, 'server_', 'server_serial_no');
if ($fmdb->num_rows) {
/** Delete associated policies */
if (updateStatus('fm_' . $__FM_CONFIG[$_SESSION['module']]['prefix'] . 'policies', $server_serial_no, 'policy_', 'deleted', 'server_serial_no') === false) {
return __('The associated policies could not be removed because a database error occurred.');
}
/** Delete server */
$tmp_name = getNameFromID($server_id, 'fm_' . $__FM_CONFIG[$_SESSION['module']]['prefix'] . 'servers', 'server_', 'server_id', 'server_name');
if (updateStatus('fm_' . $__FM_CONFIG[$_SESSION['module']]['prefix'] . 'servers', $server_id, 'server_', 'deleted', 'server_id')) {
addLogEntry(sprintf(__("Server '%s' (%s) was deleted"), $tmp_name, $server_serial_no));
return true;
}
}
return __('This server could not be deleted.');
}
/**
* Deletes the selected policy
*/
function delete($policy_id, $server_serial_no)
{
global $fmdb, $__FM_CONFIG;
/** Does the policy_id exist for this account? */
basicGet('fm_' . $__FM_CONFIG[$_SESSION['module']]['prefix'] . 'policies', $policy_id, 'policy_', 'policy_id');
if ($fmdb->num_rows) {
/** Delete service */
if (updateStatus('fm_' . $__FM_CONFIG[$_SESSION['module']]['prefix'] . 'policies', $policy_id, 'policy_', 'deleted', 'policy_id')) {
setBuildUpdateConfigFlag($_REQUEST['server_serial_no'], 'yes', 'build');
addLogEntry('Deleted policy from ' . getNameFromID($server_serial_no, 'fm_' . $__FM_CONFIG[$_SESSION['module']]['prefix'] . 'servers', 'server_', 'server_serial_no', 'server_name') . '.');
return true;
}
}
return __('This policy could not be deleted.');
}
/**
* Deletes the selected option
*/
function delete($id, $server_serial_no = 0)
{
global $fmdb, $__FM_CONFIG;
$tmp_name = getNameFromID($id, 'fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'config', 'cfg_', 'cfg_id', 'cfg_name');
$tmp_server_name = $server_serial_no ? getNameFromID($server_serial_no, 'fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'servers', 'server_', 'server_serial_no', 'server_name') : 'All Servers';
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'config', $id, 'cfg_', 'deleted', 'cfg_id') === false) {
return __('This option could not be deleted because a database error occurred.');
} else {
setBuildUpdateConfigFlag($server_serial_no, 'yes', 'build');
addLogEntry(sprintf(__("Option '%s' for %s was deleted."), $tmp_name, $tmp_server_name));
return true;
}
}
if (!empty($_POST)) {
$response = $fm_users->update($_POST);
if ($response !== true) {
$form_data = $_POST;
} else {
header('Location: ' . $GLOBALS['basename']);
}
}
if (isset($_GET['status'])) {
if ($_GET['id'] == 1) {
$_GET['id'] = 0;
}
$user_info = getUserInfo($_GET['id']);
if ($user_info) {
if ($user_info['user_template_only'] == 'no') {
if (updateStatus('fm_users', $_GET['id'], 'user_', $_GET['status'], 'user_id')) {
addLogEntry(sprintf(_("Set user '%s' status to %s."), $user_info['user_login'], $_GET['status']), $fm_name);
header('Location: ' . $GLOBALS['basename']);
}
}
}
$response = sprintf(_('This user could not be set to %s.') . "\n", $_GET['status']);
}
}
printHeader();
@printMenu();
echo printPageHeader($response, null, currentUserCan('manage_users'));
$sort_field = 'user_login';
$sort_direction = null;
if (isset($_SESSION[$_SESSION['module']][$GLOBALS['path_parts']['filename']])) {
extract($_SESSION[$_SESSION['module']][$GLOBALS['path_parts']['filename']], EXTR_OVERWRITE);
function empty_queue($session_id)
{
//$solr_query .= '&fl=id+status_analyzedStatus+status_transcribedStatus+status_parsedL1Status+status_parsedL2Status+status_parsedL3Status';
$apiary_session = $session_id;
$solr_q = 'q=status_locked_session:("' . $apiary_session . '")';
$solr_fl = 'fl=id+status_analyzedStatus+status_transcribedStatus+status_parsedL1Status+status_parsedL2Status+status_parsedL3Status';
$solr_op = '';
$solr_rows = 'rows=10000';
$solr_sxml = solr_query_xml($solr_q, $solr_fl, $solr_op, $solr_rows);
if ($solr_sxml != false) {
foreach ($solr_sxml->result[0]->doc as $doc) {
$pid = '';
$analyzedStatus = '';
$transcribedStatus = '';
$parsedL1Status = '';
$parsedL2Status = '';
$parsedL3Status = '';
foreach ($doc->children() as $sxml_node) {
if ($sxml_node->attributes()->name == 'id') {
$pid = $sxml_node;
}
if ($sxml_node->attributes()->name == 'status_analyzedStatus') {
$analyzedStatus = $sxml_node;
}
if ($sxml_node->attributes()->name == 'status_transcribedStatus') {
$transcribedStatus = $sxml_node;
}
if ($sxml_node->attributes()->name == 'status_parsedL1Status') {
$parsedL1Status = $sxml_node;
}
if ($sxml_node->attributes()->name == 'status_parsedL2Status') {
$parsedL2Status = $sxml_node;
}
if ($sxml_node->attributes()->name == 'status_parsedL3Status') {
$parsedL3Status = $sxml_node;
}
}
if (strpos($pid, 'ap-image:') > -1) {
if ($analyzedStatus == "in progress") {
updateStatus($pid, "analyzedStatus", "incomplete");
}
AP_Image::releaseImageLock($pid);
} else {
if (strpos($pid, 'ap-roi:') > -1) {
if ($transcribedStatus == "in progress") {
updateStatus($pid, "transcribedStatus", "incomplete");
}
if ($parsedL1Status == "in progress") {
updateStatus($pid, "parsedL1Status", "incomplete");
}
if ($parsedL2Status == "in progress") {
updateStatus($pid, "parsedL2Status", "incomplete");
}
if ($parsedL3Status == "in progress") {
updateStatus($pid, "parsedL3Status", "incomplete");
}
AP_ROI::releaseROILock($pid);
}
}
}
return true;
} else {
return false;
}
}
/**
* Deletes the selected zone and all associated records
*/
function delete($domain_id)
{
global $fmdb, $__FM_CONFIG;
/** Does the domain_id exist for this account? */
basicGet('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'domains', $domain_id, 'domain_', 'domain_id', 'active');
if ($fmdb->num_rows) {
$domain_result = $fmdb->last_result[0];
unset($fmdb->num_rows);
/** Delete all associated configs */
basicGet('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'config', $domain_id, 'cfg_', 'domain_id');
if ($fmdb->num_rows) {
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'config', $domain_id, 'cfg_', 'deleted', 'domain_id') === false) {
return __('The associated configs for this zone could not be deleted because a database error occurred.');
}
unset($fmdb->num_rows);
}
/** Delete all associated records */
basicGet('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'records', $domain_id, 'record_', 'domain_id');
if ($fmdb->num_rows) {
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'records', $domain_id, 'record_', 'deleted', 'domain_id') === false) {
return __('The associated records for this zone could not be deleted because a database error occurred.');
}
unset($fmdb->num_rows);
}
basicGet('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'records_skipped', $domain_id, 'record_', 'domain_id');
if ($fmdb->num_rows) {
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'records_skipped', $domain_id, 'record_', 'deleted', 'domain_id') === false) {
return __('The associated records for this zone could not be deleted because a database error occurred.');
}
unset($fmdb->num_rows);
}
/** Delete all associated SOA */
if (!$domain_result->domain_clone_domain_id && $domain_result->soa_id) {
basicGet('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'soa', $domain_result->soa_id, 'soa_', 'soa_id', "AND soa_template='no'");
if ($fmdb->num_rows) {
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'soa', $domain_result->soa_id, 'soa_', 'deleted', 'soa_id') === false) {
return __('The SOA for this zone could not be deleted because a database error occurred.');
}
unset($fmdb->num_rows);
}
}
/** Delete associated records from fm_{$__FM_CONFIG['fmDNS']['prefix']}track_builds */
if (basicDelete('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'track_builds', $domain_id, 'domain_id', false) === false) {
return sprintf(__('The zone could not be removed from the %s table because a database error occurred.'), 'fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'track_builds');
}
/** Force buildconf for all associated DNS servers */
setBuildUpdateConfigFlag(getZoneServers($domain_id, array('masters', 'slaves')), 'yes', 'build');
/** Delete cloned zones */
basicGet('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'domains', $domain_id, 'domain_', 'domain_clone_domain_id');
if ($fmdb->num_rows) {
unset($fmdb->num_rows);
/** Delete cloned zone records first */
basicGetList('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'domains', 'domain_id', 'domain_', "AND domain_clone_domain_id={$domain_id}");
if ($fmdb->num_rows) {
$clone_domain_result = $fmdb->last_result;
$clone_domain_num_rows = $fmdb->num_rows;
for ($i = 0; $i < $clone_domain_num_rows; $i++) {
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'records', $clone_domain_result[$i]->domain_id, 'record_', 'deleted', 'domain_id') === false) {
return __('The associated records for the cloned zones could not be deleted because a database error occurred.');
}
}
unset($fmdb->num_rows);
}
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'domains', $domain_id, 'domain_', 'deleted', 'domain_clone_domain_id') === false) {
return __('The associated clones for this zone could not be deleted because a database error occurred.');
}
}
/** Delete zone */
