FilesExpand file tree

 master

/

view_source.php

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

93 lines (80 loc) · 2.24 KB

 master

/

view_source.php

Top

File metadata and controls

• Code
• Blame

93 lines (80 loc) · 2.24 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

<?php

define( 'DVWA_WEB_PAGE_TO_ROOT', '../' );

require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';

dvwaPageStartup( array( 'authenticated', 'phpids' ) );

$page = dvwaPageNewGrab();

$page[ 'title' ] .= 'Source' . $page[ 'title_separator' ].$page[ 'title' ];

$id = $_GET[ 'id' ];

$security = $_GET[ 'security' ];

switch ($id) {

case "fi" :

$vuln = 'File Inclusion';

break;

case "brute" :

$vuln = 'Brute Force';

break;

case "csrf" :

$vuln = 'CSRF';

break;

case "exec" :

$vuln = 'Command Injection';

break;

case "sqli" :

$vuln = 'SQL Injection';

break;

case "sqli_blind" :

$vuln = 'SQL Injection (Blind)';

break;

case "upload" :

$vuln = 'File Upload';

break;

case "xss_r" :

$vuln = 'Reflected XSS';

break;

case "xss_s" :

$vuln = 'Stored XSS';

break;

case "weak_id" :

$vuln = 'Weak Session IDs';

break;

case "javascript" :

$vuln = 'JavaScript';

break;

default:

$vuln = "Unknown Vulnerability";

}

$source = @file_get_contents( DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.php" );

$source = str_replace( array( '$html .=' ), array( 'echo' ), $source );

$js_html = "";

if (file_exists (DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.js")) {

$js_source = @file_get_contents( DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/{$id}/source/{$security}.js" );

$js_html =

<h2>vulnerabilities/{$id}/source/{$security}.js</h2>

<div id=\"code\">

<table width='100%' bgcolor='white' style=\"border:2px #C0C0C0 solid\">

<tr>

<td><div id=\"code\">" . highlight_string( $js_source, true ) . "</div></td>

</tr>

</table>

</div>

";

}

$page[ 'body' ] .=

<div class=\"body_padded\">

<h1>{$vuln} Source</h1>

<h2>vulnerabilities/{$id}/source/{$security}.php</h2>

<div id=\"code\">

<table width='100%' bgcolor='white' style=\"border:2px #C0C0C0 solid\">

<tr>

<td><div id=\"code\">" . highlight_string( $source, true ) . "</div></td>

</tr>

</table>

</div>

{$js_html}

<br /> <br />

<form>

<input type=\"button\" value=\"Compare All Levels\" onclick=\"window.location.href='view_source_all.php?id=$id'\">

</form>

</div>\n";

dvwaSourceHtmlEcho( $page );

?>