function xlabIsNonsec() { $accesscode = isset($_SERVER['X-Forwarded-For']) ? $_SERVER['X-Forwarded-For'] : ""; return xlabIsConfig("nonsec", $accesscode) ? true : false; }
<?php define('DVWA_WEB_PAGE_TO_ROOT', ''); require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php'; dvwaPageStartup(array('phpids')); dvwaDatabaseConnect(); dvwaGetconfig(); #dvwadebug(); if (isset($_POST['Login'])) { $user = $_POST['username']; $user = stripslashes($user); if (!xlabIsConfig('loginsqli', '1')) { $user = mysql_real_escape_string($user); } $pass = $_POST['password']; $pass = stripslashes($pass); $pass = mysql_real_escape_string($pass); $pass_md5 = md5($pass); $qry_md5 = "SELECT * FROM `users` WHERE user='******' AND password='******';"; $result_md5 = @mysql_query($qry_md5) or die('<pre>' . mysql_error() . '</pre>'); dvwadebug($qry_md5); if ($result_md5 && mysql_num_rows($result_md5) >= 1) { // Login Successful... $user = mysql_result($result_md5, 0, "user"); if (mysql_num_rows($result_md5) > 1 and $user == 'admin') { dvwaMessagePush("You can't login for admin use sql inject vuln"); dvwaRedirect('index.php'); exit(1); } dvwaMessagePush("You have logged in as '" . $user . "'"); dvwaLogin($user);
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php'; if (!xlabIsConfig('backdoor', '1')) { dvwaPageStartup(array('authenticated', 'phpids')); } $page = dvwaPageNewGrab(); $page['title'] .= $page['title_separator'] . 'Vulns'; $page['page_id'] = 'vulns'; if (!dvwaIfWork()) { exit; } dvwaDatabaseConnect(); $user = dvwaCurrentUser(); $html = ''; if (isset($_GET['act']) && $_GET['act'] == 'detail') { $vid = xlabGetSqli('vid', $_GET); if (xlabIsConfig("ultrav", "1")) { $sql = "select vid,site,vname,vdesc,author,risk from vulns where vid='{$vid}'"; } else { if ($user == "admin") { $sql = "select vid,site,vname,vdesc,author,risk from vulns where vid='{$vid}'"; } else { $sql = "select vid,site,vname,vdesc,author,risk from vulns where author='{$user}' and vid='{$vid}'"; } } $result = mysql_query($sql); $num = mysql_numrows($result); dvwadebug($sql); if ($num > 0) { $vid = mysql_result($result, 0, "vid"); $site = mysql_result($result, 0, "site"); $vname = mysql_result($result, 0, "vname");