<?php if (!defined('DVWA_WEB_PAGE_TO_ROOT')) { define('DVWA System error- WEB_PAGE_TO_ROOT undefined'); exit; } define('DVWA_WEB_ROOT_TO_PHPIDS', 'external/phpids/' . dvwaPhpIdsVersionGet() . '/'); define('DVWA_WEB_PAGE_TO_PHPIDS', DVWA_WEB_PAGE_TO_ROOT . DVWA_WEB_ROOT_TO_PHPIDS); // Add PHPIDS to include path set_include_path(get_include_path() . PATH_SEPARATOR . DVWA_WEB_PAGE_TO_PHPIDS . 'lib/'); require_once 'IDS/Init.php'; function dvwaPhpIdsVersionGet() { return '0.6'; } // PHPIDS Log parsing function function dvwaReadIdsLog() { $file_array = file(DVWA_WEB_PAGE_TO_PHPIDS_LOG); $data = ''; foreach ($file_array as $line_number => $line) { $line = explode(",", $line); $line = str_replace("\"", " ", $line); $datetime = $line[1]; $vulnerability = $line[3]; $variable = urldecode($line[4]); $request = urldecode($line[5]); $ip = $line[6]; $data .= "<div id=\"idslog\"><b>Date/Time:</b> " . $datetime . "<br /><b>Vulnerability:</b> " . $vulnerability . "<br /><b>Request:</b> " . htmlspecialchars($request) . "<br /><b>Variable:</b> " . htmlspecialchars($variable) . "<br /><b>IP:</b> " . $ip . "</div>"; } return $data;
<?php define('DVWA_WEB_PAGE_TO_ROOT', ''); require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php'; define('DVWA_WEB_ROOT_TO_PHPIDS_LOG', 'external/phpids/' . dvwaPhpIdsVersionGet() . '/lib/IDS/tmp/phpids_log.txt'); define('DVWA_WEB_PAGE_TO_PHPIDS_LOG', DVWA_WEB_PAGE_TO_ROOT . DVWA_WEB_ROOT_TO_PHPIDS_LOG); dvwaPageStartup(array('authenticated', 'phpids')); $page = dvwaPageNewGrab(); $page['title'] = 'PHPIDS Log' . $page['title_separator'] . $page['title']; $page['page_id'] = 'log'; // $page[ 'clear_log' ]; <- Was showing error. $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>PHPIDS Log</h1>\r\n\r\n\t<p>" . dvwaReadIdsLog() . "</p>\r\n\t<br /><br />\r\n\r\n\t<form action=\"#\" method=\"GET\">\r\n\t\t<input type=\"submit\" value=\"Clear Log\" name=\"clear_log\">\r\n\t</form>\r\n\r\n\t" . dvwaClearIdsLog() . "\r\n</div>"; dvwaHtmlEcho($page);
$_SESSION['session_token'] = md5(uniqid()); } function destroySessionToken() { # Destroy any session with the name 'session_token' unset($_SESSION['session_token']); } function tokenField() { # Return a field for the (CSRF) token return "<input type='hidden' name='user_token' value='{$_SESSION['session_token']}' />"; } // -- END (Token functions) // Setup Functions -- $PHPUploadPath = realpath(getcwd() . DIRECTORY_SEPARATOR . DVWA_WEB_PAGE_TO_ROOT . "hackable" . DIRECTORY_SEPARATOR . "uploads") . DIRECTORY_SEPARATOR; $PHPIDSPath = realpath(getcwd() . DIRECTORY_SEPARATOR . DVWA_WEB_PAGE_TO_ROOT . "external" . DIRECTORY_SEPARATOR . "phpids" . DIRECTORY_SEPARATOR . dvwaPhpIdsVersionGet() . DIRECTORY_SEPARATOR . "lib" . DIRECTORY_SEPARATOR . "IDS" . DIRECTORY_SEPARATOR . "tmp" . DIRECTORY_SEPARATOR . "phpids_log.txt"); $phpDisplayErrors = 'PHP function display_errors: <em>' . (ini_get('display_errors') ? 'Enabled</em> <i>(Easy Mode!)</i>' : 'Disabled</em>'); // Verbose error messages (e.g. full path disclosure) $phpSafeMode = 'PHP function safe_mode: <span class="' . (ini_get('safe_mode') ? 'failure">Enabled' : 'success">Disabled') . '</span>'; // DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0 $phpMagicQuotes = 'PHP function magic_quotes_gpc: <span class="' . (ini_get('magic_quotes_gpc') ? 