$pass = mysql_real_escape_string($pass);
$pass = md5($pass);
$query = "SELECT table_schema, table_name, create_time\r\n\t\t\t\tFROM information_schema.tables\r\n\t\t\t\tWHERE table_schema='{$_DVWA['db_database']}' AND table_name='users'\r\n\t\t\t\tLIMIT 1";
$result = @mysql_query($query);
if (mysql_num_rows($result) != 1) {
dvwaMessagePush("First time using DVWA.<br />Need to run 'setup.php'.");
dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'setup.php');
}
$query = "SELECT * FROM `users` WHERE user='******' AND password='******';";
$result = @mysql_query($query) or die('<pre>' . mysql_error() . '.<br />Try <a href="setup.php">installing again</a>.</pre>');
if ($result && mysql_num_rows($result) == 1) {
// Login Successful...
dvwaMessagePush("You have logged in as '{$user}'");
dvwaLogin($user);
dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'index.php');
}
// Login failed
dvwaMessagePush('Login failed');
dvwaRedirect('login.php');
}
$messagesHtml = messagesPopAllToHtml();
Header('Cache-Control: no-cache, must-revalidate');
// HTTP/1.1
Header('Content-Type: text/html;charset=utf-8');
// TODO- proper XHTML headers...
Header('Expires: Tue, 23 Jun 2009 12:00:00 GMT');
// Date in the past
// Anti-CSRF
generateSessionToken();
echo "\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n\r\n\t<head>\r\n\r\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\r\n\r\n\t\t<title>Login :: Damn Vulnerable Web Application (DVWA) v" . dvwaVersionGet() . "</title>\r\n\r\n\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/login.css\" />\r\n\r\n\t</head>\r\n\r\n\t<body>\r\n\r\n\t<div id=\"wrapper\">\r\n\r\n\t<div id=\"header\">\r\n\r\n\t<br />\r\n\r\n\t<p><img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/login_logo.png\" /></p>\r\n\r\n\t<br />\r\n\r\n\t</div> <!--<div id=\"header\">-->\r\n\r\n\t<div id=\"content\">\r\n\r\n\t<form action=\"login.php\" method=\"post\">\r\n\r\n\t<fieldset>\r\n\r\n\t\t\t<label for=\"user\">Username</label> <input type=\"text\" class=\"loginInput\" size=\"20\" name=\"username\"><br />\r\n\r\n\r\n\t\t\t<label for=\"pass\">Password</label> <input type=\"password\" class=\"loginInput\" AUTOCOMPLETE=\"off\" size=\"20\" name=\"password\"><br />\r\n\r\n\t\t\t<br />\r\n\r\n\t\t\t<p class=\"submit\"><input type=\"submit\" value=\"Login\" name=\"Login\"></p>\r\n\r\n\t</fieldset>\r\n\r\n\t" . tokenField() . "\r\n\r\n\t</form>\r\n\r\n\t<br />\r\n\r\n\t{$messagesHtml}\r\n\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\r\n\t<!-- <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/RandomStorm.png\" /> -->\r\n\t</div > <!--<div id=\"content\">-->\r\n\r\n\t<div id=\"footer\">\r\n\r\n\t<p>" . dvwaExternalLinkUrlGet('http://www.dvwa.co.uk/', 'Damn Vulnerable Web Application (DVWA)') . " is a RandomStorm OpenSource project.</p>\r\n\r\n\t</div> <!--<div id=\"footer\"> -->\r\n\r\n\t</div> <!--<div id=\"wrapper\"> -->\r\n\r\n\t</body>\r\n\r\n</html>";
function dvwaHtmlEcho($pPage)
{
$menuBlocks = array();
$menuBlocks['home'] = array();
$menuBlocks['home'][] = array('id' => 'home', 'name' => 'Home', 'url' => '.');
$menuBlocks['home'][] = array('id' => 'instructions', 'name' => 'Instructions', 'url' => 'instructions.php');
$menuBlocks['home'][] = array('id' => 'setup', 'name' => 'Setup / Reset', 'url' => 'setup.php');
