Example #1
0
<?php

define('DVWA_WEB_PAGE_TO_ROOT', '../../');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'Vulnerability: Cross Site Request Forgery (CSRF)';
$page['page_id'] = 'csrf';
dvwaDatabaseConnect();
$user = dvwaCurrentUser();
$vulnerabilityFile = '';
switch (xlabGetSecurity()) {
    case 'low':
        $vulnerabilityFile = 'low.php';
        break;
    case 'medium':
        $vulnerabilityFile = 'medium.php';
        break;
    case 'high':
    default:
        $vulnerabilityFile = 'high.php';
        break;
}
require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/ainclude.php";
require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/csrf/source/{$vulnerabilityFile}";
$page['help_button'] = 'csrf';
$page['source_button'] = 'csrf';
$page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Vulnerability: Cross Site Request Forgery (CSRF)</h1>\n\n\t<div class=\"vulnerable_code_area\">\n\t\n\t<h3>Change your admin password:</h3>\n    <br>\n    <form action=\"#\" method=\"GET\">";
if (dvwaSecurityLevelGet() == 'high') {
    $page['body'] .= "Current password:<br>\n\t\t<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_current\"><br>";
}
Example #2
0
function dvwaSecurityLevelGet()
{
    return xlabGetSecurity();
}