'failure">Enabled' : 'success">Disabled') . '</span>'; // DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0 $phpURLInclude = 'PHP function allow_url_include: <span class="' . (ini_get('allow_url_include') ? 'success">Enabled' : 'failure">Disabled') . '</span>'; // RFI $phpURLFopen = 'PHP function allow_url_fopen: <span class="' . (ini_get('allow_url_fopen') ? 'success">Enabled' : 'failure">Disabled') . '</span>'; // RFI $phpGD = 'PHP module gd: <span class="' . (extension_loaded('gd') && function_exists('gd_info') ? 'success">Installed' : 'failure">Missing') . '</span>'; // File Upload $phpMySQL = 'PHP module mysql: <span class="' . (extension_loaded('mysql') && function_exists('mysql') ? 'success">Installed' : 'failure">Missing') . '</span>'; // Core DVWA $phpPDO = 'PHP module pdo_mysql: <span class="' . (extension_loaded('pdo_mysql') ? 'success">Installed' : 'failure">Missing') . '</span>';
$_SESSION['session_token'] = md5(uniqid()); } function destroySessionToken() { # Destroy any session with the name 'session_token' unset($_SESSION['session_token']); } function tokenField() { # Return a field for the (CSRF) token return "<input type='hidden' name='user_token' value='{$_SESSION['session_token']}' />"; } // -- END (Token functions) // Setup Functions -- $PHPUploadPath = realpath(getcwd()) . "/hackable/uploads/"; $PHPIDSPath = realpath(getcwd()) . "/external/phpids/" . dvwaPhpIdsVersionGet() . "/lib/IDS/tmp/phpids_log.txt"; $phpDisplayErrors = 'PHP function display_errors: <em>' . (ini_get('display_errors') ? 'Enabled</em> <i>(Easy Mode!)</i>' : 'Disabled</em>'); // Verbose error messages (e.g. full path disclosure) $phpSafeMode = 'PHP function safe_mode: <span class="' . (ini_get('safe_mode') ? 'failure">Enabled' : 'success">Disabled') . '</span>'; // DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0 $phpMagicQuotes = 'PHP function magic_quotes_gpc: <span class="' . (ini_get('magic_quotes_gpc') ? 'failure">Enabled' : 'success">Disabled') . '</span>'; // DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0 $phpURLInclude = 'PHP function allow_url_include: <span class="' . (ini_get('allow_url_include') ? 'success">Enabled' : 'failure">Disabled') . '</span>'; // RFI $phpURLFopen = 'PHP function allow_url_fopen: <span class="' . (ini_get('allow_url_fopen') ? 'success">Enabled' : 'failure">Disabled') . '</span>'; // RFI $phpGD = 'PHP module php-gd: <span class="' . (extension_loaded('gd') && function_exists('gd_info') ? 'success">Installed' : 'failure">Missing') . '</span>'; // File Upload $DVWARecaptcha = 'reCAPTCHA key: <span class="' . (isset($_DVWA['recaptcha_public_key']) && $_DVWA['recaptcha_public_key'] != '' ? 'success">' . $_DVWA['recaptcha_public_key'] : 'failure">Missing') . '</span>'; $DVWAUploadsWrite = 'Writable folder ' . $PHPUploadPath . ': <span class="' . (is_writable($PHPUploadPath) ? 'success">Yes)' : 'failure">No') . '</span>'; // File Upload
if (isset($_GET['phpids'])) { switch ($_GET['phpids']) { case 'on': dvwaPhpIdsEnabledSet(true); dvwaMessagePush("PHPIDS is now enabled"); break; case 'off': dvwaPhpIdsEnabledSet(false); dvwaMessagePush("PHPIDS is now disabled"); break; } dvwaPageReload(); } $securityOptionsHtml = ''; $securityLevelHtml = ''; foreach (array('low', 'medium', 'high') as $securityLevel) { $selected = ''; if ($securityLevel == dvwaSecurityLevelGet()) { $selected = ' selected="selected"'; $securityLevelHtml = "<p>Security Level is currently <em>{$securityLevel}</em>.