$tmp_name = displayFriendlyDomainName(getNameFromID($domain_id, 'fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'domains', 'domain_', 'domain_id', 'domain_name'));
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'domains', $domain_id, 'domain_', 'deleted', 'domain_id') === false) {
return __('This zone could not be deleted because a database error occurred.');
}
addLogEntry("Deleted zone '{$tmp_name}' and all associated records.");
return true;
}
return __('This zone does not exist.');
}
/**
* Deletes the selected server
*/
function delete($id)
{
global $fmdb, $__FM_CONFIG;
// Delete corresponding configs
// if (!updateStatus('fm_config', $id, 'cfg_', 'deleted', 'cfg_server')) {
// return 'This backup server could not be deleted.'. "\n";
// }
// Delete server
$tmp_name = getNameFromID($id, 'fm_' . $__FM_CONFIG['fmSQLPass']['prefix'] . 'servers', 'server_', 'server_id', 'server_name');
if (!updateStatus('fm_' . $__FM_CONFIG['fmSQLPass']['prefix'] . 'servers', $id, 'server_', 'deleted', 'server_id')) {
return __('This database server could not be deleted.') . "\n";
} else {
addLogEntry("Deleted database server '{$tmp_name}'.");
return true;
}
}
/**
* Deletes the selected server/group
*/
function delete($server_id, $type)
{
global $fmdb, $__FM_CONFIG;
/** Does the server_id exist for this account? */
if ($type == 'servers') {
$server_serial_no = getNameFromID($server_id, 'fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'servers', 'server_', 'server_id', 'server_serial_no');
basicGet('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'servers', $server_serial_no, 'server_', 'server_serial_no');
if ($fmdb->num_rows) {
/** Update all associated domains */
$query = "SELECT domain_id,domain_name_servers FROM `fm_{$__FM_CONFIG['fmDNS']['prefix']}domains` WHERE (`domain_name_servers` LIKE '%;s_{$server_id};%' OR `domain_name_servers` LIKE '%;s_{$server_id}' OR `domain_name_servers` LIKE 's_{$server_id};%' OR `domain_name_servers`='s_{$server_id}') AND `account_id`='{$_SESSION['user']['account_id']}'";
$fmdb->query($query);
if ($fmdb->num_rows) {
$result = $this->updateNameServerAssignments($fmdb->last_result, $fmdb->num_rows, 's_' . $server_id);
if ($result !== true) {
return $result;
}
}
/** Delete associated config options */
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'config', $server_serial_no, 'cfg_', 'deleted', 'server_serial_no') === false) {
return __('The associated server configs could not be deleted because a database error occurred.');
}
/** Delete associated records from fm_{$__FM_CONFIG['fmDNS']['prefix']}track_builds */
if (basicDelete('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'track_builds', $server_serial_no, 'server_serial_no', false) === false) {
return sprintf(__('The server could not be removed from the %s table because a database error occurred.'), 'fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'track_builds');
}
/** Delete server */
$tmp_name = getNameFromID($server_id, 'fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'servers', 'server_', 'server_id', 'server_name');
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'servers', $server_id, 'server_', 'deleted', 'server_id')) {
addLogEntry(sprintf(__("Server '%s' (%s) was deleted"), $tmp_name, $server_serial_no));
return true;
}
}
return __('This server could not be deleted.');
} else {
basicGet('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'server_groups', $server_id, 'group_', 'group_id');
if ($fmdb->num_rows) {
/** Update all associated domains */
$query = "SELECT domain_id,domain_name_servers FROM `fm_{$__FM_CONFIG['fmDNS']['prefix']}domains` WHERE (`domain_name_servers` LIKE '%;g_{$server_id};%' OR `domain_name_servers` LIKE '%;g_{$server_id}' OR `domain_name_servers` LIKE 'g_{$server_id};%' OR `domain_name_servers`='g_{$server_id}') AND `account_id`='{$_SESSION['user']['account_id']}'";
$fmdb->query($query);
if ($fmdb->num_rows) {
$result = $this->updateNameServerAssignments($fmdb->last_result, $fmdb->num_rows, 'g_' . $server_id);
if ($result !== true) {
return $result;
}
}
/** Delete group */
$tmp_name = getNameFromID($server_id, 'fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'server_groups', 'group_', 'group_id', 'group_name');
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'server_groups', $server_id, 'group_', 'deleted', 'group_id')) {
addLogEntry(sprintf(__("Server group '%s' was deleted."), $tmp_name));
return true;
}
}
return __('This server group could not be deleted.');
}
return __('There is something wrong with your request.');
}
/**
* Deletes the selected template
*/
function delete($id, $table, $prefix)
{
global $fmdb, $__FM_CONFIG;
$tmp_name = getNameFromID($id, 'fm_' . $__FM_CONFIG['fmDNS']['prefix'] . $table, $prefix . '_', $prefix . '_id', $prefix . '_name');
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . $table, $id, $prefix . '_', 'deleted', $prefix . '_id') === false) {
return __('This template could not be deleted because a database error occurred.');
} else {
addLogEntry("Deleted {$prefix} template '{$tmp_name}'.");
return true;
}
}
{
$s = new Status();
return $s->getFields();
}
/* </functions> */
$action = Functions::get('action');
Functions::checkRights(__FILE__, $action, Functions::get('token'));
switch ($action) {
case 'fields_info':
$data = infoFields();
break;
case 'new':
$data = addStatus();
break;
case 'update':
$data = updateStatus(Functions::get('id'));
break;
case 'info':
$data = infoStatus(Functions::get('id'));
break;
case 'delete':
$data = deleteStatus(Functions::get('id'));
break;
case 'list':
$data = listStatuses();
break;
default:
Functions::setResponse(400);
}
/* </controller> */
loadview('json', $data);
/**
* Deletes the selected object
*/
function delete($object_id)
{
global $fmdb, $__FM_CONFIG;
/** Does the object_id exist for this account? */
basicGet('fm_' . $__FM_CONFIG[$_SESSION['module']]['prefix'] . 'objects', $object_id, 'object_', 'object_id');
if ($fmdb->num_rows) {
/** Is the object_id present in a policy? */
if (isItemInPolicy($object_id, 'object')) {
return __('This object could not be deleted because it is associated with one or more policies.');
}
/** Delete object */
$tmp_name = getNameFromID($object_id, 'fm_' . $__FM_CONFIG[$_SESSION['module']]['prefix'] . 'objects', 'object_', 'object_id', 'object_name');
if (updateStatus('fm_' . $__FM_CONFIG[$_SESSION['module']]['prefix'] . 'objects', $object_id, 'object_', 'deleted', 'object_id')) {
addLogEntry(sprintf(__('Object (%s) was deleted.'), $tmp_name));
return true;
}
}
return __('This object could not be deleted.');
}
if (isset($token) && $token != "") {
$config = array('client_Id' => APIKEY, 'redirect_uri' => REDIRECT_URL, 'client_Secret' => SECRET, 'url' => $_SESSION['shop']);
$productFeed = new Shopify($config);
$response = $productFeed->setAccessToken($token);
if ($response['status']) {
} else {
echo $response['error'];
die;
}
/* echo "<pre>";
print_r($productFeed); */
}
//$pixel = $_POST['dPixel'];
//$catalog = $_POST['dCatalog'];
$status = 0;
$data = array('store_URL' => $_SESSION['shop'], 'status' => $status);
$response = updateStatus($data);
$themescript = "pixelTheme.liquid";
$productscript = "pixelProduct.liquid";
$cartscript = "pixelCart.liquid";
$pixelThemeScript = "";
$pixelProductScript = "";
$pixelCartScript = "";
$productFeed->createAssets($themescript, $pixelThemeScript);
$productFeed->createAssets($productscript, $pixelProductScript);
$productFeed->createAssets($cartscript, $pixelCartScript);
$response = $productFeed->copyputThemeliquid();
$response = $productFeed->copyputCartliquid();
$response = $productFeed->copyputProductliquid();
echo "Pixel Successfully Uninstalled";
}
function testForReflectedXSS($urlToCheck, $urlOfSite, $testId)
{
connectToDb($db);
updateStatus($db, "Testing {$urlToCheck} for Reflected Cross-Site Scripting...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting Reflected XXS test function on {$urlToCheck}");
$postUrl = $urlToCheck;
$postUrlPath = parse_url($postUrl, PHP_URL_PATH);
//Check URL is not responding with 5xx codes
$log->lwrite("Checking what response code is received from {$urlToCheck}");
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
$error = $http->GetRequestArguments($urlToCheck, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$urlToCheck}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$urlToCheck}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$responseCode = $http->response_status;
//This is a string
$log->lwrite("Received response code: {$responseCode}");
if (intval($responseCode) >= 500 && intval($responseCode) < 600) {
$log->lwrite("Response code: {$responseCode} received from: {$urlToCheck}");
return;
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
$log->lwrite("Error: {$error}");
}
$html = file_get_html($postUrl, $testId);
if (empty($html)) {
//This can happen due to file_get_contents returning a 500 code. Then the parser won't parse it
$log->lwrite("Problem getting contents from {$urlToCheck}");
return;
}
//Submit these
//If adding string to this array, add a corresponding string (to look for in response), with he same index, in the array below
//The response to look for can be the same as the payload or different.