$menuBlocks['vulnerabilities'] = array();
$menuBlocks['vulnerabilities'][] = array('id' => 'brute', 'name' => 'Brute Force', 'url' => 'vulnerabilities/brute/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'exec', 'name' => 'Command Execution', 'url' => 'vulnerabilities/exec/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'csrf', 'name' => 'CSRF', 'url' => 'vulnerabilities/csrf/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'captcha', 'name' => 'Insecure CAPTCHA', 'url' => 'vulnerabilities/captcha/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'fi', 'name' => 'File Inclusion', 'url' => 'vulnerabilities/fi/.?page=include.php');
$menuBlocks['vulnerabilities'][] = array('id' => 'sqli', 'name' => 'SQL Injection', 'url' => 'vulnerabilities/sqli/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'sqli_blind', 'name' => 'SQL Injection (Blind)', 'url' => 'vulnerabilities/sqli_blind/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'upload', 'name' => 'Upload', 'url' => 'vulnerabilities/upload/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'xss_r', 'name' => 'XSS (Reflected)', 'url' => 'vulnerabilities/xss_r/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'xss_s', 'name' => 'XSS (Stored)', 'url' => 'vulnerabilities/xss_s/.');
$menuBlocks['meta'] = array();
$menuBlocks['meta'][] = array('id' => 'security', 'name' => 'DVWA Security', 'url' => 'security.php');
$menuBlocks['meta'][] = array('id' => 'phpinfo', 'name' => 'PHP Info', 'url' => 'phpinfo.php');
$menuBlocks['meta'][] = array('id' => 'about', 'name' => 'About', 'url' => 'about.php');
$menuBlocks['logout'] = array();
$menuBlocks['logout'][] = array('id' => 'logout', 'name' => 'Logout', 'url' => 'logout.php');
$menuHtml = '';
foreach ($menuBlocks as $menuBlock) {
$menuBlockHtml = '';
foreach ($menuBlock as $menuItem) {
$selectedClass = $menuItem['id'] == $pPage['page_id'] ? 'selected' : '';
$fixedUrl = DVWA_WEB_PAGE_TO_ROOT . $menuItem['url'];
$menuBlockHtml .= "<li onclick=\"window.location='{$fixedUrl}'\" class=\"{$selectedClass}\"><a href=\"{$fixedUrl}\">{$menuItem['name']}</a></li>\n";
}
$menuHtml .= "<ul class=\"menuBlocks\">{$menuBlockHtml}</ul>";
}
// Get security cookie --
$securityLevelHtml = '';
switch (dvwaSecurityLevelGet()) {
case 'low':
$securityLevelHtml = 'low';
break;
case 'medium':
$securityLevelHtml = 'medium';
break;
case 'high':
$securityLevelHtml = 'high';
break;
default:
$securityLevelHtml = 'high';
break;
}
// -- END (security cookie)
$phpIdsHtml = '<em>PHPIDS:</em> ' . (dvwaPhpIdsIsEnabled() ? 'enabled' : 'disabled');
$userInfoHtml = '<em>Username:</em> ' . dvwaCurrentUser();
$messagesHtml = messagesPopAllToHtml();
if ($messagesHtml) {
$messagesHtml = "<div class=\"body_padded\">{$messagesHtml}</div>";
}
$systemInfoHtml = "<div align=\"left\">{$userInfoHtml}<br /><b>Security Level:</b> {$securityLevelHtml}<br />{$phpIdsHtml}</div>";
if ($pPage['source_button']) {
$systemInfoHtml = dvwaButtonSourceHtmlGet($pPage['source_button']) . " {$systemInfoHtml}";
}
if ($pPage['help_button']) {
$systemInfoHtml = dvwaButtonHelpHtmlGet($pPage['help_button']) . " {$systemInfoHtml}";
}
// Send Headers + main HTML code
Header('Cache-Control: no-cache, must-revalidate');
// HTTP/1.1
Header('Content-Type: text/html;charset=utf-8');
// TODO- proper XHTML headers...
