Example #1
0
function dvwaGuestbook()
{
    $query = "SELECT name, comment FROM guestbook";
    $result = mysql_query($query);
    $guestbook = '';
    while ($row = mysql_fetch_row($result)) {
        if (dvwaSecurityLevelGet() == 'high' || dvwaIsCtf() || dvwaIfWork()) {
            $name = htmlspecialchars($row[0]);
            $comment = htmlspecialchars($row[1]);
        } else {
            $name = $row[0];
            $comment = $row[1];
        }
        $guestbook .= "<div id=\"guestbook_comments\">Name: {$name} <br />" . "Message: {$comment} <br /></div>";
    }
    return $guestbook;
}
Example #2
0
<?php

define('DVWA_WEB_PAGE_TO_ROOT', '../../');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
require_once '../ainclude.php';
if (!dvwaIsCtf()) {
    echo "You have must select ctf model !!!";
    exit;
}
#dvwadebug($_CTF);
if (isset($_GET['pid'])) {
    if (in_array($_GET['pid'], array('5', '6'))) {
        dvwaDatabaseConnect_ctf('ctf');
    } else {
        dvwaDatabaseConnect();
    }
    $pid = xlabGetSqli('pid', $_GET);
    if (!is_numeric($pid)) {
        require_once 'manager/' . $pid . '.php';
    } else {
        require_once $_CTF['map'][$pid];
    }
}
dvwaHtmlEcho($page);