예제 #1
0
파일: index.php 프로젝트: seclabx/xlabas
    $risk = $risk == 'all' ? 'low' : $risk;
    if ($vname == '' or $site == '' or $vdesc == '') {
        $html = "submit vulns fail!!!";
        dvwaMessagePush($html);
    } else {
        $user = dvwaCurrentUser();
        $result = mysql_query("select serial from vulns where date=date(now()) order by serial desc;");
        $num = mysql_numrows($result);
        if ($num > 0) {
            $serial = mysql_result($result, 0, "serial") + 1;
        } else {
            $serial = 1;
        }
        $sserial = sprintf("%02d", $serial);
        $vid = "HTJC-SL" . date('Ymd') . "-" . $sserial;
        if ($dvwaSession['config']['vid'] == '2' && isset($_POST['vid'])) {
            $vid = $_POST['vid'];
        }
        $sql = "insert into vulns values('{$vid}',now(),'{$serial}','{$user}','{$site}','{$vname}','{$vdesc}','{$risk}')";
        dvwadebug($sql);
        mysql_query($sql) or die('<pre>' . mysql_error() . '</pre>');
        $html = "submit vulns successful!!!";
    }
    dvwaRedirect("{$_DVWA['location']}/vulnerabilities/vulns/");
}
$inputvid = "";
if ($dvwaSession['config']['vid'] == '2') {
    $inputvid = "<td width=\"100\">Vid *</td> <td>\n\t\t<input name=\"vid\" type=\"text\" size=\"50\" ></td>\n\t\t</tr>";
}
$page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Vulnerability Manage</h1>\n\n\t<div class=\"vulnerable_code_area\">\n\n\t\t<h3>Submit Vulns:</h3>\n\t\t<form action=\"#\" method=\"POST\">\n\t\t<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t{$inputvid}\n\t\t<tr>\n\t\t<td width=\"100\">Name *</td> <td>\n\t\t<input name=\"name\" type=\"text\" size=\"50\" ></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Risk *</td> <td>" . xlabGetRisklist('low') . "\n\t\t</td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Site *</td> <td>\n\t\t<input name=\"site\" type=\"text\" size=\"50\" ></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Desc *</td> <td>\n\t\t<textarea name=\"desc\" cols=\"50\" rows=\"3\" ></textarea></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">&nbsp;</td>\n\t\t<td>\n\t\t<input name=\"submit\" type=\"submit\" value=\"Submit Vulns\" onClick=\"return checkForm();\"></td>\n\t\t</tr>\n\t\t</table>\n\t\t</form>\n\t</div>\n\t\n\t<div class=\"vulnerable_code_area\">\n\t<h3>Yous Vulns:</h3>\n\t<form action='#' method='POST'>\n\tName: <input type=text name=name value='{$name}'>&nbsp;&nbsp;\n\tSiteKey: <input type=text name=key value='{$key}'></br></br>\n\tFrom:<input type=text name=from value='{$from}'>&nbsp;&nbsp;&nbsp;&nbsp;\n\tTO:<input type=text name=to value='{$to}'></br></br>\n\tRisk:" . xlabGetRisklist() . "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\n\t<input type='submit' name='Submit' value=\"Search\">\n\t</form></br>\n\t<table border=1 width=100%>\n\t<tr>\n\t<th>vid</th><th>author</th><th>name</th><th>risk</th><th>action</th>\n\t</tr>" . getvulns() . "\n\t</table>\n\t</div>\n\t{$html}\n</div>\n";
dvwaHtmlEcho($page);
예제 #2
0
파일: vact.php 프로젝트: seclabx/xlabas
if (isset($_POST['submit']) && $_POST['submit'] == 'updata') {
    #dvwadebug();
    $vid = xlabGetSqli('vid', $_POST);
    $site = xlabGetSqli('site', $_POST);
    $vname = xlabGetSqli('name', $_POST);
    $vdesc = xlabGetSqli('desc', $_POST);
    $author = xlabGetSqli('author', $_POST);
    $risk = xlabGetSqli('risk', $_POST);
    if ($user == "admin") {
        $sql = "update vulns set site='{$site}',vname='{$vname}',vdesc='{$vdesc}',author='{$author}',risk='{$risk}' where vid='{$vid}'";
    } else {
        $sql = "select vid from vulns where author='{$user}' and vid='{$vid}'";
        if (mysql_num_rows(mysql_query($sql)) < 1) {
            $html = "Can't  access ";
            $sql = '';
        } else {
            $sql = "update vulns set site='{$site}',vname='{$vname}',vdesc='{$vdesc}',risk='{$risk}' where author='{$user}' and vid='{$vid}'";
        }
    }
    dvwadebug($sql);
    $result = @mysql_query($sql);
    if ($result) {
        $html .= "updata sussfully!!!";
    } else {
        $html .= "updata fail!!!";
    }
}
$readonly = xlabisadmin() ? "" : "readonly=\\'readonly\\'";
$modifiauthor = xlabisadmin() ? "\n\t\t<tr>\n\t\t<td width=\"100\">Author *</td> <td>\n\t\t<input name=\"author\" type=\"text\" size=\"50\" value={$author}></td>\n\t\t</tr>" : "";
$page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Vulnerability Manage</h1>\n\n\t<div class=\"vulnerable_code_area\">\n\n\t\t<h3>Submit Vulns:</h3>\n\t\t<form action=\"#\" method=\"POST\">\n\t\t<table width=\"550\" border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\n\t\t<tr>\n\t\t<td width=\"100\">Vid *</td> <td>\n\t\t<input name=\"vid\" type=\"text\" size=\"50\" {$readonly} value={$vid}></td>\n\t\t</tr>\n\t\t<td width=\"100\">Risk *</td> <td>" . xlabGetRisklist($risk) . "\n\t\t{$modifiauthor}\n\t\t<tr>\n\t\t<td width=\"100\">Name *</td> <td>\n\t\t<input name=\"name\" type=\"text\" size=\"50\" value={$vname}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Site *</td> <td>\n\t\t<input name=\"site\" type=\"text\" size=\"50\" value={$site}></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">Desc *</td> <td>\n\t\t<textarea name=\"desc\" cols=\"50\" rows=\"3\" >{$vdesc}</textarea></td>\n\t\t</tr>\n\t\t<tr>\n\t\t<td width=\"100\">&nbsp;</td>\n\t\t<td>\n\t\t<input name=\"submit\" type=\"submit\" value=\"updata\" onClick=\"return checkForm();\"></td>\n\t\t</tr>\n\t\t</table>\n\t\t</form>\n\n\t\t{$html}\n\n\t</div>\n\t\n</div>\n";
dvwaHtmlEcho($page);