Header("Expires: Tue, 23 Jun 2009 12:00:00 GMT");
// Date in the past
echo "\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n\r\n\t<head>\r\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\r\n\r\n\t\t<title>{$pPage['title']}</title>\r\n\r\n\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/main.css\" />\r\n\r\n\t\t<link rel=\"icon\" type=\"\\image/ico\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "favicon.ico\" />\r\n\r\n\t\t<script type=\"text/javascript\" src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/js/dvwaPage.js\"></script>\r\n\r\n\t</head>\r\n\r\n\t<body class=\"home\">\r\n\t\t<div id=\"container\">\r\n\r\n\t\t\t<div id=\"header\">\r\n\r\n\t\t\t\t<img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/logo.png\" alt=\"Damn Vulnerable Web App\" />\r\n\r\n\t\t\t</div>\r\n\r\n\t\t\t<div id=\"main_menu\">\r\n\r\n\t\t\t\t<div id=\"main_menu_padded\">\r\n\t\t\t\t{$menuHtml}\r\n\t\t\t\t</div>\r\n\r\n\t\t\t</div>\r\n\r\n\t\t\t<div id=\"main_body\">\r\n\r\n\t\t\t\t{$pPage['body']}\r\n\t\t\t\t<br />\r\n\t\t\t\t<br />\r\n\t\t\t\t{$messagesHtml}\r\n\r\n\t\t\t</div>\r\n\r\n\t\t\t<div class=\"clear\">\r\n\t\t\t</div>\r\n\r\n\t\t\t<div id=\"system_info\">\r\n\t\t\t\t{$systemInfoHtml}\r\n\t\t\t</div>\r\n\r\n\t\t\t<div id=\"footer\">\r\n\r\n\t\t\t\t<p>Damn Vulnerable Web Application (DVWA) v" . dvwaVersionGet() . "</p>\r\n\r\n\t\t\t</div>\r\n\r\n\t\t</div>\r\n\r\n\t</body>\r\n\r\n</html>";
}
<?php
define('DVWA_WEB_PAGE_TO_ROOT', '');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('phpids'));
$page = dvwaPageNewGrab();
$page['title'] = 'About' . $page['title_separator'] . $page['title'];
$page['page_id'] = 'about';
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h2>About</h2>\r\n\t<p>Version " . dvwaVersionGet() . " (Release date: " . dvwaReleaseDateGet() . ")</p>\r\n\t<p>Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment</p>\r\n\t<p>The official documentation for DVWA can be found <a href=\"docs/DVWA_v1.3.pdf\">here</a>.</p>\r\n\t<p>DVWA is a RandomStorm OpenSource project. All material is copyright 2008-2015 RandomStorm & Ryan Dewhurst.</p>\r\n\r\n\t<h2>Links</h2>\r\n\t<ul>\r\n\t\t<li>Homepage: " . dvwaExternalLinkUrlGet('http://www.dvwa.co.uk/') . "</li>\r\n\t\t<li>Project Home: " . dvwaExternalLinkUrlGet('https://github.com/RandomStorm/DVWA') . "</li>\r\n\t\t<li>Bug Tracker: " . dvwaExternalLinkUrlGet('https://github.com/RandomStorm/DVWA/issues') . "</li>\r\n\t\t<li>Souce Control: " . dvwaExternalLinkUrlGet('https://github.com/RandomStorm/DVWA/commits/master') . "</li>\r\n\t\t<li>Wiki: " . dvwaExternalLinkUrlGet('https://github.com/RandomStorm/DVWA/wiki') . "</li>\r\n\t</ul>\r\n\r\n\t<h2>Credits</h2>\r\n\t<ul>\r\n\t\t<li>Brooks Garrett: " . dvwaExternalLinkUrlGet('http://brooksgarrett.com/', 'www.brooksgarrett.com') . "</li>\r\n\t\t<li>Craig</li>\r\n\t\t<li>g0tmi1k: " . dvwaExternalLinkUrlGet('https://blog.g0tmi1k.com/', 'g0tmi1k.com') . "</li>\r\n\t\t<li>Jamesr: " . dvwaExternalLinkUrlGet('https://www.creativenucleus.com/', 'www.creativenucleus.com') . " / " . dvwaExternalLinkUrlGet('http://www.designnewcastle.co.uk/', 'www.designnewcastle.co.uk') . "</li>\r\n\t\t<li>Jason Jones: " . dvwaExternalLinkUrlGet('http://www.linux-ninja.com/', 'www.linux-ninja.com') . "</li>\r\n\t\t<li>RandomStorm: " . dvwaExternalLinkUrlGet('https://www.randomstorm.com/', 'www.randomstorm.com') . "</li>\r\n\t\t<li>Ryan Dewhurst: " . dvwaExternalLinkUrlGet('https://www.dewhurstsecurity.com/', 'www.dewhurstsecurity.com') . "</li>\r\n\t\t<li>Shinkurt: " . dvwaExternalLinkUrlGet('http://www.paulosyibelo.com/', 'www.paulosyibelo.com') . "</li>\r\n\t\t<li>Tedi Heriyanto: " . dvwaExternalLinkUrlGet('http://tedi.heriyanto.net/', 'tedi.heriyanto.net') . "</li>\r\n\t\t<li>Tom Mackenzie: " . dvwaExternalLinkUrlGet('https://www.tmacuk.co.uk/', 'www.tmacuk.co.uk') . "</li>\r\n\t</ul>\r\n\t<ul>\r\n\t\t<li>PHPIDS - Copyright (c) 2007 " . dvwaExternalLinkUrlGet('http://github.com/PHPIDS/PHPIDS', 'PHPIDS group') . "</li>\r\n\t</ul>\r\n\r\n\t<h2>License</h2>\r\n\t<p>Damn Vulnerable Web Application (DVWA) is free software: you can redistribute it and/or modify\r\n\tit under the terms of the GNU General Public License as published by\r\n\tthe Free Software Foundation, either version 3 of the License, or\r\n\t(at your option) any later version.