<?php
if (!defined('DVWA_WEB_PAGE_TO_ROOT')) {
define('DVWA System error- WEB_PAGE_TO_ROOT undefined');
exit;
}
define('DVWA_WEB_ROOT_TO_PHPIDS', 'external/phpids/' . dvwaPhpIdsVersionGet() . '/');
define('DVWA_WEB_PAGE_TO_PHPIDS', DVWA_WEB_PAGE_TO_ROOT . DVWA_WEB_ROOT_TO_PHPIDS);
// Add PHPIDS to include path
set_include_path(get_include_path() . PATH_SEPARATOR . DVWA_WEB_PAGE_TO_PHPIDS . 'lib/');
require_once 'IDS/Init.php';
function dvwaPhpIdsVersionGet()
{
return '0.6';
}
// PHPIDS Log parsing function
function dvwaReadIdsLog()
{
$file_array = file(DVWA_WEB_PAGE_TO_PHPIDS_LOG);
$data = '';
foreach ($file_array as $line_number => $line) {
$line = explode(",", $line);
$line = str_replace("\"", " ", $line);
$datetime = $line[1];
$vulnerability = $line[3];
$variable = urldecode($line[4]);
$request = urldecode($line[5]);
$ip = $line[6];
$data .= "<div id=\"idslog\"><b>Date/Time:</b> " . $datetime . "<br /><b>Vulnerability:</b> " . $vulnerability . "<br /><b>Request:</b> " . htmlspecialchars($request) . "<br /><b>Variable:</b> " . htmlspecialchars($variable) . "<br /><b>IP:</b> " . $ip . "</div>";
}
return $data;
<?php
define('DVWA_WEB_PAGE_TO_ROOT', '');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
define('DVWA_WEB_ROOT_TO_PHPIDS_LOG', 'external/phpids/' . dvwaPhpIdsVersionGet() . '/lib/IDS/tmp/phpids_log.txt');
define('DVWA_WEB_PAGE_TO_PHPIDS_LOG', DVWA_WEB_PAGE_TO_ROOT . DVWA_WEB_ROOT_TO_PHPIDS_LOG);
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] = 'PHPIDS Log' . $page['title_separator'] . $page['title'];
$page['page_id'] = 'log';
// $page[ 'clear_log' ]; <- Was showing error.
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>PHPIDS Log</h1>\r\n\r\n\t<p>" . dvwaReadIdsLog() . "</p>\r\n\t<br /><br />\r\n\r\n\t<form action=\"#\" method=\"GET\">\r\n\t\t<input type=\"submit\" value=\"Clear Log\" name=\"clear_log\">\r\n\t</form>\r\n\r\n\t" . dvwaClearIdsLog() . "\r\n</div>";
dvwaHtmlEcho($page);
$_SESSION['session_token'] = md5(uniqid());
}
function destroySessionToken()
{
# Destroy any session with the name 'session_token'
unset($_SESSION['session_token']);
}
function tokenField()
{
# Return a field for the (CSRF) token
return "<input type='hidden' name='user_token' value='{$_SESSION['session_token']}' />";
}
// -- END (Token functions)
// Setup Functions --
$PHPUploadPath = realpath(getcwd() . DIRECTORY_SEPARATOR . DVWA_WEB_PAGE_TO_ROOT . "hackable" . DIRECTORY_SEPARATOR . "uploads") . DIRECTORY_SEPARATOR;
$PHPIDSPath = realpath(getcwd() . DIRECTORY_SEPARATOR . DVWA_WEB_PAGE_TO_ROOT . "external" . DIRECTORY_SEPARATOR . "phpids" . DIRECTORY_SEPARATOR . dvwaPhpIdsVersionGet() . DIRECTORY_SEPARATOR . "lib" . DIRECTORY_SEPARATOR . "IDS" . DIRECTORY_SEPARATOR . "tmp" . DIRECTORY_SEPARATOR . "phpids_log.txt");
$phpDisplayErrors = 'PHP function display_errors: <em>' . (ini_get('display_errors') ? 'Enabled</em> <i>(Easy Mode!)</i>' : 'Disabled</em>');
// Verbose error messages (e.g. full path disclosure)
