function getuserranking() { //group user // Retrieve data //group $sql = "SELECT COUNT(*) AS score,USER FROM userflag WHERE STATUS='vaild' OR STATUS='Correct' GROUP BY USER ORDER BY score DESC"; $result = mysql_query($sql) or die('<pre>' . mysql_error() . '</pre>'); $num = mysql_numrows($result); $i = 0; while ($i < $num) { $ranking = $i + 1; $name = mysql_result($result, $i, "user"); $score = mysql_result($result, $i, "score"); $act = "<a href=?pid=score&view={$name}>View</a>"; if (xlabisadmin()) { $act .= " <a href=manager/act.php?del={$name}>Del</a>"; } $html .= "</tr><td>{$ranking}</td><td>{$name}</td><td>{$score}</td><td>{$act}</td></tr>"; $i++; } return "\n\t<table border=1 width=100%>\n\t<tr>\n\t<th>Ranking</th><th>Name</th><th>Score</th><th>Act</th>\n\t</tr>\n\t{$html}\n\t</table>"; }
$date = mysql_result($result, 0, "date"); $name = mysql_result($result, 0, "name"); $report = mysql_result($result, 0, "report"); } /* $sserial=sprintf("%02d",$serial) $date="HTJC-SL".date('Ymd')."-".$sserial; $sql="insert into vulns values('".$date."',"."now(),".$serial.",'".$user."','".$site."','".$vname."','".$vdesc."')"; mysql_query($sql) or die('<pre>' . mysql_error() . '</pre>' ); $html="submit vulns successful!!!"; */ } if (isset($_POST['submit']) && $_POST['submit'] == 'updata') { $date = $_POST['date']; $name = $_POST['name']; $report = $_POST['report']; if ($user == "admin") { $sql = "update report set date='{$date}',name='{$name}',report='{$report}' where name='{$name}' and date='{$date}'"; } else { $sql = "update report set report='{$report}' where name='{$user}' and date='{$date}'"; } $result = mysql_query($sql); if ($result) { $html = "updata sussfully!!!"; } else { $html = "updata fail!!!"; } } $readonly = xlabisadmin() ? "" : "readonly=\\'readonly\\'"; $page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Report Manage</h1>\n\n\t<div class=\"vulnerable_code_area\">\n\n\t\t<h3>Updata Report:</h3>\n\t\t<form action=\"#\" method=\"POST\">\n\t\t<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>\n\t\t<td width=\"100\">Date *</td> <td>\n\t\t<input name=\"date\" type=\"text\" size=\"50\" {$readonly} value={$date}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Name *</td> <td>\n\t\t<input name=\"name\" type=\"text\" size=\"50\" {$readonly} value={$name}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Report *</td> <td>\n\t\t<textarea name=\"report\" cols=\"60\" rows=\"5\" >{$report}</textarea></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\"> </td>\n\t\t<td>\n\t\t<input name=\"submit\" type=\"submit\" value=\"updata\" onClick=\"return checkForm();\"></td>\n\t\t</tr>\n\t\t</table>\n\t\t</form>\n\n\t\t{$html}\n\n\t</div>\n\t\n</div>\n"; dvwaHtmlEcho($page);
function xlabIsDebug() { if (isset($_SESSION['dvwa']['config']['debug']) and $_SESSION['dvwa']['config']['debug'] == '1') { if (isset($_SESSION['dvwa']['config']['adminlog'])) { if ($_SESSION['dvwa']['config']['adminlog'] == '1' and xlabisadmin()) { return true; } else { return false; } } else { return true; } } return false; }