<p>"; } $securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>{$securityLevel}</option>"; } $phpIdsHtml = 'PHPIDS is currently '; if (dvwaPhpIdsIsEnabled()) { $phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">disable PHPIDS</a>]'; } else { $phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">enable PHPIDS</a>]'; } $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\"></h1>\r\n\r\n\t<br />\r\n\t\r\n\t<h2>Script Security</h2>\r\n\r\n\t{$securityHtml}\r\n\r\n\t<form action=\"#\" method=\"POST\">\r\n\t\t{$securityLevelHtml}\r\n\t\t<p>You can set the security level to low, medium or high.</p>\r\n\t\t<p>The security level changes the vulnerability level of DVWA.</p>\r\n\r\n\t\t<select name=\"security\">\r\n\t\t\t{$securityOptionsHtml}\r\n\t\t</select>\r\n\t\t<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">\r\n\t</form>\r\n\r\n\t<br />\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>PHPIDS</h2>\r\n\r\n\t<p>" . dvwaExternalLinkUrlGet('http://php-ids.org/', 'PHPIDS') . " v." . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) is a security layer for PHP based web applications. </p>\r\n\t<p>You can enable PHPIDS across this site for the duration of your session.</p>\r\n\r\n\t<p>{$phpIdsHtml}</p>\r\n\t[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -\r\n\t[<a href=\"ids_log.php\">View IDS log</a>]\r\n\t\r\n</div>\r\n"; dvwaHtmlEcho($page);
dvwaPhpIdsEnabledSet(false); dvwaMessagePush("PHPIDS is now disabled"); break; } dvwaPageReload(); } $securityOptionsHtml = ''; $securityLevelHtml = ''; foreach (array('low', 'medium', 'high', 'impossible') as $securityLevel) { $selected = ''; if ($securityLevel == dvwaSecurityLevelGet()) { $selected = ' selected="selected"'; $securityLevelHtml = "<p>Security level is currently: <em>{$securityLevel}</em>.<p>"; } $securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>" . ucfirst($securityLevel) . "</option>"; } $phpIdsHtml = 'PHPIDS is currently: '; if (dvwaPhpIdsIsEnabled()) { $phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">Disable PHPIDS</a>]'; } else { $phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">Enable PHPIDS</a>]'; } // Anti-CSRF generateSessionToken(); // Able to write to the PHPIDS log file? $WarningHtml = ''; if (!is_writable($PHPIDSPath)) { $WarningHtml .= "<div class=\"warning\"><em>Cannot write to the PHPIDS log file</em>: {$PHPIDSPath}</div>"; } $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\" /></h1>\r\n\t<br />\r\n\r\n\t<h2>Security Level</h2>\r\n\r\n\t{$securityHtml}\r\n\r\n\t<form action=\"#\" method=\"POST\">\r\n\t\t{$securityLevelHtml}\r\n\t\t<p>You can set the security level to low, medium, high or impossible. The security level changes the vulnerability level of DVWA:</p>\r\n\t\t<ol>\r\n\t\t\t<li> Low - This security level is completely vulnerable and <em>has no security measures at all</em>. It's use is to be as an example of how web application vulnerabilities manifest through bad coding practices and to serve as a platform to teach or learn basic exploitation techniques.</li>\r\n\t\t\t<li> Medium - This setting is mainly to give an example to the user of <em>bad security practices</em>, where the developer has tried but failed to secure an application. It also acts as a challenge to users to refine their exploitation techniques.