<?php define('DVWA_WEB_PAGE_TO_ROOT', '../../'); require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php'; dvwaPageStartup(array('authenticated', 'phpids')); $page = dvwaPageNewGrab(); $page['title'] .= $page['title_separator'] . 'Vulnerability: Cross Site Request Forgery (CSRF)'; $page['page_id'] = 'csrf'; dvwaDatabaseConnect(); $user = dvwaCurrentUser(); $vulnerabilityFile = ''; switch (xlabGetSecurity()) { case 'low': $vulnerabilityFile = 'low.php'; break; case 'medium': $vulnerabilityFile = 'medium.php'; break; case 'high': default: $vulnerabilityFile = 'high.php'; break; } require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/ainclude.php"; require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/csrf/source/{$vulnerabilityFile}"; $page['help_button'] = 'csrf'; $page['source_button'] = 'csrf'; $page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Vulnerability: Cross Site Request Forgery (CSRF)</h1>\n\n\t<div class=\"vulnerable_code_area\">\n\t\n\t<h3>Change your admin password:</h3>\n <br>\n <form action=\"#\" method=\"GET\">"; if (dvwaSecurityLevelGet() == 'high') { $page['body'] .= "Current password:<br>\n\t\t<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_current\"><br>"; }
function dvwaSecurityLevelGet() { return xlabGetSecurity(); }