case 'ctf': if (!dvwaIfCtf()) { break; } dvwaCtfSet(); $securityLevel = 'ctf'; break; } if (dvwaIfWork() and !dvwaIfWork()) { $securityLevel = 'high'; } dvwaSecurityLevelSet($securityLevel); dvwaMessagePush("Security level set to {$securityLevel}"); dvwaPageReload(); } if (isset($_GET['phpids']) and xlabisadmin()) { switch ($_GET['phpids']) { case 'on': dvwaPhpIdsEnabledSet(true); dvwaMessagePush("PHPIDS is now enabled"); break; case 'off': dvwaPhpIdsEnabledSet(false); dvwaMessagePush("PHPIDS is now disabled"); break; } dvwaPageReload(); } $securityOptionsHtml = ''; $securityLevelHtml = ''; foreach (array('low', 'medium', 'high', 'ctf') as $securityLevel) {
<?php define('DVWA_WEB_PAGE_TO_ROOT', '../../../'); require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php'; dvwaPageStartup(array('authenticated', 'phpids')); dvwaDatabaseConnect(); if (isset($_GET['del'])) { $name = xlabGetSqli('del', $_GET); if ($name == dvwaGetuser() or xlabisadmin()) { $sql = "DELETE FROM userflag WHERE user='******'"; $result = mysql_query($sql); dvwaRedirect(xlabGetLocation() . "/vulnerabilities/ctf/?pid=score&msg=delete {$name} succfully!!!"); } else { dvwaRedirect(xlabGetLocation() . "/vulnerabilities/ctf/?pid=score&msg=delete {$name} fail!!!"); } }
if (isset($_POST['submit']) && $_POST['submit'] == 'updata') { #dvwadebug(); $vid = xlabGetSqli('vid', $_POST); $site = xlabGetSqli('site', $_POST); $vname = xlabGetSqli('name', $_POST); $vdesc = xlabGetSqli('desc', $_POST); $author = xlabGetSqli('author', $_POST); $risk = xlabGetSqli('risk', $_POST); if ($user == "admin") { $sql = "update vulns set site='{$site}',vname='{$vname}',vdesc='{$vdesc}',author='{$author}',risk='{$risk}' where vid='{$vid}'"; } else { $sql = "select vid from vulns where author='{$user}' and vid='{$vid}'"; if (mysql_num_rows(mysql_query($sql)) < 1) { $html = "Can't access "; $sql = ''; } else { $sql = "update vulns set site='{$site}',vname='{$vname}',vdesc='{$vdesc}',risk='{$risk}' where author='{$user}' and vid='{$vid}'"; } } dvwadebug($sql); $result = @mysql_query($sql); if ($result) { $html .= "updata sussfully!!!"; } else { $html .= "updata fail!!!"; } } $readonly = xlabisadmin() ? "" : "readonly=\\'readonly\\'"; $modifiauthor = xlabisadmin() ? "\n\t\t<tr>\n\t\t<td width=\"100\">Author *</td> <td>\n\t\t<input name=\"author\" type=\"text\" size=\"50\" value={$author}></td>\n\t\t</tr>" : ""; $page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Vulnerability Manage</h1>\n\n\t<div class=\"vulnerable_code_area\">\n\n\t\t<h3>Submit Vulns:</h3>\n\t\t<form action=\"#\" method=\"POST\">\n\t\t<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>\n\t\t<td width=\"100\">Vid *</td> <td>\n\t\t<input name=\"vid\" type=\"text\" size=\"50\" {$readonly} value={$vid}></td>\n\t\t</tr>\n\t\t<td width=\"100\">Risk *</td> <td>" . xlabGetRisklist($risk) . "\n\t\t{$modifiauthor}\n\t\t<tr>\n\t\t<td width=\"100\">Name *</td> <td>\n\t\t<input name=\"name\" type=\"text\" size=\"50\" value={$vname}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Site *</td> <td>\n\t\t<input name=\"site\" type=\"text\" size=\"50\" value={$site}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Desc *</td> <td>\n\t\t<textarea name=\"desc\" cols=\"50\" rows=\"3\" >{$vdesc}</textarea></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\"> </td>\n\t\t<td>\n\t\t<input name=\"submit\" type=\"submit\" value=\"updata\" onClick=\"return checkForm();\"></td>\n\t\t</tr>\n\t\t</table>\n\t\t</form>\n\n\t\t{$html}\n\n\t</div>\n\t\n</div>\n"; dvwaHtmlEcho($page);