$payloads = array('<webvulscan>', 'javascript:alert(webvulscan)');
//Look for these in response after submitting corresponding payload
$harmfulResponses = array('<webvulscan>', 'src="javascript:alert(webvulscan)"');
//First check does the URL passed into this function contain parameters and submit payloads as those parameters if it does
$parsedUrl = parse_url($urlToCheck);
$log->lwrite("Check if {$urlToCheck} contains parameters");
if ($parsedUrl) {
if (isset($parsedUrl['query'])) {
$log->lwrite("{$urlToCheck} does contain parameters");
$scheme = $parsedUrl['scheme'];
$host = $parsedUrl['host'];
$path = $parsedUrl['path'];
$query = $parsedUrl['query'];
parse_str($query, $parameters);
$originalQuery = $query;
$payloadIndex = 0;
foreach ($payloads as $currentPayload) {
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
foreach ($parameters as $para) {
$query = $originalQuery;
$newQuery = str_replace($para, $currentPayload, $query);
$query = $newQuery;
$testUrl = $scheme . '://' . $host . $path . '?' . $query;
$log->lwrite("URL to be requested is: {$testUrl}");
$error = $http->GetRequestArguments($testUrl, $arguments);
$error = $http->Open($arguments);
echo "<br>Sending HTTP request to " . htmlspecialchars($testUrl) . "<br>";
if ($error == "") {
$log->lwrite("Sending HTTP request to {$testUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
$indicatorStr = $harmfulResponses[$payloadIndex];
if (stripos($body, $indicatorStr)) {
echo '<br>Reflected XSS Present!<br>Query: ' . HtmlSpecialChars($urlToCheck) . '<br>';
echo 'Method: GET <br>';
echo 'Url: ' . HtmlSpecialChars($testUrl) . '<br>';
echo 'Error: ' . htmlspecialchars($indicatorStr) . '<br>';
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$sql = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'rxss' AND method = 'get' AND url = '{$testUrl}' AND attack_str = '" . addslashes($query) . "'";
$result = $db->query($sql);
if (!$result) {
$log->lwrite("Could not execute query {$sql}");
} else {
$log->lwrite("Successfully executed query {$sql}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$sql}");
insertTestResult($db, $testId, 'rxss', 'get', $testUrl, addslashes($query));
}
}
$http->Close();
break 2;
}
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
}
}
$payloadIndex++;
}
}
} else {
$log->lwrite("Could not parse malformed URL: {$urlToCheck}");
}
//Array containing all form objects found
$arrayOfForms = array();
//Array containing all input fields
$arrayOfInputFields = array();
$log->lwrite("Searching {$postUrl} for forms");
$formNum = 1;
//Must use an integer to identify form as forms could have same names and ids
foreach ($html->find('form') as $form) {
isset($form->attr['id']) ? $formId = htmlspecialchars($form->attr['id']) : ($formId = '');
isset($form->attr['name']) ? $formName = htmlspecialchars($form->attr['name']) : ($formName = '');
isset($form->attr['method']) ? $formMethod = htmlspecialchars($form->attr['method']) : ($formMethod = 'get');
isset($form->attr['action']) ? $formAction = htmlspecialchars($form->attr['action']) : ($formAction = '');
$formMethod = strtolower($formMethod);
//If the action of the form is empty, set the action equal to everything
//after the URL that the user entered
if (empty($formAction)) {
$strLengthUrl = strlen($urlToCheck);
$strLengthSite = strlen($urlOfSite);
$firstIndexOfSlash = strpos($urlToCheck, '/', $strLengthSite - 1);
$formAction = substr($urlToCheck, $firstIndexOfSlash + 1, $strLengthUrl);
}
$log->lwrite("Found form on {$postUrl}: {$formId} {$formName} {$formMethod} {$formAction} {$formNum}");
$newForm = new Form($formId, $formName, $formMethod, $formAction, $formNum);
array_push($arrayOfForms, $newForm);
foreach ($form->find('input') as $input) {
isset($input->attr['id']) ? $inputId = htmlspecialchars($input->attr['id']) : ($inputId = '');
isset($input->attr['name']) ? $inputName = htmlspecialchars($input->attr['name']) : ($inputName = '');
isset($input->attr['value']) ? $inputValue = htmlspecialchars($input->attr['value']) : ($inputValue = '');
isset($input->attr['type']) ? $inputType = htmlspecialchars($input->attr['type']) : ($inputType = '');
$log->lwrite("Found input field on {$postUrl}: {$inputId} {$inputName} {$formId} {$formName} {$inputValue} {$inputType} {$formNum}");
$inputField = new InputField($inputId, $inputName, $formId, $formName, $inputValue, $inputType, $formNum);
array_push($arrayOfInputFields, $inputField);
}
$formNum++;
}
//At this stage, we should have captured all forms and their inputs into the corresponding arrays
$log->lwrite('Beginning testing of forms');
for ($i = 0; $i < sizeof($arrayOfForms); $i++) {
$currentForm = $arrayOfForms[$i];
$currentFormId = $currentForm->getId();
$currentFormName = $currentForm->getName();
$currentFormMethod = $currentForm->getMethod();
$currentFormAction = $currentForm->getAction();
$currentFormNum = $currentForm->getFormNum();
$arrayOfCurrentFormsInputs = array();
$log->lwrite("Beginning testing of form on {$postUrl}: {$currentFormId} {$currentFormName} {$currentFormMethod} {$currentFormAction}");
for ($j = 0; $j < sizeof($arrayOfInputFields); $j++) {
$currentInput = $arrayOfInputFields[$j];
$currentInputIdOfForm = $currentInput->getIdOfForm();
$currentInputNameOfForm = $currentInput->getNameOfForm();
$currentInputFormNum = $currentInput->getFormNum();
//Check if the current input field belongs to the current form and add to array if it does
if ($currentFormNum == $currentInputFormNum) {
array_push($arrayOfCurrentFormsInputs, $currentInput);
}
}
$log->lwrite("Beginning testing input fields of form on {$postUrl}: {$currentFormId} {$currentFormName} {$currentFormMethod} {$currentFormAction}");
for ($k = 0; $k < sizeof($arrayOfCurrentFormsInputs); $k++) {
for ($plIndex = 0; $plIndex < sizeof($payloads); $plIndex++) {
$testStr = $payloads[$plIndex];
$log->lwrite("Submitting payload: {$testStr}");
$defaultStr = 'Abc123';
$indicatorStr = $harmfulResponses[$plIndex];
$currentFormInput = $arrayOfCurrentFormsInputs[$k];
$currentFormInputName = $currentFormInput->getName();
$currentFormInputType = $currentFormInput->getType();
$currentFormInputValue = $currentFormInput->getValue();
if ($currentFormInputType != 'reset') {
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
$arrayOfValues = array();
//Array of PostOrGetObject objects
//Get the other input values and set them equal to the default string
$otherInputs = array();
for ($l = 0; $l < sizeof($arrayOfCurrentFormsInputs); $l++) {
if ($currentFormInput->getName() != $arrayOfCurrentFormsInputs[$l]->getName()) {
array_push($otherInputs, $arrayOfCurrentFormsInputs[$l]);
}
}
$postObject = new PostOrGetObject($currentFormInputName, $testStr);
//Add current input and other to array of post values and set their values
array_push($arrayOfValues, $postObject);
for ($m = 0; $m < sizeof($otherInputs); $m++) {
$currentOther = $otherInputs[$m];
$currentOtherType = $currentOther->getType();
$currentOtherName = $currentOther->getName();
$currentOtherValue = $currentOther->getValue();
if ($currentOtherType == 'text' || $currentOtherType == 'password') {
$postObject = new PostOrGetObject($currentOtherName, $defaultStr);
array_push($arrayOfValues, $postObject);
} else {
if ($currentOtherType == 'checkbox' || $currentOtherType == 'submit') {
$postObject = new PostOrGetObject($currentOtherName, $currentOtherValue);
array_push($arrayOfValues, $postObject);
} else {
if ($currentOtherType == 'radio') {
$postObject = new PostOrGetObject($currentOtherName, $currentOtherValue);
//Check if a radio button in the radio group has already been added
