PHP xlabGetRisklist Examples

Programming Language: PHP

Method/Function: xlabGetRisklist

Examples at hotexamples.com: 2

PHP xlabGetRisklist - 2 examples found. These are the top rated real world PHP examples of xlabGetRisklist extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: index.php Project: seclabx/xlabas

    $risk = $risk == 'all' ? 'low' : $risk;
    if ($vname == '' or $site == '' or $vdesc == '') {
        $html = "submit vulns fail!!!";
        dvwaMessagePush($html);
    } else {
        $user = dvwaCurrentUser();
        $result = mysql_query("select serial from vulns where date=date(now()) order by serial desc;");
        $num = mysql_numrows($result);
        if ($num > 0) {
            $serial = mysql_result($result, 0, "serial") + 1;
        } else {
            $serial = 1;
        }
        $sserial = sprintf("%02d", $serial);
        $vid = "HTJC-SL" . date('Ymd') . "-" . $sserial;
        if ($dvwaSession['config']['vid'] == '2' && isset($_POST['vid'])) {
            $vid = $_POST['vid'];
        }
        $sql = "insert into vulns values('{$vid}',now(),'{$serial}','{$user}','{$site}','{$vname}','{$vdesc}','{$risk}')";
        dvwadebug($sql);
        mysql_query($sql) or die('<pre>' . mysql_error() . '</pre>');
        $html = "submit vulns successful!!!";
    }
    dvwaRedirect("{$_DVWA['location']}/vulnerabilities/vulns/");
}
$inputvid = "";
if ($dvwaSession['config']['vid'] == '2') {
    $inputvid = "<td width=\"100\">Vid *</td> <td>\n\t\t<input name=\"vid\" type=\"text\" size=\"50\" ></td>\n\t\t</tr>";
}
$page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Vulnerability Manage</h1>\n\n\t<div class=\"vulnerable_code_area\">\n\n\t\t<h3>Submit Vulns:</h3>\n\t\t<form action=\"#\" method=\"POST\">\n\t\t<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t{$inputvid}\n\t\t<tr>\n\t\t<td width=\"100\">Name *</td> <td>\n\t\t<input name=\"name\" type=\"text\" size=\"50\" ></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Risk *</td> <td>" . xlabGetRisklist('low') . "\n\t\t</td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Site *</td> <td>\n\t\t<input name=\"site\" type=\"text\" size=\"50\" ></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Desc *</td> <td>\n\t\t<textarea name=\"desc\" cols=\"50\" rows=\"3\" ></textarea></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">&nbsp;</td>\n\t\t<td>\n\t\t<input name=\"submit\" type=\"submit\" value=\"Submit Vulns\" onClick=\"return checkForm();\"></td>\n\t\t</tr>\n\t\t</table>\n\t\t</form>\n\t</div>\n\t\n\t<div class=\"vulnerable_code_area\">\n\t<h3>Yous Vulns:</h3>\n\t<form action='#' method='POST'>\n\tName: <input type=text name=name value='{$name}'>&nbsp;&nbsp;\n\tSiteKey: <input type=text name=key value='{$key}'></br></br>\n\tFrom:<input type=text name=from value='{$from}'>&nbsp;&nbsp;&nbsp;&nbsp;\n\tTO:<input type=text name=to value='{$to}'></br></br>\n\tRisk:" . xlabGetRisklist() . "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\n\t<input type='submit' name='Submit' value=\"Search\">\n\t</form></br>\n\t<table border=1 width=100%>\n\t<tr>\n\t<th>vid</th><th>author</th><th>name</th><th>risk</th><th>action</th>\n\t</tr>" . getvulns() . "\n\t</table>\n\t</div>\n\t{$html}\n</div>\n";
dvwaHtmlEcho($page);

Example #2

Show file

File: vact.php Project: seclabx/xlabas

if (isset($_POST['submit']) && $_POST['submit'] == 'updata') {
    #dvwadebug();
    $vid = xlabGetSqli('vid', $_POST);
    $site = xlabGetSqli('site', $_POST);
    $vname = xlabGetSqli('name', $_POST);
    $vdesc = xlabGetSqli('desc', $_POST);
    $author = xlabGetSqli('author', $_POST);
    $risk = xlabGetSqli('risk', $_POST);
    if ($user == "admin") {
        $sql = "update vulns set site='{$site}',vname='{$vname}',vdesc='{$vdesc}',author='{$author}',risk='{$risk}' where vid='{$vid}'";
    } else {
        $sql = "select vid from vulns where author='{$user}' and vid='{$vid}'";
        if (mysql_num_rows(mysql_query($sql)) < 1) {
            $html = "Can't  access ";
            $sql = '';
        } else {
            $sql = "update vulns set site='{$site}',vname='{$vname}',vdesc='{$vdesc}',risk='{$risk}' where author='{$user}' and vid='{$vid}'";
        }
    }
    dvwadebug($sql);
    $result = @mysql_query($sql);
    if ($result) {
        $html .= "updata sussfully!!!";
    } else {
        $html .= "updata fail!!!";
    }
}
$readonly = xlabisadmin() ? "" : "readonly=\\'readonly\\'";
$modifiauthor = xlabisadmin() ? "\n\t\t<tr>\n\t\t<td width=\"100\">Author *</td> <td>\n\t\t<input name=\"author\" type=\"text\" size=\"50\" value={$author}></td>\n\t\t</tr>" : "";
$page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Vulnerability Manage</h1>\n\n\t<div class=\"vulnerable_code_area\">\n\n\t\t<h3>Submit Vulns:</h3>\n\t\t<form action=\"#\" method=\"POST\">\n\t\t<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>\n\t\t<td width=\"100\">Vid *</td> <td>\n\t\t<input name=\"vid\" type=\"text\" size=\"50\" {$readonly} value={$vid}></td>\n\t\t</tr>\n\t\t<td width=\"100\">Risk *</td> <td>" . xlabGetRisklist($risk) . "\n\t\t{$modifiauthor}\n\t\t<tr>\n\t\t<td width=\"100\">Name *</td> <td>\n\t\t<input name=\"name\" type=\"text\" size=\"50\" value={$vname}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Site *</td> <td>\n\t\t<input name=\"site\" type=\"text\" size=\"50\" value={$site}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Desc *</td> <td>\n\t\t<textarea name=\"desc\" cols=\"50\" rows=\"3\" >{$vdesc}</textarea></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">&nbsp;</td>\n\t\t<td>\n\t\t<input name=\"submit\" type=\"submit\" value=\"updata\" onClick=\"return checkForm();\"></td>\n\t\t</tr>\n\t\t</table>\n\t\t</form>\n\n\t\t{$html}\n\n\t</div>\n\t\n</div>\n";
dvwaHtmlEcho($page);