$phpSafeMode = 'PHP function safe_mode: <span class="' . (ini_get('safe_mode') ? 'failure">Enabled' : 'success">Disabled') . '</span>';
// DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0
$phpMagicQuotes = 'PHP function magic_quotes_gpc: <span class="' . (ini_get('magic_quotes_gpc') ? 'failure">Enabled' : 'success">Disabled') . '</span>';
// DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0
$phpURLInclude = 'PHP function allow_url_include: <span class="' . (ini_get('allow_url_include') ? 'success">Enabled' : 'failure">Disabled') . '</span>';
// RFI
$phpURLFopen = 'PHP function allow_url_fopen: <span class="' . (ini_get('allow_url_fopen') ? 'success">Enabled' : 'failure">Disabled') . '</span>';
// RFI
$phpGD = 'PHP module gd: <span class="' . (extension_loaded('gd') && function_exists('gd_info') ? 'success">Installed' : 'failure">Missing') . '</span>';
// File Upload
$phpMySQL = 'PHP module mysql: <span class="' . (extension_loaded('mysql') && function_exists('mysql') ? 'success">Installed' : 'failure">Missing') . '</span>';
// Core DVWA
$phpPDO = 'PHP module pdo_mysql: <span class="' . (extension_loaded('pdo_mysql') ? 'success">Installed' : 'failure">Missing') . '</span>';
$_SESSION['session_token'] = md5(uniqid());
}
function destroySessionToken()
{
# Destroy any session with the name 'session_token'
unset($_SESSION['session_token']);
}
function tokenField()
{
# Return a field for the (CSRF) token
return "<input type='hidden' name='user_token' value='{$_SESSION['session_token']}' />";
}
// -- END (Token functions)
// Setup Functions --
$PHPUploadPath = realpath(getcwd()) . "/hackable/uploads/";
$PHPIDSPath = realpath(getcwd()) . "/external/phpids/" . dvwaPhpIdsVersionGet() . "/lib/IDS/tmp/phpids_log.txt";
$phpDisplayErrors = 'PHP function display_errors: <em>' . (ini_get('display_errors') ? 'Enabled</em> <i>(Easy Mode!)</i>' : 'Disabled</em>');
// Verbose error messages (e.g. full path disclosure)
$phpSafeMode = 'PHP function safe_mode: <span class="' . (ini_get('safe_mode') ? 'failure">Enabled' : 'success">Disabled') . '</span>';
// DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0
$phpMagicQuotes = 'PHP function magic_quotes_gpc: <span class="' . (ini_get('magic_quotes_gpc') ? 'failure">Enabled' : 'success">Disabled') . '</span>';
// DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0
$phpURLInclude = 'PHP function allow_url_include: <span class="' . (ini_get('allow_url_include') ? 'success">Enabled' : 'failure">Disabled') . '</span>';
// RFI
$phpURLFopen = 'PHP function allow_url_fopen: <span class="' . (ini_get('allow_url_fopen') ? 'success">Enabled' : 'failure">Disabled') . '</span>';
// RFI
$phpGD = 'PHP module php-gd: <span class="' . (extension_loaded('gd') && function_exists('gd_info') ? 'success">Installed' : 'failure">Missing') . '</span>';
// File Upload
$DVWARecaptcha = 'reCAPTCHA key: <span class="' . (isset($_DVWA['recaptcha_public_key']) && $_DVWA['recaptcha_public_key'] != '' ? 'success">' . $_DVWA['recaptcha_public_key'] : 'failure">Missing') . '</span>';