$found = false;
for ($n = 0; $n < sizeof($arrayOfValues); $n++) {
if ($arrayOfValues[$n]->getName() == $postObject->getName()) {
$found = true;
break;
}
}
if (!$found) {
array_push($arrayOfValues, $postObject);
}
}
}
}
}
echo '<br><br>';
if ($currentFormMethod == 'get') {
//Build query string and submit it at end of URL
if ($urlOfSite[strlen($urlOfSite) - 1] == '/') {
$actionUrl = $urlOfSite . $currentFormAction;
} else {
$actionUrl = $urlOfSite . '/' . $currentFormAction;
}
$totalTestStr = '';
//Compile a test string to show the user how the vulnerability was tested for
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$totalTestStr .= $currentPostValueName;
$totalTestStr .= '=';
$totalTestStr .= $currentPostValueValue;
if ($p != sizeof($arrayOfValues) - 1) {
$totalTestStr .= '&';
}
}
if (strpos($actionUrl, '?') !== false) {
//url may something like domain.com?id=111 so don't want to add another question mark if it is
$actionUrl .= '&';
} else {
$actionUrl .= '?';
}
$actionUrl .= $totalTestStr;
$error = $http->GetRequestArguments($actionUrl, $arguments);
$error = $http->Open($arguments);
if ($error == "") {
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
if (stripos($body, $indicatorStr)) {
//If the body that was returned from the request contains the payload, the
//Reflected XSS vulnerabiltiy is present
$totalTestStr = '';
//Compile a test string to show the user how the vulnerability was tested for
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$totalTestStr .= $currentPostValueName;
$totalTestStr .= '=';
$totalTestStr .= $currentPostValueValue;
if ($p != sizeof($arrayOfValues) - 1) {
$totalTestStr .= '&';
}
}
//The echo's are for testing/debugging the function on its own
echo 'Reflected XSS Present!<br>Query: ' . HtmlSpecialChars($totalTestStr) . '<br>';
echo 'Method: ' . $currentFormMethod . '<br>';
echo 'Url: ' . HtmlSpecialChars($actionUrl) . '';
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'rxss' AND method = '{$currentFormMethod}' AND url = '{$actionUrl}' AND attack_str = '{$totalTestStr}'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'rxss', $currentFormMethod, $actionUrl, $totalTestStr);
}
}
$http->Close();
break;
}
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
}
} else {
if ($currentFormMethod == 'post') {
//Start sending requests with the values in the post values array
//Build query string and submit it at end of URL
if ($urlOfSite[strlen($urlOfSite) - 1] == '/') {
$actionUrl = $urlOfSite . $currentFormAction;
} else {
$actionUrl = $urlOfSite . '/' . $currentFormAction;
}
$error = $http->GetRequestArguments($actionUrl, $arguments);
$arguments["RequestMethod"] = "POST";
$arguments["PostValues"] = array();
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$tempArray = array($currentPostValueName => $currentPostValueValue);
$arguments["PostValues"] = array_merge($arguments["PostValues"], $tempArray);
}
$error = $http->Open($arguments);
if ($error == "") {
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
//echo $body;
if (stripos($body, $indicatorStr)) {
//If the body that was returned from the request contains the test string, the
//Reflected XSS vulnerabiltiy is present
$totalTestStr = '';
//Compile a test string to show the user how the vulnerability was tested for
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$totalTestStr .= $currentPostValueName;
$totalTestStr .= '=';
$totalTestStr .= $currentPostValueValue;
if ($p != sizeof($arrayOfValues) - 1) {
$totalTestStr .= '&';
}
}
//The echo's are for testing/debugging the function on its own
echo 'Reflected XSS Present!<br>Query: ' . HtmlSpecialChars($totalTestStr) . '<br>';
echo 'Method: ' . $currentFormMethod . '<br>';
echo 'Url: ' . HtmlSpecialChars($actionUrl) . '';
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'rxss' AND method = '{$currentFormMethod}' AND url = '{$actionUrl}' AND attack_str = '{$totalTestStr}'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'rxss', $currentFormMethod, $actionUrl, $totalTestStr);
}
}
$http->Close();
break;
}
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
}
}
}
}
}
}
}
}
/**
* Deletes the selected group
*/
function delete($id)
{
global $fmdb, $__FM_CONFIG;
// Delete group
$tmp_name = getNameFromID($id, 'fm_' . $__FM_CONFIG['fmSQLPass']['prefix'] . 'groups', 'group_', 'group_id', 'group_name');
if (!updateStatus('fm_' . $__FM_CONFIG['fmSQLPass']['prefix'] . 'groups', $id, 'group_', 'deleted', 'group_id')) {
return __('This server group could not be deleted.') . "\n";
} else {
addLogEntry("Deleted server group '{$tmp_name}'.");
return true;
}
}
/**
* Deletes the selected user
*
* @since 1.0
* @package facileManager
*/
function delete($id)
{
global $fm_name;
/** Ensure user is not current LDAP template user */
if (getOption('auth_method') == 2) {
$template_user_id = getOption('ldap_user_template');
if ($id == $template_user_id) {
return _('This user is the LDAP user template and cannot be deleted at this time.');
}
}
$tmp_name = getNameFromID($id, 'fm_users', 'user_', 'user_id', 'user_login');
if (!updateStatus('fm_users', $id, 'user_', 'deleted', 'user_id')) {
return _('This user could not be deleted.') . "\n";
} else {
addLogEntry(sprintf(_("Deleted user '%s'."), $tmp_name), $fm_name);
return true;
}
}
<?php
require_once "admin_conn.php";
require_once "../inc/pinyin.php";
require_once "./score/DouBanParseScore.php";
require_once "./parse/NotificationsManager.php";
chkLogin();
$action = be("all", "action");
$_SESSION["upfolder"] = "../upload/vod";
switch ($action) {
case "view":
headAdmin("用户视频反馈");
view();
break;
case "updateStatus":
updateStatus();
break;
case "deleteStatus":
deleteStatus();
break;
default:
headAdmin("用户视频反馈");
main();
break;
}
dispseObj();
function main()
{
$backurl = getReferer();
global $db, $template, $cache;
$status = be("all", "status");
function createPdfReport($testId, &$fileName)
{
connectToDb($db);
updateStatus($db, "Generating PDF report for test: {$testId}...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting PDF generator function for test: {$testId}");
// create new PDF document
$pdf = new TCPDF(PDF_PAGE_ORIENTATION, PDF_UNIT, PDF_PAGE_FORMAT, true, 'UTF-8', false);
// set document information
$pdf->SetCreator(PDF_CREATOR);
$pdf->SetAuthor('WebVulScan');
$pdf->SetTitle('Report for Test: ' . $testId);
$pdf->SetSubject('Vulnerabilities Found');
// set default header data
date_default_timezone_set('UTC');
$now = date('l jS F Y h:i:s A');
$headerStr = "Test ID: {$testId}\n{$now}";
$pdf->SetHeaderData(PDF_HEADER_LOGO, PDF_HEADER_LOGO_WIDTH, 'Website Vulnerability Scaner', $headerStr);
// set header and footer fonts
$pdf->setHeaderFont(array(PDF_FONT_NAME_MAIN, '', PDF_FONT_SIZE_MAIN));
$pdf->setFooterFont(array(PDF_FONT_NAME_DATA, '', PDF_FONT_SIZE_DATA));
// set default monospaced font
$pdf->SetDefaultMonospacedFont(PDF_FONT_MONOSPACED);
//set margins
$pdf->SetMargins(PDF_MARGIN_LEFT, PDF_MARGIN_TOP, PDF_MARGIN_RIGHT);
$pdf->SetHeaderMargin(PDF_MARGIN_HEADER);
$pdf->SetFooterMargin(PDF_MARGIN_FOOTER);
//set auto page breaks
$pdf->SetAutoPageBreak(TRUE, PDF_MARGIN_BOTTOM);
//set image scale factor
$pdf->setImageScale(PDF_IMAGE_SCALE_RATIO);
//set some language-dependent strings
global $l;
$pdf->setLanguageArray($l);
// ---------------------------------------------------------
// set default font subsetting mode
$pdf->setFontSubsetting(true);
// Set font
// dejavusans is a UTF-8 Unicode font, if you only need to
// print standard ASCII chars, you can use core fonts like
// helvetica or times to reduce file size.
