$page['help_button'] = 'csrf'; $page['source_button'] = 'csrf'; dvwaDatabaseConnect(); $vulnerabilityFile = ''; switch ($_COOKIE['security']) { case 'low': $vulnerabilityFile = 'low.php'; break; case 'medium': $vulnerabilityFile = 'medium.php'; break; case 'high': default: $vulnerabilityFile = 'high.php'; break; } // Anti-CSRF if ($vulnerabilityFile == 'high.php') { generateTokens(); } require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/csrf/source/{$vulnerabilityFile}"; $page['body'] .= "\r\n<div class=\"body_padded\">\r\n <h1>Vulnerability: Cross Site Request Forgery (CSRF)</h1>\r\n\r\n <div class=\"vulnerable_code_area\">\r\n\t\t<h3>Change your admin password:</h3>\r\n\t\t<br />\r\n\r\n\t\t<form action=\"#\" method=\"GET\">"; if (dvwaSecurityLevelGet() == 'high') { $page['body'] .= "\r\n\t\t\tCurrent password:<br />\r\n\t\t\t<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_current\"><br />"; } $page['body'] .= "\r\n\t\t\tNew password:<br />\r\n\t\t\t<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_new\"><br />\r\n\t\t\tConfirm new password:<br />\r\n\t\t\t<input type=\"password\" AUTOCOMPLETE=\"off\" name=\"password_conf\"><br />\r\n\t\t\t<br />\r\n\t\t\t<input type=\"submit\" value=\"Change\" name=\"Change\">"; if ($vulnerabilityFile == 'high.php') { $page['body'] .= "\t\t\t" . tokenField(); } $page['body'] .= "\r\n\t\t</form>\r\n\t\t{$html}\r\n </div>\r\n\r\n <h2>More Information</h2>\r\n <ul>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/Cross-Site_Request_Forgery') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.cgisecurity.com/csrf-faq.html') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://en.wikipedia.org/wiki/Cross-site_request_forgery ') . "</li>\r\n </ul>\r\n</div>\r\n"; dvwaHtmlEcho($page);
function dvwaGuestbook() { $query = "SELECT name, comment FROM guestbook"; $result = mysql_query($query); $guestbook = ''; while ($row = mysql_fetch_row($result)) { if (dvwaSecurityLevelGet() == 'high') { $name = htmlspecialchars($row[0]); $comment = htmlspecialchars($row[1]); } else { $name = $row[0]; $comment = $row[1]; } $guestbook .= "<div id=\"guestbook_comments\">Name: {$name} <br />" . "Message: {$comment} <br /></div>"; } return $guestbook; }
if (isset($_GET['phpids'])) { switch ($_GET['phpids']) { case 'on': dvwaPhpIdsEnabledSet(true); dvwaMessagePush("PHPIDS is now enabled"); break; case 'off': dvwaPhpIdsEnabledSet(false); dvwaMessagePush("PHPIDS is now disabled"); break; } dvwaPageReload(); } $securityOptionsHtml = ''; $securityLevelHtml = ''; foreach (array('low', 'medium', 'high') as $securityLevel) { $selected = ''; if ($securityLevel == dvwaSecurityLevelGet()) { $selected = ' selected="selected"'; $securityLevelHtml = "<p>Security Level is currently <em>{$securityLevel}</em>.<p>"; } $securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>{$securityLevel}</option>"; } $phpIdsHtml = 'PHPIDS is currently '; if (dvwaPhpIdsIsEnabled()) { $phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">disable PHPIDS</a>]'; } else { $phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">enable PHPIDS</a>]'; } $page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\"></h1>\r\n\r\n\t<br />\r\n\t\r\n\t<h2>Script Security</h2>\r\n\r\n\t{$securityHtml}\r\n\r\n\t<form action=\"#\" method=\"POST\">\r\n\t\t{$securityLevelHtml}\r\n\t\t<p>You can set the security level to low, medium or high.</p>\r\n\t\t<p>The security level changes the vulnerability level of DVWA.</p>\r\n\r\n\t\t<select name=\"security\">\r\n\t\t\t{$securityOptionsHtml}\r\n\t\t</select>\r\n\t\t<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">\r\n\t</form>\r\n\r\n\t<br />\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>PHPIDS</h2>\r\n\r\n\t<p>" . dvwaExternalLinkUrlGet('http://php-ids.org/', 'PHPIDS') . " v." . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) is a security layer for PHP based web applications. </p>\r\n\t<p>You can enable PHPIDS across this site for the duration of your session.</p>\r\n\r\n\t<p>{$phpIdsHtml}</p>\r\n\t[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -\r\n\t[<a href=\"ids_log.php\">View IDS log</a>]\r\n\t\r\n</div>\r\n"; dvwaHtmlEcho($page);