</li>\r\n\t\t\t<li> High - This option is an extension to the medium difficulty, with a mixture of <em>harder or alternative bad practices</em> to attempt to secure the code. The vulnerability may not allow the same extent of the exploitation, similar in various Capture The Flags (CTFs) competitions.</li>\r\n\t\t\t<li> Impossible - This level should be <em>secure against all vulnerabilities</em>. It is used to compare the vulnerable source code to the secure source code.<br />\r\n\t\t\t\tPriority to DVWA v1.9, this level was known as 'high'.</li>\r\n\t\t</ol>\r\n\t\t<select name=\"security\">\r\n\t\t\t{$securityOptionsHtml}\r\n\t\t</select>\r\n\t\t<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">\r\n\t\t" . tokenField() . "\r\n\t</form>\r\n\r\n\t<br />\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>PHPIDS</h2>\r\n\t{$WarningHtml}\r\n\t<p>" . dvwaExternalLinkUrlGet('https://github.com/PHPIDS/PHPIDS', 'PHPIDS') . " v" . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) is a security layer for PHP based web applications.</p>\r\n\t<p>PHPIDS works by filtering any user supplied input against a blacklist of potentially malicious code. It is used in DVWA to serve as a live example of how Web Application Firewalls (WAFs) can help improve security and in some cases how WAFs can be circumvented.</p>\r\n\t<p>You can enable PHPIDS across this site for the duration of your session.</p>\r\n\r\n\t<p>{$phpIdsHtml}</p>\r\n\t[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -\r\n\t[<a href=\"ids_log.php\">View IDS log</a>]\r\n</div>"; dvwaHtmlEcho($page);
if (isset($_GET['phpids'])) { switch ($_GET['phpids']) { case 'on': dvwaPhpIdsEnabledSet(true); dvwaMessagePush("PHPIDS esta activado"); break; case 'off': dvwaPhpIdsEnabledSet(false); dvwaMessagePush("PHPIDS esta desactivado"); break; } dvwaPageReload(); } $securityOptionsHtml = ''; $securityLevelHtml = ''; foreach (array('low', 'medium', 'high') as $securityLevel) { $selected = ''; if ($securityLevel == dvwaSecurityLevelGet()) { $selected = ' selected="selected"'; $securityLevelHtml = "<p>El nivel de Seguridad actualmente es: <em>{$securityLevel}</em>.<p>"; } $securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>{$securityLevel}</option>"; } $phpIdsHtml = 'PHPIDS is currently '; if (dvwaPhpIdsIsEnabled()) { $phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">disable PHPIDS</a>]'; } else { $phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">enable PHPIDS</a>]'; } $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\"></h1>\r\n\r\n\t<br />\r\n\t\r\n\t<h2>Script Security</h2>\r\n\r\n\t{$securityHtml}\r\n\r\n\t<form action=\"#\" method=\"POST\">\r\n\t\t{$securityLevelHtml}\r\n\t\t<p>Puedes configurar el nivel de seguridad a bajo, medio o alto.</p>\r\n\t\t<p>El nivel de Seguridad cambia el nivel de vulnerabilidad.</p>\r\n\r\n\t\t<select name=\"security\">\r\n\t\t\t{$securityOptionsHtml}\r\n\t\t</select>\r\n\t\t<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">\r\n\t</form>\r\n\r\n\t<br />\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>PHPIDS</h2>\r\n\r\n\t<p>" . dvwaExternalLinkUrlGet('http://php-ids.org/', 'PHPIDS') . " v." . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) es una capa de seguridad para aplicaciones web basadas en PHP. </p>\r\n\t<p>Puede activar PHPIDS a través de este sitio mientras dure su sesión.</p>\r\n\r\n\t<p>{$phpIdsHtml}</p>\r\n\t[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -\r\n\t[<a href=\"ids_log.php\">View IDS log</a>]\r\n\t\r\n</div>\r\n"; dvwaHtmlEcho($page);