$pdf->SetFont('dejavusans', '', 10, '', true);
// Add a page
// This method has several options, check the source code documentation for more information.
$pdf->AddPage();
// Set some content to print
$html = '<br><h1>WebVulScan Detailed Report</h1>';
$pdf->writeHTMLCell($w = 0, $h = 0, $x = '', $y = '', $html, $border = 0, $ln = 1, $fill = 0, $reseth = true, $align = '', $autopadding = true);
$pdf->AddPage();
//Add another page
//Generate Summary
$log->lwrite("Displaying summary in PDF");
$summary = '';
$query = "SELECT * FROM tests WHERE id = {$testId}";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$row = $result->fetch_object();
$urlsFound = $row->numUrlsFound;
$requestsSent = $row->num_requests_sent;
$startTime = $row->start_timestamp;
$finTime = $row->finish_timestamp;
$targetSite = $row->url;
$startTimeFormatted = date('l jS F Y h:i:s A', $startTime);
$finTimeFormatted = date('l jS F Y h:i:s A', $finTime);
$duration = $finTime - $startTime;
$mins = intval($duration / 60);
$seconds = $duration % 60;
$secondsStr = strval($seconds);
$secondsFormatted = str_pad($secondsStr, 2, "0", STR_PAD_LEFT);
$query = "SELECT * FROM test_results WHERE test_id = {$testId};";
$result = $db->query($query);
$numVulns = 0;
if ($result) {
$numVulns = $result->num_rows;
} else {
$log->lwrite("Could not execute query {$query}");
}
//Populate vulnerability types into a list for use when calculating pie chart dimensions
$vulnTypes = array();
for ($i = 0; $i < $numVulns; $i++) {
$row = $result->fetch_object();
$type = $row->type;
array_push($vulnTypes, $type);
}
$summary .= '<table>';
$summary .= "<tr><td>Target Site:</td><td>{$targetSite}</td></tr>";
$summary .= "<tr><td>Start Date/Time:</td><td>{$startTimeFormatted}</td></tr>";
$summary .= "<tr><td>Finish Date/Time:</td><td>{$finTimeFormatted}</td></tr>";
$summary .= "<tr><td>Duration:</td><td>{$mins} minutes and {$secondsFormatted} seconds</td></tr>";
$summary .= "<tr><td>Report Generated on:</td><td>{$now}</td></tr>";
$summary .= "<tr><td>No. URLs Found:</td><td>{$urlsFound}</td></tr>";
$summary .= "<tr><td>No. Vulnerabilites Found:</td><td>{$numVulns}</td></tr>";
$summary .= "<tr><td>No. HTTP Requests Sent:</td><td>{$requestsSent}</td></tr>";
$summary .= '</table>';
}
$html = '<h2>Summary</h2>' . $summary;
$pdf->writeHTMLCell($w = 0, $h = 0, $x = '', $y = '', $html, $border = 0, $ln = 1, $fill = 0, $reseth = true, $align = '', $autopadding = true);
//Generate pie chart showing priorities of vulnerabilities found
if ($numVulns > 0) {
//Calculate number of high, medium and low risk vulnerabilities
$high = 0;
$medium = 0;
$low = 0;
$sizeVulnTypes = sizeof($vulnTypes);
foreach ($vulnTypes as $currentVulnType) {
$query = "SELECT * FROM vulnerabilities WHERE id = '{$currentVulnType}'";
$result = $db->query($query);
if ($result) {
$row = $result->fetch_object();
$priority = $row->priority;
}
if ($priority == 'High') {
$high++;
} else {
if ($priority == 'Medium') {
$medium++;
} else {
if ($priority == 'Low') {
$low++;
}
}
}
}
$html = '<br><br><br><h3>Vulnerability Distribution</h3>';
$html .= '<font color="red">- ' . $high . ' high risk </font><br>';
$html .= '<font color="blue">- ' . $medium . ' medium risk </font><br>';
$html .= '<font color="green">- ' . $low . ' low risk </font><br>';
$highPortion = $high / $sizeVulnTypes * 360;
$mediumPortion = $medium / $sizeVulnTypes * 360;
$lowPortion = $low / $sizeVulnTypes * 360;
$pdf->writeHTMLCell($w = 0, $h = 0, $x = '', $y = '', $html, $border = 0, $ln = 1, $fill = 0, $reseth = true, $align = '', $autopadding = true);
$xc = 105;
$yc = 150;
$r = 50;
//High
$pdf->SetFillColor(0, 255, 0);
$pdf->PieSector($xc, $yc, $r, 0, $lowPortion, 'FD', false, 0, 2);
$accum = $lowPortion + $mediumPortion;
//Medium
$pdf->SetFillColor(0, 0, 255);
$pdf->PieSector($xc, $yc, $r, $lowPortion, $accum, 'FD', false, 0, 2);
//Low
$pdf->SetFillColor(255, 0, 0);
$pdf->PieSector($xc, $yc, $r, $accum, 0, 'FD', false, 0, 2);
}
$pdf->AddPage();
if ($numVulns > 0) {
//Generate Details of Vulnerabilities Found
$html = '<h2>Vulnerabilities Found</h2><br>';
$pdf->writeHTMLCell($w = 0, $h = 0, $x = '', $y = '', $html, $border = 0, $ln = 1, $fill = 0, $reseth = true, $align = '', $autopadding = true);
//Identify what vulnerabilities were found
$log->lwrite("Identifying what vulnerabilities were found during test");
$vulnsFound = array();
//array containing Vulnerability objects of all vulnerabilities found for this test
$vulnsIds = array();
//array containing the IDs of the flaws found (with no duplications) for this test
$query = "SELECT * FROM test_results WHERE test_id = {$testId}";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
for ($i = 0; $i < $numRows; $i++) {
$row = $result->fetch_object();
$test_id = $row->test_id;
$type = $row->type;
$method = $row->method;
$url = $row->url;
$attack_str = $row->attack_str;
$vuln = new Vulnerability($test_id, $type, $method, $url, $attack_str);
array_push($vulnsFound, $vuln);
if (!in_array($type, $vulnsIds)) {
array_push($vulnsIds, $type);
}
}
}
usort($vulnsIds, "compareVulns");
//Displaying details of each vulnerability found including description,
//solution, priority and showing all instances where it was found
$log->lwrite("Displaying details in PDF of each vulnerability found");
foreach ($vulnsIds as $currentId) {
$html = '';
$query = "SELECT * FROM vulnerabilities WHERE id = '{$currentId}';";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
//Display details of vulnerability
$row = $result->fetch_object();
$name = $row->name;
$description = $row->description;
$solution = $row->solution;
$priority = $row->priority;
$html .= "<h3>{$name}</h3>";
$html .= "<h4>Priority: </h4>{$priority}";
$html .= "<h4>Description: </h4>";
$html .= stripslashes($description);
$html .= "<h4>Recommendations: </h4>";
$html .= stripslashes($solution);
$html .= '<br>';
$html .= '<h4>Instances Found:</h4>';
//Display all instances of vulnerability
foreach ($vulnsFound as $currentVuln) {
if ($currentVuln->getType() == $currentId) {
$html .= '<b>URL:</b> ' . htmlspecialchars($currentVuln->getUrl()) . '<br>';
$html .= '<b>Method:</b> ' . strtoupper($currentVuln->getMethod()) . '<br>';
$type = $currentVuln->getType();
$attackStr = htmlspecialchars($currentVuln->getAttackStr());
if ($type == 'rxss' || $type == 'sxss' || $type == 'sqli' || $type == 'basqli') {
$html .= "<b>Query Used:</b> {$attackStr}<br>";
} else {
if ($type == 'idor') {
$html .= "<b>Object Referenced:</b> {$attackStr}<br>";
} else {
if ($type == 'dirlist') {
$html .= "<b>URL Requested:</b> {$attackStr}<br>";
} else {
if ($type == 'bannerdis') {
$html .= "<b>Information Exposed:</b> {$attackStr}<br>";
} else {
if ($type == 'unredir') {
$html .= "<b>URL Requested:</b> {$attackStr}<br>";
} else {
if ($type == 'autoc') {
$html .= "<b>Input Name:</b> {$attackStr}<br>";
}
}
}
}
}
}
$html .= '<br>';
}
}
}
$html .= '<br><br>';
//echo $html;
$pdf->writeHTMLCell($w = 0, $h = 0, $x = '', $y = '', $html, $border = 0, $ln = 1, $fill = 0, $reseth = true, $align = '', $autopadding = true);
$html = '';
}
} else {
$html = '<h2>No Vulnerabilities Found</h2><br>';
}
$html .= '<h1>Thank you for scanning with WebVulScan!</h1>';
$pdf->writeHTMLCell($w = 0, $h = 0, $x = '', $y = '', $html, $border = 0, $ln = 1, $fill = 0, $reseth = true, $align = '', $autopadding = true);
$fileName = 'reports/Test_' . $testId . '.pdf';