$DVWAUploadsWrite = 'Writable folder ' . $PHPUploadPath . ': <span class="' . (is_writable($PHPUploadPath) ? 'success">Yes)' : 'failure">No') . '</span>';
// File Upload
if (isset($_GET['phpids'])) {
switch ($_GET['phpids']) {
case 'on':
dvwaPhpIdsEnabledSet(true);
dvwaMessagePush("PHPIDS is now enabled");
break;
case 'off':
dvwaPhpIdsEnabledSet(false);
dvwaMessagePush("PHPIDS is now disabled");
break;
}
dvwaPageReload();
}
$securityOptionsHtml = '';
$securityLevelHtml = '';
foreach (array('low', 'medium', 'high') as $securityLevel) {
$selected = '';
if ($securityLevel == dvwaSecurityLevelGet()) {
$selected = ' selected="selected"';
$securityLevelHtml = "<p>Security Level is currently <em>{$securityLevel}</em>.<p>";
}
$securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>{$securityLevel}</option>";
}
$phpIdsHtml = 'PHPIDS is currently ';
if (dvwaPhpIdsIsEnabled()) {
$phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">disable PHPIDS</a>]';
} else {
$phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">enable PHPIDS</a>]';
}
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\"></h1>\r\n\r\n\t<br />\r\n\t\r\n\t<h2>Script Security</h2>\r\n\r\n\t{$securityHtml}\r\n\r\n\t<form action=\"#\" method=\"POST\">\r\n\t\t{$securityLevelHtml}\r\n\t\t<p>You can set the security level to low, medium or high.</p>\r\n\t\t<p>The security level changes the vulnerability level of DVWA.</p>\r\n\r\n\t\t<select name=\"security\">\r\n\t\t\t{$securityOptionsHtml}\r\n\t\t</select>\r\n\t\t<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">\r\n\t</form>\r\n\r\n\t<br />\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>PHPIDS</h2>\r\n\r\n\t<p>" . dvwaExternalLinkUrlGet('http://php-ids.org/', 'PHPIDS') . " v." . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) is a security layer for PHP based web applications. </p>\r\n\t<p>You can enable PHPIDS across this site for the duration of your session.</p>\r\n\r\n\t<p>{$phpIdsHtml}</p>\r\n\t[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -\r\n\t[<a href=\"ids_log.php\">View IDS log</a>]\r\n\t\r\n</div>\r\n";
dvwaHtmlEcho($page);
dvwaPhpIdsEnabledSet(false);
dvwaMessagePush("PHPIDS is now disabled");
break;
}
dvwaPageReload();
}
$securityOptionsHtml = '';
$securityLevelHtml = '';
foreach (array('low', 'medium', 'high', 'impossible') as $securityLevel) {
$selected = '';
if ($securityLevel == dvwaSecurityLevelGet()) {
$selected = ' selected="selected"';
$securityLevelHtml = "<p>Security level is currently: <em>{$securityLevel}</em>.<p>";
}
$securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>" . ucfirst($securityLevel) . "</option>";
}
$phpIdsHtml = 'PHPIDS is currently: ';
if (dvwaPhpIdsIsEnabled()) {
$phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">Disable PHPIDS</a>]';
} else {
$phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">Enable PHPIDS</a>]';
}
// Anti-CSRF
generateSessionToken();
// Able to write to the PHPIDS log file?