</p>\r\n\t<p>The PHPIDS library is included, in good faith, with this DVWA distribution. The operation of PHPIDS is provided without support from the DVWA team. It is licensed under <a href=\"" . DVWA_WEB_PAGE_TO_ROOT . "instructions.php?doc=PHPIDS-license\">separate terms</a> to the DVWA code.</p>\r\n\r\n\t<h2>Development</h2>\r\n\t<p>Everyone is welcome to contribute and help make DVWA as successful as it can be. All contributors can have their name and link (if they wish) placed in the credits section. To contribute pick an Issue from the Project Home to work on or submit a patch to the Issues list.</p>\r\n</div>\n";
dvwaHtmlEcho($page);
exit;
function dvwaHtmlEcho($pPage)
{
$menuBlocks = array();
$menuBlocks['home'] = array();
$menuBlocks['home'][] = array('id' => 'home', 'name' => 'Home', 'url' => '.');
$menuBlocks['home'][] = array('id' => 'instructions', 'name' => 'Instructions', 'url' => 'instructions.php');
$menuBlocks['vulnerabilities'] = array();
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-63321', 'name' => 'Regex #02-Domain too', 'url' => 'vulnerabilities/WooYun-2014-63321/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-61978', 'name' => 'CSRF #01-Flash Upload', 'url' => 'vulnerabilities/WooYun-2014-61978/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-61361', 'name' => 'Sqli QUERY_STRING', 'url' => 'vulnerabilities/WooYun-2014-61361/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-59940', 'name' => 'Regex #01-Domain fraud', 'url' => 'vulnerabilities/WooYun-2014-59940/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-53384', 'name' => 'Sqli filter #02-Once', 'url' => 'vulnerabilities/WooYun-2014-53384/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-52257', 'name' => 'Sqli Mysql #01', 'url' => 'vulnerabilities/WooYun-2014-52257/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-52248', 'name' => 'No [Comma] Sqli', 'url' => 'vulnerabilities/WooYun-2014-52248/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-51950', 'name' => 'Sqli using [Slashes]', 'url' => 'vulnerabilities/WooYun-2014-51950/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-51687', 'name' => 'Sqli filter #02-80sec', 'url' => 'vulnerabilities/WooYun-2014-51687/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-51536', 'name' => 'XSS #08-mXSS', 'url' => 'vulnerabilities/WooYun-2014-51536/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-51505', 'name' => 'Sqli filter #01', 'url' => 'vulnerabilities/WooYun-2014-51505/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-50644', 'name' => 'No [Space] Sqli', 'url' => 'vulnerabilities/WooYun-2014-50644/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2014-50315', 'name' => 'XSS #07-SVG', 'url' => 'vulnerabilities/WooYun-2014-50315/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2013-34885', 'name' => 'Contradiction #01', 'url' => 'vulnerabilities/WooYun-2013-34885/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2013-31669', 'name' => 'Indirect SQLi #01', 'url' => 'vulnerabilities/WooYun-2013-31669/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2013-20759', 'name' => 'Decrypt #01-CCA2', 'url' => 'vulnerabilities/WooYun-2013-20759/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2013-19115', 'name' => 'Workflow #1-302', 'url' => 