//Output PDF, this function has multiple options
$pdf->Output($fileName, 'F');
//set this to 'F' to save as file, 'I' to output to browser, E: return the document as base64 mime multi-part email attachment
//$pdf->Output('test.pdf', 'I');//for testing
}
}
include ABSPATH . 'fm-modules' . DIRECTORY_SEPARATOR . $fm_name . DIRECTORY_SEPARATOR . 'classes' . DIRECTORY_SEPARATOR . 'class_users.php';
switch ($_POST['action']) {
case 'delete':
if (isset($id)) {
$delete_status = $fm_users->delete(sanitize($id), substr(sanitize($_POST['item_sub_type']), 0, -1));
if ($delete_status !== true) {
echo $delete_status;
} else {
exit('Success');
}
}
break;
case 'edit':
if (isset($_POST['item_status'])) {
if (!updateStatus('fm_users', $id, 'user_', sanitize($_POST['item_status']), 'user_id')) {
exit(sprintf(_('This user could not be set to %s.') . "\n", $_POST['item_status']));
} else {
$tmp_name = getNameFromID($id, 'fm_users', 'user_', 'user_id', 'user_login');
addLogEntry(sprintf(_('Set user (%s) status to %s.'), $tmp_name, sanitize($_POST['item_status'])));
exit('Success');
}
}
break;
}
/** Handle everything else */
} elseif (isset($_SESSION['module']) && $_SESSION['module'] != $fm_name) {
$include_file = ABSPATH . 'fm-modules' . DIRECTORY_SEPARATOR . $_SESSION['module'] . DIRECTORY_SEPARATOR . 'ajax' . DIRECTORY_SEPARATOR . 'processPost.php';
if (file_exists($include_file)) {
include $include_file;
}
//send NEXT message to all
case COMMAND2:
case '/' . COMMAND2:
if (!isAdmin($chatid, $db)) {
return;
}
sendMessageToAll(null, $chatid, 1, $db, $bot);
break;
//send custom message to all
//send custom message to all
case COMMAND3:
case '/' . COMMAND3:
if (!isAdmin($chatid, $db)) {
return;
}
updateStatus($db, $bot, $chatid, 0, 1);
break;
//cancel current operation
//cancel current operation
case COMMAND4:
case '/' . COMMAND4:
if (!isAdmin($chatid, $db)) {
return;
}
$db->update('adminOperations', array('next_status' => 0, 'send_status' => 0));
$bot->sendMessage($chatid, 'عملیات جاری لغو شد');
break;
default:
//received message after send operations commands
if (!isAdmin($chatid, $db)) {
return;
function testAuthenticationSQLi($urlToCheck, $urlOfSite, $testId)
{
connectToDb($db);
updateStatus($db, "Testing {$urlToCheck} for Broken Authentication using SQL Injection...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Starting Broken Authentication SQLi test function on {$urlToCheck}");
$postUrl = $urlToCheck;
$postUrlPath = parse_url($postUrl, PHP_URL_PATH);
//Check URL is not responding with 5xx codes
$log->lwrite("Checking what response code is received from {$urlToCheck}");
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
$error = $http->GetRequestArguments($urlToCheck, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$urlToCheck}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$urlToCheck}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$responseCode = $http->response_status;
//This is a string
$log->lwrite("Received response code: {$responseCode}");
if (intval($responseCode) >= 500 && intval($responseCode) < 600) {
$log->lwrite("Response code: {$responseCode} received from: {$urlToCheck}");
return;
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
$log->lwrite("Error: {$error}");
}
$html = file_get_html($postUrl, $testId);
if (empty($html)) {
//This can happen due to file_get_contents returning a 500 code. Then the parser won't parse it
updateStatus($db, "Problem getting contents from {$urlToCheck}...", $testId);
$log->lwrite("Problem getting contents from {$urlToCheck}");
return;
}
//Array containing all form objects found
$arrayOfForms = array();
//Array containing all input fields
$arrayOfInputFields = array();
$log->lwrite("Searching {$postUrl} for forms");
$formNum = 1;
//Must use an integer to identify form as forms could have same names and ids
foreach ($html->find('form') as $form) {
isset($form->attr['id']) ? $formId = htmlspecialchars($form->attr['id']) : ($formId = '');
isset($form->attr['name']) ? $formName = htmlspecialchars($form->attr['name']) : ($formName = '');
isset($form->attr['method']) ? $formMethod = htmlspecialchars($form->attr['method']) : ($formMethod = 'get');
isset($form->attr['action']) ? $formAction = htmlspecialchars($form->attr['action']) : ($formAction = '');
$formMethod = strtolower($formMethod);
//If the action of the form is empty, set the action equal to everything
//after the URL that the user entered
if (empty($formAction)) {
$strLengthUrl = strlen($urlToCheck);
$strLengthSite = strlen($urlOfSite);
$firstIndexOfSlash = strpos($urlToCheck, '/', $strLengthSite - 1);
$formAction = substr($urlToCheck, $firstIndexOfSlash + 1, $strLengthUrl);
}
$log->lwrite("Found form on {$postUrl}: {$formId} {$formName} {$formMethod} {$formAction} {$formNum}");
$newForm = new Form($formId, $formName, $formMethod, $formAction, $formNum);
array_push($arrayOfForms, $newForm);
foreach ($form->find('input') as $input) {
isset($input->attr['id']) ? $inputId = htmlspecialchars($input->attr['id']) : ($inputId = '');
isset($input->attr['name']) ? $inputName = htmlspecialchars($input->attr['name']) : ($inputName = '');
isset($input->attr['value']) ? $inputValue = htmlspecialchars($input->attr['value']) : ($inputValue = '');
isset($input->attr['type']) ? $inputType = htmlspecialchars($input->attr['type']) : ($inputType = '');
$log->lwrite("Found input field on {$postUrl}: {$inputId} {$inputName} {$formId} {$formName} {$inputValue} {$inputType} {$formNum}");
$inputField = new InputField($inputId, $inputName, $formId, $formName, $inputValue, $inputType, $formNum);
array_push($arrayOfInputFields, $inputField);
}
$formNum++;
}
//At this stage, we should have captured all forms and their input fields into the appropriate arrays
//Begin testing each of the forms
//Defintion of all payloads used and warnings to examine for
//Payloads can be added to this
$arrayOfPayloads = array("1'or'1'='1", "1'or'1'='1';#");
//Check if the URL passed into this function displays the same webpage at different intervals
//If it does then attempt to login and if this URL displays a different page, the vulnerability is present
//e.g. a login page would always look different when you are and are not logged in
$log->lwrite("Checking if {$urlToCheck} displays the same page at different intervals");
$responseBodies = array();
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
for ($a = 0; $a < 3; $a++) {
$error = $http->GetRequestArguments($urlToCheck, $arguments);
$error = $http->Open($arguments);
if ($error == "") {
$number = $a + 1;
$log->lwrite("Sending HTTP request number {$number} to {$urlToCheck}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
array_push($responseBodies, $body);
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: a= {$a} ", $error, "</H2>\n";
}
}
$pageChanges = true;
$bodyOfUrl = "";
if ($responseBodies[0] == $responseBodies[1] && $responseBodies[1] == $responseBodies[2]) {
$bodyOfUrl = $responseBodies[0];
$pageChanges = false;
}
$log->lwrite('Beginning testing of forms');
for ($i = 0; $i < sizeof($arrayOfForms); $i++) {
$currentForm = $arrayOfForms[$i];
$currentFormId = $currentForm->getId();
$currentFormName = $currentForm->getName();
$currentFormMethod = $currentForm->getMethod();
$currentFormAction = $currentForm->getAction();
$currentFormNum = $currentForm->getFormNum();
