function htmli($data) { switch ($_COOKIE["security_level"]) { case "0": $data = no_check($data); break; case "1": $data = xss_check_1($data); break; case "2": $data = xss_check_3($data); break; default: $data = no_check($data); break; } return $data; }
bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project! It is for security-testing and educational purposes only. Enjoy! Malik Mesellem Twitter: @MME_IT bWAPP is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (http://creativecommons.org/licenses/by-nc-nd/4.0/). Copyright © 2014 MME BVBA. All rights reserved. */ include "security.php"; include "security_level_check.php"; include "functions_external.php"; include "connect.php"; include "selections.php"; $message = ""; if (isset($_GET["name"]) and $_GET["name"] != "") { $name = $_GET["name"]; $message = "<p>Hello " . ucwords(xss_check_3($name)) . ", please vote for your favorite movie.</p>"; $message .= "<p>Remember, Tony Stark wants to win every time...</p>"; } else { header("Location: hpp-1.php"); exit; } function hpp($data) { switch ($_COOKIE["security_level"]) { case "0": $data = no_check($data); break; case "1": $data = urlencode($data); break; case "2":
*/ include "security.php"; include "security_level_check.php"; include "functions_external.php"; include "selections.php"; $url = ""; switch ($_COOKIE["security_level"]) { case "0": // $url = "http://" . $_SERVER["HTTP_HOST"] . urldecode($_SERVER["REQUEST_URI"]); $url = "http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; break; case "1": $url = "<script>document.write(document.URL)</script>"; break; case "2": $url = "http://" . $_SERVER["HTTP_HOST"] . xss_check_3($_SERVER["REQUEST_URI"]); break; default: // $url = "http://" . $_SERVER["HTTP_HOST"] . urldecode($_SERVER["REQUEST_URI"]); $url = "http://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]; break; } ?> <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects+Daughter">-->
<tr height="40"> <td align="center"><?php echo $row->id; ?> </td> <td><?php echo $row->owner; ?> </td> <td><?php echo $row->date; ?> </td> <td><?php echo xss_check_3($row->entry); ?> </td> </tr> <?php } else { ?> <tr height="40"> <td align="center"><?php echo $row->id; ?> </td> <td><?php