'vulnerabilities/WooYun-2013-19115/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2012-16598', 'name' => 'XSS #06-Flash02', 'url' => 'vulnerabilities/WooYun-2012-16598/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2012-16532', 'name' => 'XSS #05-Flash01', 'url' => 'vulnerabilities/WooYun-2012-16532/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2012-16041', 'name' => 'XSS #04-Encoding', 'url' => 'vulnerabilities/WooYun-2012-16041/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2012-16003', 'name' => 'XSS #03-InComment', 'url' => 'vulnerabilities/WooYun-2012-16003/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2012-15979', 'name' => 'XSS #02-TwoVars', 'url' => 'vulnerabilities/WooYun-2012-15979/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2012-15969', 'name' => 'XSS #01-GBK', 'url' => 'vulnerabilities/WooYun-2012-15969/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'WooYun-2011-02236', 'name' => 'LFI+log', 'url' => 'vulnerabilities/WooYun-2011-02236/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'Drops-1015', 'name' => 'Linux pentest tricks', 'url' => 'vulnerabilities/Drops-1015/.');
$menuBlocks['meta'] = array();
$menuBlocks['meta'][] = array('id' => 'about', 'name' => 'About', 'url' => 'about.php');
$menuBlocks['logout'] = array();
$menuBlocks['logout'][] = array('id' => 'logout', 'name' => 'Logout', 'url' => 'logout.php');
$menuHtml = '';
foreach ($menuBlocks as $menuBlock) {
$menuBlockHtml = '';
foreach ($menuBlock as $menuItem) {
$selectedClass = $menuItem['id'] == $pPage['page_id'] ? 'list-group-item active' : 'list-group-item';
$fixedUrl = DVWA_WEB_PAGE_TO_ROOT . $menuItem['url'] . '#here_body';
$menuBlockHtml .= "<a href=\"{$fixedUrl}\" onclick=\"window.location='{$fixedUrl}'\" class=\"{$selectedClass}\">{$menuItem['name']}</a>";
}
$menuHtml .= "<ul>{$menuBlockHtml}</ul>";
}
// Get security cookie --
$securityLevelHtml = '';
switch (dvwaSecurityLevelGet()) {
case 'low':
$securityLevelHtml = 'low';
break;
case 'medium':
$securityLevelHtml = 'medium';
break;
case 'high':
$securityLevelHtml = 'high';
break;
default:
$securityLevelHtml = 'low';
break;
}
// -- END
$phpIdsHtml = '<b>PHPIDS:</b> ' . (dvwaPhpIdsIsEnabled() ? 'enabled' : 'disabled');
$userInfoHtml = '<b>Username:</b> ' . dvwaCurrentUser();
$messagesHtml = messagesPopAllToHtml();
if ($messagesHtml) {
$messagesHtml = "<div class=\"body_padded\">{$messagesHtml}</div>";
}
$systemInfoHtml = "<div align=\"left\">{$userInfoHtml}<br /><b>Security Level:</b> {$securityLevelHtml}<br />{$phpIdsHtml}</div>";
if ($pPage['source_button']) {
$systemInfoHtml = dvwaButtonSourceHtmlGet($pPage['source_button']) . " {$systemInfoHtml}";
}
if ($pPage['help_button']) {
$systemInfoHtml = dvwaButtonHelpHtmlGet($pPage['help_button']) . " {$systemInfoHtml}";
}
// Send Headers + main HTML code
Header('Cache-Control: no-cache, must-revalidate');
// HTTP/1.1
Header('Content-Type: text/html;charset=utf-8');
// TODO- proper XHTML headers...
Header("Expires: Tue, 23 Jun 2009 12:00:00 GMT");
// Date in the past
echo "\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n\r\n\t<head>\r\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\r\n\r\n\t\t<title>{$pPage['title']}</title>\r\n\r\n\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/main.css\" />\r\n\r\n\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/bootstrap.min.css\" />\r\n\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/bootstrap-theme.min.css\" />\r\n\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/navbar-fixed-top.css\" />\r\n\r\n\t\t<link rel=\"icon\" type=\"\\image/ico\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "favicon.ico\" />\r\n\r\n\t\t<script type=\"text/javascript\" src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/js/dvwaPage.js\"></script>\r\n\r\n\t</head>\r\n\r\n\t<body class=\"home\">\r\n\r\n\t\t\t<div