$arrayOfCurrentFormsInputs = array();
$log->lwrite("Beginning testing of form on {$postUrl}: {$currentFormId} {$currentFormName} {$currentFormMethod} {$currentFormAction}");
for ($j = 0; $j < sizeof($arrayOfInputFields); $j++) {
$currentInput = $arrayOfInputFields[$j];
$currentInputIdOfForm = $currentInput->getIdOfForm();
$currentInputNameOfForm = $currentInput->getNameOfForm();
$currentInputFormNum = $currentInput->getFormNum();
if ($currentFormNum == $currentInputFormNum) {
array_push($arrayOfCurrentFormsInputs, $currentInput);
}
}
$log->lwrite("Beginning testing input fields of form on {$postUrl}: {$currentFormId} {$currentFormName} {$currentFormMethod} {$currentFormAction}");
foreach ($arrayOfPayloads as $currentPayload) {
echo '<br>Size of current form inputs = ' . sizeof($arrayOfCurrentFormsInputs) . '<br>';
$arrayOfValues = array();
//Array of PostOrGetObject objects
for ($k = 0; $k < sizeof($arrayOfCurrentFormsInputs); $k++) {
$currentFormInput = $arrayOfCurrentFormsInputs[$k];
$currentFormInputName = $currentFormInput->getName();
$currentFormInputType = $currentFormInput->getType();
$currentFormInputValue = $currentFormInput->getValue();
if ($currentFormInputType != 'reset') {
$log->lwrite("Using payload: {$currentPayload}, to all input fields of form w/ action: {$currentFormAction}");
//Add current input and other inputs to array of post values and set their values
if ($currentFormInputType == 'text' || $currentFormInputType == 'password') {
$postObject = new PostOrGetObject($currentFormInputName, $currentPayload);
array_push($arrayOfValues, $postObject);
} else {
if ($currentFormInputType == 'checkbox' || $currentFormInputType == 'submit') {
$postObject = new PostOrGetObject($currentFormInputName, $currentFormInputValue);
array_push($arrayOfValues, $postObject);
} else {
if ($currentFormInputType == 'radio') {
$postObject = new PostOrGetObject($currentFormInputName, $currentFormInputValue);
//Check if a radio button in the radio group has already been added
$found = false;
for ($n = 0; $n < sizeof($arrayOfValues); $n++) {
if ($arrayOfValues[$n]->getName() == $postObject->getName()) {
$found = true;
break;
}
}
if (!$found) {
array_push($arrayOfValues, $postObject);
}
}
}
}
}
}
if ($currentFormMethod == 'get') {
//Build query string and submit it at end of URL
if ($urlOfSite[strlen($urlOfSite) - 1] == '/') {
$actionUrl = $urlOfSite . $currentFormAction;
} else {
$actionUrl = $urlOfSite . '/' . $currentFormAction;
}
$totalTestStr = '';
//Make a string to show the user how the vulnerability was tested for i.e. the data submitted to exploit the vulnerability
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$totalTestStr .= $currentPostValueName;
$totalTestStr .= '=';
$totalTestStr .= $currentPostValueValue;
if ($p != sizeof($arrayOfValues) - 1) {
$totalTestStr .= '&';
}
}
$actionUrl .= '?';
$actionUrl .= $totalTestStr;
$error = $http->GetRequestArguments($actionUrl, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$actionUrl}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$actionUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
$http->Close();
$vulnerabilityFound = checkIfVulnerabilityFound($urlToCheck, $pageChanges, $bodyOfUrl, $log, $currentPayload, $http);
if ($vulnerabilityFound) {
$totalTestStr = '';
//Make a test string to show the user how the vulnerability was tested for
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$totalTestStr .= $currentPostValueName;
$totalTestStr .= '=';
$totalTestStr .= $currentPostValueValue;
if ($p != sizeof($arrayOfValues) - 1) {
$totalTestStr .= '&';
}
}
//The echo's below are for testing the function on its own i.e. requesting this script with your browser
echo 'Broken Authentication Present!<br>Query: ' . HtmlSpecialChars($totalTestStr) . '<br>';
echo 'Method: ' . $currentFormMethod . '<br>';
echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>';
echo 'Error: Successfully Logged In with SQL injection';
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'basqli' AND method = '{$currentFormMethod}' AND url = '" . addslashes($actionUrl) . "' AND attack_str = '" . addslashes($totalTestStr) . "'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'basqli', $currentFormMethod, addslashes($actionUrl), addslashes($totalTestStr));
}
}
break;
}
}
}
}
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
echo 'Method: ' . $currentFormMethod . '<br>';
echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>';
}
} else {
if ($currentFormMethod == 'post') {
//Build query string and submit it at end of URL
if ($urlOfSite[strlen($urlOfSite) - 1] == '/') {
$actionUrl = $urlOfSite . $currentFormAction;
} else {
$actionUrl = $urlOfSite . '/' . $currentFormAction;
}
$error = $http->GetRequestArguments($actionUrl, $arguments);
$arguments["RequestMethod"] = "POST";
$arguments["PostValues"] = array();
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$tempArray = array($currentPostValueName => $currentPostValueValue);
$arguments["PostValues"] = array_merge($arguments["PostValues"], $tempArray);
}
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$actionUrl}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$actionUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
$http->Close();
$vulnerabilityFound = checkIfVulnerabilityFound($urlToCheck, $pageChanges, $bodyOfUrl, $log, $currentPayload, $http);
if ($vulnerabilityFound) {
$totalTestStr = '';
//Compile a test string to show the user how the vulnerability was tested for
for ($p = 0; $p < sizeof($arrayOfValues); $p++) {
$currentPostValue = $arrayOfValues[$p];
$currentPostValueName = $currentPostValue->getName();
$currentPostValueValue = $currentPostValue->getValue();
$totalTestStr .= $currentPostValueName;
$totalTestStr .= '=';
$totalTestStr .= $currentPostValueValue;
if ($p != sizeof($arrayOfValues) - 1) {
$totalTestStr .= '&';
}
}
//The echo's below are for testing the function on its own i.e. requesting this script with your browser
echo 'Broken Authentication Present!<br>Query: ' . HtmlSpecialChars($totalTestStr) . '<br>';
echo 'Method: ' . $currentFormMethod . '<br>';
echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>';
echo 'Error: Successfully Logged In with SQL injection';
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'basqli' AND method = '{$currentFormMethod}' AND url = '" . addslashes($actionUrl) . "' AND attack_str = '" . addslashes($totalTestStr) . "'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'basqli', $currentFormMethod, addslashes($actionUrl), addslashes($totalTestStr));
}
}
break;
}
}
}
}
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
echo 'Method: ' . $currentFormMethod . '<br>';
echo 'Url: ' . HtmlSpecialChars($actionUrl) . '<br>';
}
}
}
}
}
}
function testDirectoryListingEnabled($urlToScan, $siteBeingTested, $testId, $crawlUrlFlag)
{
connectToDb($db);
updateStatus($db, "Testing for {$urlToScan} for Directory Listing enabled...", $testId);
$log = new Logger();
$log->lfile('logs/eventlogs');
$log->lwrite("Testing for {$urlToScan} for Directory Listing enabled");
if ($crawlUrlFlag) {
//Perform crawl again but allow images, etc. this time to capture every URL
$crawlerNew =& new MyCrawler();
$crawlerNew->setURL($urlToScan);
$crawlerNew->setTestId($testId);
$crawlerNew->addReceiveContentType("/text\\/html/");
$crawlerNew->setCookieHandling(true);
$crawlerNew->setFollowMode(3);
