$risk = $risk == 'all' ? 'low' : $risk;
if ($vname == '' or $site == '' or $vdesc == '') {
$html = "submit vulns fail!!!";
dvwaMessagePush($html);
} else {
$user = dvwaCurrentUser();
$result = mysql_query("select serial from vulns where date=date(now()) order by serial desc;");
$num = mysql_numrows($result);
if ($num > 0) {
$serial = mysql_result($result, 0, "serial") + 1;
} else {
$serial = 1;
}
$sserial = sprintf("%02d", $serial);
$vid = "HTJC-SL" . date('Ymd') . "-" . $sserial;
if ($dvwaSession['config']['vid'] == '2' && isset($_POST['vid'])) {
$vid = $_POST['vid'];
}
$sql = "insert into vulns values('{$vid}',now(),'{$serial}','{$user}','{$site}','{$vname}','{$vdesc}','{$risk}')";
dvwadebug($sql);
mysql_query($sql) or die('<pre>' . mysql_error() . '</pre>');
$html = "submit vulns successful!!!";
}
dvwaRedirect("{$_DVWA['location']}/vulnerabilities/vulns/");
}
$inputvid = "";
if ($dvwaSession['config']['vid'] == '2') {
$inputvid = "<td width=\"100\">Vid *</td> <td>\n\t\t<input name=\"vid\" type=\"text\" size=\"50\" ></td>\n\t\t</tr>";
}
$page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Vulnerability Manage</h1>\n\n\t<div class=\"vulnerable_code_area\">\n\n\t\t<h3>Submit Vulns:</h3>\n\t\t<form action=\"#\" method=\"POST\">\n\t\t<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t{$inputvid}\n\t\t<tr>\n\t\t<td width=\"100\">Name *</td> <td>\n\t\t<input name=\"name\" type=\"text\" size=\"50\" ></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Risk *</td> <td>" . xlabGetRisklist('low') . "\n\t\t</td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Site *</td> <td>\n\t\t<input name=\"site\" type=\"text\" size=\"50\" ></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Desc *</td> <td>\n\t\t<textarea name=\"desc\" cols=\"50\" rows=\"3\" ></textarea></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\"> </td>\n\t\t<td>\n\t\t<input name=\"submit\" type=\"submit\" value=\"Submit Vulns\" onClick=\"return checkForm();\"></td>\n\t\t</tr>\n\t\t</table>\n\t\t</form>\n\t</div>\n\t\n\t<div class=\"vulnerable_code_area\">\n\t<h3>Yous Vulns:</h3>\n\t<form action='#' method='POST'>\n\tName: <input type=text name=name value='{$name}'> \n\tSiteKey: <input type=text name=key value='{$key}'></br></br>\n\tFrom:<input type=text name=from value='{$from}'> \n\tTO:<input type=text name=to value='{$to}'></br></br>\n\tRisk:" . xlabGetRisklist() . " \n\t<input type='submit' name='Submit' value=\"Search\">\n\t</form></br>\n\t<table border=1 width=100%>\n\t<tr>\n\t<th>vid</th><th>author</th><th>name</th><th>risk</th><th>action</th>\n\t</tr>" . getvulns() . "\n\t</table>\n\t</div>\n\t{$html}\n</div>\n";
dvwaHtmlEcho($page);
dvwaDatabaseConnect();
dvwaGetconfig();
#dvwadebug();
if (isset($_POST['Login'])) {
$user = $_POST['username'];
$user = stripslashes($user);
if (!xlabIsConfig('loginsqli', '1')) {
$user = mysql_real_escape_string($user);
}
$pass = $_POST['password'];
$pass = stripslashes($pass);
$pass = mysql_real_escape_string($pass);
$pass_md5 = md5($pass);
$qry_md5 = "SELECT * FROM `users` WHERE user='******' AND password='******';";
$result_md5 = @mysql_query($qry_md5) or die('<pre>' . mysql_error() . '</pre>');
dvwadebug($qry_md5);
if ($result_md5 && mysql_num_rows($result_md5) >= 1) {
// Login Successful...
$user = mysql_result($result_md5, 0, "user");
if (mysql_num_rows($result_md5) > 1 and $user == 'admin') {
dvwaMessagePush("You can't login for admin use sql inject vuln");
dvwaRedirect('index.php');
exit(1);
}
dvwaMessagePush("You have logged in as '" . $user . "'");
dvwaLogin($user);
dvwaRedirect('index.php');
}
// Login failed
dvwaMessagePush("Login failed");
dvwaRedirect('login.php');
<?php
if (!defined('DVWA_WEB_PAGE_TO_ROOT')) {
define('DVWA System error- WEB_PAGE_TO_ROOT undefined');
exit;
}
session_start();
// Creates a 'Full Path Disclosure' vuln.
// Include configs
require_once DVWA_WEB_PAGE_TO_ROOT . 'config/config.inc.php';
require_once DVWA_WEB_PAGE_TO_ROOT . 'config/config.ctf.php';
require_once 'dvwaPhpIds.inc.php';
xlabInit();
dvwadebug();
// Declare the $html variable
if (!isset($html)) {
$html = "";
}
// DVWA version
function dvwaVersionGet()
{
return '2.7';
}
// DVWA release date
function dvwaReleaseDateGet()
{
return '12/1/2016';
}
// Start session functions --
function &dvwaSessionGrab()
{