id=\"header\" style=\"text-align:center;\">\r\n\r\n\t\t\t\t<img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/wooyun_logo.jpg\" alt=\"WooYun DVWA\" height=\"200\" width=\"800\"/>\r\n\r\n\t\t\t</div>\r\n\r\n\t\t<div id=\"container\" align=\"center\">\r\n\r\n <div class=\"navbar navbar-default navbar-fixed-top\" role=\"navigation\" >\r\n <div class=\"container\">\r\n <div class=\"navbar-header\">\r\n <button type=\"button\" class=\"navbar-toggle collapsed\" data-toggle=\"collapse\" data-target=\".navbar-collapse\">\r\n <span class=\"sr-only\">Toggle navigation</span>\r\n <span class=\"icon-bar\"></span>\r\n <span class=\"icon-bar\"></span>\r\n <span class=\"icon-bar\"></span>\r\n </button>\r\n <a class=\"navbar-brand\" href=\"#\">DVWA WooYun</a>\r\n </div>\r\n <div class=\"navbar-collapse collapse\">\r\n <ul class=\"nav navbar-nav\">\r\n <li><a href=\"/\">Home</a></li>\r\n <li><a href=\"http://wooyun.org\">Wooyun</a></li>\r\n <li><a href=\"/instructions.php#here_body\">Instructions</a></li>\r\n </ul>\r\n <ul class=\"nav navbar-nav navbar-right\">\r\n <li><a href=\"/about.php#here_body\">About</a></li>\r\n <li><a href=\"/logout.php\">Logout</a></li>\r\n </ul>\r\n </div><!--/.nav-collapse -->\r\n </div>\r\n </div>\r\n\r\n<a name=\"here_body\"></a><!-- 定义锚点 --> \r\n<br>\r\n<br>\r\n<br>\r\n\r\n\t\t\t<div id=\"main_menu\" style=\"width:20%;float:left;padding-left: 15px;\">\r\n\r\n\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t<div class=\"list-group\">\r\n\t\t\t\t\t\t{$menuHtml}\r\n\t\t\t\t\t</div>\r\n\t\t\t\t</div>\r\n\r\n\t\t\t</div>\r\n\r\n\t\t\t<div id=\"main_body\" style=\"width:75%;float:right\">\r\n\r\n\t\t\t\t{$pPage['body']}\r\n\t\t\t\t<br />\r\n\t\t\t\t<br />\r\n\t\t\t\t{$messagesHtml}\r\n\t\t\t\t{$systemInfoHtml}\r\n\r\n\t\t\t</div>\r\n\r\n\t\t\t<div class=\"clear\">\r\n\t\t\t</div>\r\n\r\n\t\t\t<div id=\"footer\">\r\n\r\n\t\t\t\t<p>WooYun DVWA v" . dvwaVersionGet() . "</p>\r\n\r\n\t\t\t</div>\r\n\r\n\t\t</div>\r\n\r\n\t</body>\r\n\r\n</html>";
}
<?php
const DVWA_WEB_PAGE_TO_ROOT = '';
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'About';
$page['page_id'] = 'about';
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>About</h1>\r\n\r\n\t<p>\r\n\tVersion " . dvwaVersionGet() . " (Release date: " . dvwaReleaseDateGet() . ")\r\n\t<br /><br />\r\n\tDVWA is a RandomStorm OpenSource project. All material is copyright 2008-2011 RandomStorm & Ryan Dewhurst.\r\n\t</p>\r\n\r\n\t<h2>Links</h2>\r\n\r\n\t<ul>\r\n\t\t<li>Homepage: " . dvwaExternalLinkUrlGet('http://www.dvwa.co.uk/') . "</li>\r\n\t\t<li>Project Home: " . dvwaExternalLinkUrlGet('http://code.google.com/p/dvwa/') . "</li>\r\n\t\t<li>Issues: " . dvwaExternalLinkUrlGet('http://code.google.com/p/dvwa/issues/list') . "</li>\r\n\t\t<li>SVN: " . dvwaExternalLinkUrlGet('http://dvwa.googlecode.com/svn/trunk/') . "</li>\r\n\r\n\t</ul>\r\n\r\n\t<h2>Credits</h2>\r\n\r\n\t<ul>\r\n\t\t<li>Craig: " . dvwaExternalLinkUrlGet('http://www.youreadmyblog.info/', 'www.youreadmyblog.info') . "</li>\r\n\t\t<li>Jamesr: " . dvwaExternalLinkUrlGet('http://www.creativenucleus.com/', 'www.creativenucleus.com') . " / " . dvwaExternalLinkUrlGet('http://www.designnewcastle.co.uk/', 'www.designnewcastle.co.uk') . "</li>\r\n\t\t<li>Ryan Dewhurst: " . dvwaExternalLinkUrlGet('http://www.ethicalhack3r.co.uk/', 'www.ethicalhack3r.co.uk') . "</li>\r\n\t\t<li>Tedi Heriyanto: " . dvwaExternalLinkUrlGet('http://tedi.heriyanto.net/', 'http://tedi.heriyanto.net') . "</li>\r\n\t\t<li>Tom Mackenzie: " . dvwaExternalLinkUrlGet('http://www.tmacuk.co.uk/', 'www.tmacuk.co.uk') . "</li>\r\n\t\t<li>RandomStorm: " . dvwaExternalLinkUrlGet('http://www.randomstorm.com/', 'www.randomstorm.com') . "</li>\r\n\t\t<li>Jason Jones: " . dvwaExternalLinkUrlGet('http://www.linux-ninja.com/', 'www.linux-ninja.com') . "</li>\r\n\t\t<li>Brooks Garrett: " . dvwaExternalLinkUrlGet('http://brooksgarrett.com/', 'www.brooksgarrett.com') . "</li>\r\n\t</ul>\r\n\r\n\t<ul>\r\n\t\t<li>PHPIDS - Copyright (c) 2007 " . dvwaExternalLinkUrlGet('http://php-ids.org/', 'PHPIDS group') . "</li>\r\n\t</ul>\r\n\r\n\t<h2>License</h2>\r\n\r\n\t<p>Damn Vulnerable Web App (DVWA) is free software: you can redistribute it and/or modify\r\n\tit under the terms of the GNU General Public License as published by\r\n\tthe Free Software Foundation, either version 3 of the License, or\r\n\t(at your option) any later version.