Exemplo n.º 1
0
 * ------------------------------------------------------ */
require_once '../classes/CustomErrorHandler.php';
require_once '../classes/LogHandler.php';
require_once '../classes/SQLQueryHandler.php';
/* ------------------------------------------
 * INITIALIZE SESSION
 * ------------------------------------------ */
//initialize session
if (strlen(session_id()) == 0) {
    session_start();
}
// end if
/* ------------------------------------------
 * initialize custom error handler
 * ------------------------------------------ */
$CustomErrorHandler = new CustomErrorHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
/* ------------------------------------------
 * initialize log handler
 * ------------------------------------------ */
$LogHandler = new LogHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
/* ------------------------------------------
 * initialize SQLQuery handler
 * ------------------------------------------ */
$SQLQueryHandler = new SQLQueryHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
try {
    switch ($_SESSION["security-level"]) {
        case "0":
            // This code is insecure.
            $lUseServerSideValidation = FALSE;
            $lEncodeOutput = FALSE;
            $lTokenizeAllowedMarkup = FALSE;
Exemplo n.º 2
0
				window.sessionStorage.clear();
				window.localStorage.clear();
			}catch(e){
				alert("Error clearing HTML 5 Local and Session Storage" + e.toString());
			};
		</script>
		<div class="database-success-message">HTML 5 Local and Session Storage cleared unless error popped-up already.</div>
<?php

	//Here because of very weird error
	session_start();

//initialize custom error handler
require_once 'classes/CustomErrorHandler.php';
if (!isset($CustomErrorHandler)){
	$CustomErrorHandler = 
	new CustomErrorHandler("owasp-esapi-php/src/", 0);
}// end if

require_once 'classes/MySQLHandler.php';
$MySQLHandler = new MySQLHandler("owasp-esapi-php/src/", $_SESSION["security-level"]);
$lErrorDetected = FALSE;

function format($pMessage, $pLevel ) {
	switch ($pLevel){
		case "I": $lStyle = "database-informative-message";break;
		case "S": $lStyle = "database-success-message";break;
		case "F": $lStyle = "database-failure-message";break;
		case "W": $lStyle = "database-warning-message";break;
	}// end switch
	
	return "<div class=\"".$lStyle."\">" . $pMessage . "</div>";
//initialize session
if (strlen(session_id()) == 0) {
    session_start();
}
// end if
/* ------------------------------------------
 * initialize SQL Query handler
 * ------------------------------------------ */
require_once '../classes/SQLQueryHandler.php';
$SQLQueryHandler = new SQLQueryHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
/* ------------------------------------------
 * initialize custom error handler
 * ------------------------------------------ */
require_once '../classes/CustomErrorHandler.php';
$CustomErrorHandler = new CustomErrorHandler("../owasp-esapi-php/src/", $_SESSION["security-level"]);
try {
    $lPageName = $_GET["pagename"];
    $lQueryResult = $SQLQueryHandler->getPageHelpTexts($lPageName);
    echo '<div>&nbsp;</div>';
    if ($lQueryResult->num_rows > 0) {
        echo '	<div class="help-text-header">
					Hack with confidence.
					<br/>
					Page ' . $lPageName . ' is vulnerable to at least the following:</div>';
        while ($row = $lQueryResult->fetch_object()) {
            echo $row->help_text;
        }
        //end while $row
    } else {
        echo '	<div class="help-text-header">