$WarningHtml = '';
if (!is_writable($PHPIDSPath)) {
$WarningHtml .= "<div class=\"warning\"><em>Cannot write to the PHPIDS log file</em>: {$PHPIDSPath}</div>";
}
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\" /></h1>\r\n\t<br />\r\n\r\n\t<h2>Security Level</h2>\r\n\r\n\t{$securityHtml}\r\n\r\n\t<form action=\"#\" method=\"POST\">\r\n\t\t{$securityLevelHtml}\r\n\t\t<p>You can set the security level to low, medium, high or impossible. The security level changes the vulnerability level of DVWA:</p>\r\n\t\t<ol>\r\n\t\t\t<li> Low - This security level is completely vulnerable and <em>has no security measures at all</em>. It's use is to be as an example of how web application vulnerabilities manifest through bad coding practices and to serve as a platform to teach or learn basic exploitation techniques.</li>\r\n\t\t\t<li> Medium - This setting is mainly to give an example to the user of <em>bad security practices</em>, where the developer has tried but failed to secure an application. It also acts as a challenge to users to refine their exploitation techniques.</li>\r\n\t\t\t<li> High - This option is an extension to the medium difficulty, with a mixture of <em>harder or alternative bad practices</em> to attempt to secure the code. The vulnerability may not allow the same extent of the exploitation, similar in various Capture The Flags (CTFs) competitions.</li>\r\n\t\t\t<li> Impossible - This level should be <em>secure against all vulnerabilities</em>. It is used to compare the vulnerable source code to the secure source code.<br />\r\n\t\t\t\tPriority to DVWA v1.9, this level was known as 'high'.</li>\r\n\t\t</ol>\r\n\t\t<select name=\"security\">\r\n\t\t\t{$securityOptionsHtml}\r\n\t\t</select>\r\n\t\t<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">\r\n\t\t" . tokenField() . "\r\n\t</form>\r\n\r\n\t<br />\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>PHPIDS</h2>\r\n\t{$WarningHtml}\r\n\t<p>" . dvwaExternalLinkUrlGet('https://github.com/PHPIDS/PHPIDS', 'PHPIDS') . " v" . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) is a security layer for PHP based web applications.</p>\r\n\t<p>PHPIDS works by filtering any user supplied input against a blacklist of potentially malicious code. It is used in DVWA to serve as a live example of how Web Application Firewalls (WAFs) can help improve security and in some cases how WAFs can be circumvented.</p>\r\n\t<p>You can enable PHPIDS across this site for the duration of your session.</p>\r\n\r\n\t<p>{$phpIdsHtml}</p>\r\n\t[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -\r\n\t[<a href=\"ids_log.php\">View IDS log</a>]\r\n</div>";
dvwaHtmlEcho($page);
if (isset($_GET['phpids'])) {
switch ($_GET['phpids']) {
case 'on':
dvwaPhpIdsEnabledSet(true);
dvwaMessagePush("PHPIDS esta activado");
break;
case 'off':
dvwaPhpIdsEnabledSet(false);
dvwaMessagePush("PHPIDS esta desactivado");
break;
}
dvwaPageReload();
}
$securityOptionsHtml = '';
$securityLevelHtml = '';
foreach (array('low', 'medium', 'high') as $securityLevel) {
$selected = '';
if ($securityLevel == dvwaSecurityLevelGet()) {
$selected = ' selected="selected"';
$securityLevelHtml = "<p>El nivel de Seguridad actualmente es: <em>{$securityLevel}</em>.<p>";
}
$securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>{$securityLevel}</option>";
}
$phpIdsHtml = 'PHPIDS is currently ';
if (dvwaPhpIdsIsEnabled()) {
$phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">disable PHPIDS</a>]';
} else {
$phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">enable PHPIDS</a>]';
}
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\"></h1>\r\n\r\n\t<br />\r\n\t\r\n\t<h2>Script Security</h2>\r\n\r\n\t{$securityHtml}\r\n\r\n\t<form action=\"#\" method=\"POST\">\r\n\t\t{$securityLevelHtml}\r\n\t\t<p>Puedes configurar el nivel de seguridad a bajo, medio o alto.</p>\r\n\t\t<p>El nivel de Seguridad cambia el nivel de vulnerabilidad.</p>\r\n\r\n\t\t<select name=\"security\">\r\n\t\t\t{$securityOptionsHtml}\r\n\t\t</select>\r\n\t\t<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">\r\n\t</form>\r\n\r\n\t<br />\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>PHPIDS</h2>\r\n\r\n\t<p>" . dvwaExternalLinkUrlGet('http://php-ids.org/', 'PHPIDS') . " v." . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) es una capa de seguridad para aplicaciones web basadas en PHP. </p>\r\n\t<p>Puede activar PHPIDS a través de este sitio mientras dure su sesión.</p>\r\n\r\n\t<p>{$phpIdsHtml}</p>\r\n\t[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -\r\n\t[<a href=\"ids_log.php\">View IDS log</a>]\r\n\t\r\n</div>\r\n";
dvwaHtmlEcho($page);