</p>\r\n\r\n\t<p>The PHPIDS library is included, in good faith, with this DVWA distribution. The operation of PHPIDS is provided without support from the DVWA team. It is licensed under <a href=\"" . DVWA_WEB_PAGE_TO_ROOT . "instructions.php?doc=PHPIDS-license\">separate terms</a> to the DVWA code.</p>\r\n\r\n\t<h2>Development</h2>\r\n\r\n\t<p>Everyone is welcome to contribute and help make DVWA as successful as it can be. All contributors can have their name and link (if they wish) placed in the credits section. To contribute pick an Issue from the Project Home to work on or submit a patch to the Issues list.</p>\r\n\t\r\n\r\n</div>\r\n";
dvwaHtmlEcho($page);
exit;
function dvwaHtmlEcho($pPage)
{
$menuBlocks = array();
$menuBlocks['home'] = array();
$menuBlocks['home'][] = array('id' => 'home', 'name' => 'Home', 'url' => '.');
$menuBlocks['home'][] = array('id' => 'instructions', 'name' => 'Instructions', 'url' => 'instructions.php');
$menuBlocks['vulnerabilities'] = array();
$menuBlocks['vulnerabilities'][] = array('id' => 'brute', 'name' => 'Brute Force', 'url' => 'vulnerabilities/brute/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'exec', 'name' => 'Command Execution', 'url' => 'vulnerabilities/exec/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'csrf', 'name' => 'CSRF', 'url' => 'vulnerabilities/csrf/.');
#$menuBlocks['vulnerabilities'][] = array( 'id' => 'captcha', 'name' => 'Insecure CAPTCHA', 'url' => 'vulnerabilities/captcha/.' );
$menuBlocks['vulnerabilities'][] = array('id' => 'fi', 'name' => 'File Inclusion', 'url' => 'vulnerabilities/fi/.?page=include.php');
$menuBlocks['vulnerabilities'][] = array('id' => 'sqli', 'name' => 'SQL Injection', 'url' => 'vulnerabilities/sqli/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'sqli_blind', 'name' => 'SQL Injection (Blind)', 'url' => 'vulnerabilities/sqli_blind/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'upload', 'name' => 'Upload', 'url' => 'vulnerabilities/upload/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'xss_r', 'name' => 'XSS reflected', 'url' => 'vulnerabilities/xss_r/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'xss_s', 'name' => 'XSS stored', 'url' => 'vulnerabilities/xss_s/.');
if (dvwaIfWork()) {
$menuBlocks['vulnerabilities'][] = array('id' => 'vulns', 'name' => 'Vulns', 'url' => 'vulnerabilities/vulns/.');
$menuBlocks['vulnerabilities'][] = array('id' => 'work', 'name' => 'Work', 'url' => 'vulnerabilities/work/.');
}
if (dvwaIsCtf()) {
$menuBlocks['vulnerabilities'][] = array('id' => 'ctf', 'name' => 'CTF', 'url' => 'vulnerabilities/ctf/?pid=1');
$menuBlocks['vulnerabilities'][] = array('id' => 'submit', 'name' => 'Submit', 'url' => 'vulnerabilities/ctf/?pid=submit');
$menuBlocks['vulnerabilities'][] = array('id' => 'score', 'name' => 'Score', 'url' => 'vulnerabilities/ctf/?pid=score&name=' . dvwaCurrentUser());
}
if (xlabisadmin()) {
$menuBlocks['home'][] = array('id' => 'setup', 'name' => 'Setup', 'url' => 'setup.php');
$menuBlocks['home'][] = array('id' => 'admin', 'name' => 'Admin', 'url' => 'vulnerabilities/admin/.');
$menuBlocks['home'][] = array('id' => 'manager', 'name' => 'Manager', 'url' => 'vulnerabilities/admin/manager.php');
}
$menuBlocks['meta'] = array();
