<?php
define('DVWA_WEB_PAGE_TO_ROOT', '../');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'Source';
$id = $_GET['id'];
$security = $_GET['security'];
if ($id == 'fi') {
$vuln = 'File Inclusion';
} elseif ($id == 'brute') {
$vuln = 'Brute Force';
} elseif ($id == 'csrf') {
$vuln = 'CSRF';
} elseif ($id == 'exec') {
$vuln = 'Command Execution';
} elseif ($id == 'sqli') {
$vuln = 'SQL Injection';
} elseif ($id == 'sqli_blind') {
$vuln = 'SQL Injection (Blind)';
} elseif ($id == 'upload') {
$vuln = 'File Upload';
} elseif ($id == 'xss_r') {
$vuln = 'Reflected XSS';
} elseif ($id == 'captcha') {
$vuln = 'Insecure CAPTCHA';
} else {
$vuln = 'Stored XSS';
}
$source = @file_get_contents(DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.php");
<?php
define('DVWA_WEB_PAGE_TO_ROOT', '');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('phpids'));
dvwaDatabaseConnect();
dvwaGetconfig();
#dvwadebug();
if (isset($_POST['reg'])) {
$user = trim($_POST['username']);
$user = stripslashes($user);
$user = mysql_real_escape_string($user);
$pass = trim($_POST['password']);
$pass = stripslashes($pass);
$pass = mysql_real_escape_string($pass);
$pass_md5 = md5($pass);
$insert_md5 = "insert into users values ('','{$user}','{$user}','{$user}','{$pass_md5}','dvwa/hackable/users/gordonb.jpg')";
if ($user != '' and $pass != '' and $_POST['password'] == $_POST['password2']) {
// Login Successful...
$result_md5 = @mysql_query($insert_md5) or die('<pre>' . mysql_error() . '</br>insert fail,again!!</pre>');
dvwaRedirect('index.php');
dvwaMessagePush("You have reg succfully for '" . $user . "'");
dvwaLogin($user);
dvwaRedirect('login.php');
}
// Login failed
dvwaMessagePush("reg failed");
dvwaRedirect('reg.php');
}
$messagesHtml = messagesPopAllToHtml();
Header('Cache-Control: no-cache, must-revalidate');