$page['help_button'] = 'csrf';
$page['source_button'] = 'csrf';
dvwaDatabaseConnect();
$vulnerabilityFile = '';
switch ($_COOKIE['security']) {
case 'low':
$vulnerabilityFile = 'low.php';
break;
case 'medium':
$vulnerabilityFile = 'medium.php';
break;
case 'high':
default:
$vulnerabilityFile = 'high.php';
break;
}
// Anti-CSRF
if ($vulnerabilityFile == 'high.php') {
generateTokens();
}
require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/csrf/source/{$vulnerabilityFile}";
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n <h1>Vulnerability: Cross Site Request Forgery (CSRF)</h1>\r\n\r\n <div class=\"vulnerable_code_area\">\r\n\t\t<h3>Change your admin password:</h3>\r\n\t\t<br />\r\n\r\n\t\t<form action=\"#\" method=\"GET\">";
if (dvwaSecurityLevelGet() == 'high') {
$page['body'] .= "\r\n\t\t\tCurrent password:<br />\r\n\t\t\t<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_current\"><br />";
}
$page['body'] .= "\r\n\t\t\tNew password:<br />\r\n\t\t\t<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_new\"><br />\r\n\t\t\tConfirm new password:<br />\r\n\t\t\t<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_conf\"><br />\r\n\t\t\t<br />\r\n\t\t\t<input type=\"submit\" value=\"Change\" name=\"Change\">";
if ($vulnerabilityFile == 'high.php') {
$page['body'] .= "\t\t\t" . tokenField();
}
$page['body'] .= "\r\n\t\t</form>\r\n\t\t{$html}\r\n </div>\r\n\r\n <h2>More Information</h2>\r\n <ul>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/Cross-Site_Request_Forgery') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.cgisecurity.com/csrf-faq.html') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://en.wikipedia.org/wiki/Cross-site_request_forgery ') . "</li>\r\n </ul>\r\n</div>\r\n";
dvwaHtmlEcho($page);
function dvwaGuestbook()
{
$query = "SELECT name, comment FROM guestbook";
$result = mysql_query($query);
$guestbook = '';
while ($row = mysql_fetch_row($result)) {
if (dvwaSecurityLevelGet() == 'high') {
$name = htmlspecialchars($row[0]);
$comment = htmlspecialchars($row[1]);
} else {
$name = $row[0];
$comment = $row[1];
}
$guestbook .= "<div id=\"guestbook_comments\">Name: {$name} <br />" . "Message: {$comment} <br /></div>";
}
return $guestbook;
}
if (isset($_GET['phpids'])) {
switch ($_GET['phpids']) {
case 'on':
dvwaPhpIdsEnabledSet(true);
dvwaMessagePush("PHPIDS is now enabled");
break;
case 'off':
dvwaPhpIdsEnabledSet(false);
dvwaMessagePush("PHPIDS is now disabled");
break;
}
dvwaPageReload();
}
$securityOptionsHtml = '';
$securityLevelHtml = '';
foreach (array('low', 'medium', 'high') as $securityLevel) {
$selected = '';
if ($securityLevel == dvwaSecurityLevelGet()) {
$selected = ' selected="selected"';
$securityLevelHtml = "<p>Security Level is currently <em>{$securityLevel}</em>.<p>";
}
$securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>{$securityLevel}</option>";
}
$phpIdsHtml = 'PHPIDS is currently ';
if (dvwaPhpIdsIsEnabled()) {
$phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">disable PHPIDS</a>]';
} else {
$phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">enable PHPIDS</a>]';
}
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\"></h1>\r\n\r\n\t<br />\r\n\t\r\n\t<h2>Script Security</h2>\r\n\r\n\t{$securityHtml}\r\n\r\n\t<form action=\"#\" method=\"POST\">\r\n\t\t{$securityLevelHtml}\r\n\t\t<p>You can set the security level to low, medium or high.</p>\r\n\t\t<p>The security level changes the vulnerability level of DVWA.</p>\r\n\r\n\t\t<select name=\"security\">\r\n\t\t\t{$securityOptionsHtml}\r\n\t\t</select>\r\n\t\t<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">\r\n\t</form>\r\n\r\n\t<br />\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>PHPIDS</h2>\r\n\r\n\t<p>" . dvwaExternalLinkUrlGet('http://php-ids.org/', 'PHPIDS') . " v." . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) is a security layer for PHP based web applications. </p>\r\n\t<p>You can enable PHPIDS across this site for the duration of your session.</p>\r\n\r\n\t<p>{$phpIdsHtml}</p>\r\n\t[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -\r\n\t[<a href=\"ids_log.php\">View IDS log</a>]\r\n\t\r\n</div>\r\n";
dvwaHtmlEcho($page);