$menuBlocks['meta'][] = array('id' => 'security', 'name' => 'DVWA Security', 'url' => 'security.php');
$menuBlocks['meta'][] = array('id' => 'phpinfo', 'name' => 'PHP Info', 'url' => 'phpinfo.php');
$menuBlocks['meta'][] = array('id' => 'about', 'name' => 'About', 'url' => 'about.php');
$menuBlocks['logout'] = array();
$menuBlocks['logout'][] = array('id' => 'logout', 'name' => 'Logout', 'url' => 'logout.php');
$menuHtml = '';
foreach ($menuBlocks as $menuBlock) {
$menuBlockHtml = '';
foreach ($menuBlock as $menuItem) {
$selectedClass = $menuItem['id'] == $pPage['page_id'] ? 'selected' : '';
$fixedUrl = DVWA_WEB_PAGE_TO_ROOT . $menuItem['url'];
$menuBlockHtml .= "<li onclick=\"window.location='{$fixedUrl}'\" class=\"{$selectedClass}\"><a href=\"{$fixedUrl}\">{$menuItem['name']}</a></li>";
}
$menuHtml .= "<ul>{$menuBlockHtml}</ul>";
}
// Get security cookie --
$securityLevelHtml = dvwaIsCtf() ? 'CTF' : dvwaSecurityLevelGet();
// -- END
$phpIdsHtml = '<b>PHPIDS:</b> ' . (dvwaPhpIdsIsEnabled() ? 'enabled' : 'disabled');
$userInfoHtml = '<b>Username:</b> ' . dvwaCurrentUser();
$AppModel = '<b>AppModel:</b> ' . dvwaGetModel();
$messagesHtml = messagesPopAllToHtml();
if ($messagesHtml) {
$messagesHtml = "<div class=\"body_padded\">{$messagesHtml}</div>";
}
$systemInfoHtml = "<div align=\"left\">{$userInfoHtml}<br />{$AppModel}<br /><b>Security Level:</b> {$securityLevelHtml}<br />{$phpIdsHtml}</div>";
if ($pPage['source_button'] && !dvwaIsCtf()) {
$systemInfoHtml = dvwaButtonSourceHtmlGet($pPage['source_button']) . " {$systemInfoHtml}";
}
if ($pPage['help_button'] && !dvwaIsCtf()) {
$systemInfoHtml = dvwaButtonHelpHtmlGet($pPage['help_button']) . " {$systemInfoHtml}";
}
if (dvwaIsCtf()) {
$addr = xlabGetLocation();
$systemInfoHtml = "<label for=\"QNUM\">CTF Numbers:</label><form action=\"{$addr}/vulnerabilities/ctf/\" method=\"GET\">" . dvwaGetlist() . "<input type=\"submit\" name=\"select\" value='select'>\n\t\t</form>" . "{$systemInfoHtml}";
$value = (isset($_GET['pid']) and is_numeric($_GET['pid'])) ? $_GET['pid'] : '1';
$ctfselect = xlabGetJs(xlabJqSelect("ctf_select", $value));
#$ctfselect="<script>document.getElementById('ctf_select').options[5].setAttribute('selected', 'selected');</script>";
}
// Send Headers + main HTML code
Header('Cache-Control: no-cache, must-revalidate');
// HTTP/1.1
Header('Content-Type: text/html;charset=utf-8');
// TODO- proper XHTML headers...
Header("Expires: Tue, 23 Jun 2009 12:00:00 GMT");
// Date in the past
echo "\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\n\n\t<head>\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\n\n\t\t<title>{$pPage['title']}</title>\n\n\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/main.css\" />\n\n\t\t<link rel=\"icon\" type=\"\\image/ico\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "favicon.ico\" />\n\n\t\t<script type=\"text/javascript\" src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/js/dvwaPage.js\"></script>\n\n\t</head>\n\n\t<body class=\"home\">\n\t\t<div id=\"container\">\n\n\t\t\t<div id=\"header\">\n\n\t\t\t\t<img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/logo.png\" alt=\"Damn Vulnerable Web App\" />\n\n\t\t\t</div>\n\n\t\t\t<div id=\"main_menu\">\n\n\t\t\t\t<div id=\"main_menu_padded\">\n\t\t\t\t{$menuHtml}\n\t\t\t\t</div>\n\n\t\t\t</div>\n\n\t\t\t<div id=\"main_body\">\n\t\t\t\t<script src='../../dvwa/js/jquery.js' type='text/javascript' charset='utf-8'></script>\n\t\t\t\t{$pPage['body']}\n\t\t\t\n\t\t\t\t<br />\n\t\t\t\t<br />\n\t\t\t\t{$messagesHtml}\n\n\t\t\t</div>\n\n\t\t\t<div class=\"clear\">\n\t\t\t</div>\n\n\t\t\t<div id=\"system_info\">\n\t\t\t\t{$systemInfoHtml}\n\t\t\t</div>\n\n\t\t\t<div id=\"footer\">\n\t\t\t\t{$ctfselect}\n\t\t\t\t<p>HTJC SeclabX ASystem (XlabAS) v" . dvwaVersionGet() . "</p>\n\n\t\t\t</div>\n\n\t\t</div>\n\n\t</body>\n\n</html>";
}