$log->lwrite("Crawling {$urlToScan} again for all links including images, css, etc, in order to identify directories");
$crawlerNew->go();
$urlsFound = $crawlerNew->urlsFound;
$logStr = sizeof($urlsFound) . ' URLs found for test: ' . $testId;
$log->lwrite("All URLs found during crawl for directory listing check:");
foreach ($urlsFound as $currentUrl) {
$log->lwrite($currentUrl);
}
$relativePathUrls = array();
foreach ($urlsFound as $currentUrl) {
$currentUrl = str_replace($urlToScan, '', $currentUrl);
array_push($relativePathUrls, $currentUrl);
}
$directories = array();
//Check if relative path contain a directory and if they do, add it to a list of directories
foreach ($relativePathUrls as $relativePathUrl) {
if (dirname($relativePathUrl) != '.') {
$dir = dirname($relativePathUrl);
if (!in_array($dir, $directories) && !empty($dir) && !strpos($dir, '?')) {
array_push($directories, $dir);
$log->lwrite("Found directory {$dir}");
}
}
}
} else {
$directories = array(1);
}
//Just need to make an array of size one so the for loop below iterates once
$http = new http_class();
$http->timeout = 0;
$http->data_timeout = 0;
//$http->debug=1;
$http->user_agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)";
$http->follow_redirect = 1;
$http->redirection_limit = 5;
$http->setTestId($testId);
//Regular expressions that will indicate directory listing is enabled
$regexs = array("/Parent Directory/", "/\\bDirectory Listing\\b.*(Tomcat|Apache)/", "/Parent directory/", "/\\bDirectory\\b/", "/[\\s<]+IMG\\s*=/");
//General
foreach ($directories as $directory) {
if ($crawlUrlFlag) {
$testUrl = $urlToScan . $directory . '/';
} else {
$testUrl = $siteBeingTested;
}
$error = $http->GetRequestArguments($testUrl, $arguments);
$error = $http->Open($arguments);
$log->lwrite("URL to be requested is: {$testUrl}");
if ($error == "") {
$log->lwrite("Sending HTTP request to {$testUrl}");
$error = $http->SendRequest($arguments);
if ($error == "") {
$headers = array();
$error = $http->ReadReplyHeaders($headers);
if ($error == "") {
$responseCode = $http->response_status;
//This is a string
$log->lwrite("Received response code: {$responseCode}");
if (intval($responseCode) >= 200 && intval($responseCode) < 300) {
$vulnerabilityFound = false;
$error = $http->ReadWholeReplyBody($body);
if (strlen($error) == 0) {
$indicatorStr = '';
if (preg_match($regexs[0], $body)) {
$vulnerabilityFound = true;
$indicatorStr = $regexs[0];
} else {
if (preg_match($regexs[1], $body)) {
$vulnerabilityFound = true;
$indicatorStr = $regexs[1];
} else {
if (preg_match($regexs[2], $body)) {
$vulnerabilityFound = true;
$indicatorStr = $regexs[2];
} else {
if (preg_match($regexs[3], $body)) {
if (preg_match($regexs[4], $body)) {
$vulnerabilityFound = true;
$indicatorStr = $regexs[3] . ' and ' . $regexs[4];
}
}
}
}
}
if ($vulnerabilityFound) {
//The echo's are for testing function on its own
echo '<br>Directory Listing Enabled!<br>Url: ' . $testUrl . '<br>';
echo 'Method: GET <br>';
echo 'Url Requested: ' . $testUrl . '<br>';
echo "Error: Received response code: {$responseCode} after requesting a directory and regular expression: {$indicatorStr}<br>";
$tableName = 'test' . $testId;
//Check if this vulnerability has already been found and added to DB. If it hasn't, add it to DB.
$query = "SELECT * FROM test_results WHERE test_id = {$testId} AND type = 'dirlist' AND method = 'get' AND url = '{$testUrl}' AND attack_str = '{$testUrl}'";
$result = $db->query($query);
if (!$result) {
$log->lwrite("Could not execute query {$query}");
} else {
$log->lwrite("Successfully executed query {$query}");
$numRows = $result->num_rows;
if ($numRows == 0) {
$log->lwrite("Number of rows is {$numRows} for query: {$query}");
insertTestResult($db, $testId, 'dirlist', 'get', $testUrl, $testUrl);
}
}
}
}
}
}
}
$http->Close();
}
if (strlen($error)) {
echo "<H2 align=\"center\">Error: ", $error, "</H2>\n";
$log->lwrite("Error: {$error}");
}
}
}
$redirect_record_type = isset($_POST['soa_id']) && $_POST['soa_id'] ? 'NS' : 'SOA';
header('Location: zone-records.php?map=' . $map . '&domain_id=' . $insert_id . '&record_type=' . $redirect_record_type);
}
}
break;
case 'edit':
if (!empty($_POST)) {
$zone_update_status = $fm_dns_zones->update();
if ($zone_update_status !== true) {
$response = '<p class="error">' . $zone_update_status . '</p>' . "\n";
} else {
header('Location: ' . $GLOBALS['basename'] . '?map=' . $map);
}
}
if (isset($_GET['status'])) {
if (!updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'domains', $_GET['domain_id'], 'domain_', $_GET['status'], 'domain_id')) {
$response = sprintf('<p class="error">' . __('This item could not be set to %s.') . "</p>\n", $_GET['status']);
} else {
header('Location: ' . $GLOBALS['basename']);
}
}
break;
case 'download':
if (array_key_exists('domain_id', $_POST) && is_numeric($_POST['domain_id'])) {
include ABSPATH . 'fm-modules/facileManager/classes/class_accounts.php';
include ABSPATH . 'fm-modules/fmDNS/classes/class_buildconf.php';
$data['SERIALNO'] = -1;
$data['compress'] = 0;
$data['dryrun'] = true;
$data['domain_id'] = sanitize($_POST['domain_id']);
basicGet('fm_accounts', $_SESSION['user']['account_id'], 'account_', 'account_id');
/**
* Deletes the selected logging channel/category
*/
function delete($id, $server_serial_no = 0, $type)
{
global $fmdb, $__FM_CONFIG;
/** Check if channel is currently associated with category */
if ($type == 'channel' && is_array($this->getAssocCategories($id))) {
return sprintf(__('This %s could not be deleted because it is associated with one or more categories.'), $type);
}
$tmp_name = getNameFromID($id, 'fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'config', 'cfg_', 'cfg_id', 'cfg_data');
/** Delete associated children */
$query = "UPDATE `fm_{$__FM_CONFIG['fmDNS']['prefix']}config` SET `cfg_status`='deleted' WHERE `cfg_parent`={$id}";
$fmdb->query($query);
/** Delete item */
if (updateStatus('fm_' . $__FM_CONFIG['fmDNS']['prefix'] . 'config', $id, 'cfg_', 'deleted', 'cfg_id') === false) {
return sprintf(__('This %s could not be deleted because a database error occurred.'), $type);
} else {
setBuildUpdateConfigFlag($server_serial_no, 'yes', 'build');
addLogEntry(sprintf(__("Logging %s '%s' was deleted."), $type, $tmp_name));
return true;
}
}
function add_student_to_watchlist($cid,$uid)
{
$status=getStatus($uid,$cid);
if($status)
$status=0;
else
$status=1;
echo updateStatus($status,$uid,$cid);
}
if (!$post_class->add($_POST)) {
echo '<div class="error"><p>This ' . $table . ' could not be added.</p></div>' . "\n";
$form_data = $_POST;
} else {
exit('Success');
}
}
break;
case 'delete':
if (isset($id)) {
exit(parseAjaxOutput($post_class->delete(sanitize($id), $type, $server_serial_no)));
}
break;
case 'edit':
if (isset($_POST['item_status'])) {
if (!updateStatus('fm_' . $table, $id, $prefix, sanitize($_POST['item_status']), $prefix . 'id')) {
exit(sprintf(__('This item could not be set to %s.') . "\n", $_POST['item_status']));
} else {
setBuildUpdateConfigFlag($server_serial_no, 'yes', 'build');
$tmp_name = getNameFromID($id, 'fm_' . $table, $prefix, $prefix . 'id', $field_data);
addLogEntry(sprintf(__('Set %s (%s) status to %s.'), $object, $tmp_name, sanitize($_POST['item_status'])));
exit('Success');
}
}
break;
}
exit;
}
echo $unpriv_message;
/**
* Processes the array of domain ids for reload
