Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
new vulnerabilities added with some existing code fixes
XPATH - item note found in the first page Session Flaws - minor change in the static content SSTI - minor change in the static content CSRF - minor fix IDOR - minnor fix Missing functional access - minnor fix Stored XSS - minor changes New - Formula Injection - PHP Object Injection
- Loading branch information
Showing
26 changed files
with
358 additions
and
95 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
Binary file not shown.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<?php | ||
header('Content-Type: text/csv; charset=utf-8'); | ||
header('Content-Disposition: attachment; filename=xvwa-export.csv'); | ||
|
||
$output = fopen('php://output', 'w'); | ||
|
||
fputcsv($output, array('itemcode', 'itemname', 'categ','price')); | ||
|
||
include('../../config.php'); | ||
$rows = mysql_query('SELECT itemcode,itemname,categ,price from caffaine'); | ||
|
||
while ($row = mysql_fetch_assoc($rows)) fputcsv($output, $row); | ||
?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
|
||
|
||
<div class="thumbnail"> | ||
|
||
<div class="caption-full"> | ||
<h4><a href="#">CSV Formula Injection</a></h4> | ||
|
||
<p align="justify"> | ||
CSV Formula injection is also known as CSV Excel Macro Injection. This happens when the application does not validate the content of CSV file. Applications that allows to export/download data in CSV or excel format usually vulnerable to such attacks. </p> | ||
<p>Read more about CVS Formula Injection <br> | ||
<strong><a target="_blank" href="https://www.owasp.org/index.php/CSV_Excel_Macro_Injection">https://www.owasp.org/index.php/CSV_Excel_Macro_Injection</a></p></strong> | ||
|
||
</div> | ||
|
||
</div> | ||
|
||
<div class="well"> | ||
|
||
<p> | ||
<form method='post' action='export.php'> | ||
<div class="form-group"> | ||
<label></label> | ||
<div class="form-group" align="right"> | ||
<button class="btn btn-primary" name="action" value="export" type="submit">Export to CSV</button> | ||
</div> | ||
<div> | ||
<br> | ||
<?php | ||
|
||
|
||
|
||
include('../../config.php'); | ||
|
||
if($conn){ | ||
$stmt = $conn1->prepare("SELECT itemcode,itemname,categ,price from caffaine"); | ||
$stmt->execute(); | ||
echo "<table class='table table-striped'>"; | ||
echo "<tr><th>Item Code</th><th>Item Name</th><th>Category</th><th>Price</th></tr>"; | ||
while($rows=$stmt->fetch(PDO::FETCH_NUM)){ | ||
echo "<tr>"; | ||
echo "<td>".htmlspecialchars($rows[0])."</td>"; | ||
echo "<td>".htmlspecialchars($rows[1])."</td>"; | ||
echo "<td>".htmlspecialchars($rows[2])."</td>"; | ||
echo "<td>$".htmlspecialchars($rows[3])."</td>"; | ||
echo "</tr>"; | ||
} | ||
} | ||
echo "</table>"; | ||
|
||
#$action = isset($_POST['action']) ? $_POST['action'] : ''; | ||
|
||
|
||
|
||
?> | ||
</div> | ||
<hr> | ||
</div> | ||
</form> | ||
</p> | ||
|
||
</div> | ||
|
||
<?php include_once('../../about.html'); ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
<?php session_start(); ?> | ||
<!DOCTYPE html> | ||
<html lang="en"> | ||
|
||
<head> | ||
|
||
<meta charset="utf-8"> | ||
<meta http-equiv="X-UA-Compatible" content="IE=edge"> | ||
<meta name="viewport" content="width=device-width, initial-scale=1"> | ||
<meta name="description" content=""> | ||
<meta name="author" content=""> | ||
|
||
<title>XVWA - Xtreme Vulnerable Web Application </title> | ||
|
||
<!-- Bootstrap Core CSS --> | ||
<link href="../../css/bootstrap.min.css" rel="stylesheet"> | ||
|
||
<!-- Custom CSS --> | ||
<link href="../../css/shop-item.css" rel="stylesheet"> | ||
|
||
<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries --> | ||
<!-- WARNING: Respond.js doesn't work if you view the page via file:// --> | ||
<!--[if lt IE 9]> | ||
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> | ||
<script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script> | ||
<![endif]--> | ||
|
||
</head> | ||
|
||
<body> | ||
|
||
<!-- Navigation --> | ||
<nav class="navbar navbar-inverse navbar-fixed-top" role="navigation"> | ||
<?php include("../../header.php") ?> | ||
<!-- /.container --> | ||
</nav> | ||
|
||
<!-- Page Content --> | ||
<div class="container"> | ||
|
||
<div class="row"> | ||
|
||
<div class="col-md-3"> | ||
<?php include("../../sidepanel.php") ?> | ||
</div> | ||
|
||
<div class="col-md-9"> | ||
|
||
<?php | ||
include('home.php'); | ||
|
||
?> | ||
|
||
</div> | ||
|
||
</div> | ||
|
||
</div> | ||
<!-- /.container --> | ||
|
||
<?php include("../../footer.html") ?> | ||
<!-- /.container --> | ||
|
||
<!-- jQuery --> | ||
<script src="../../js/jquery.js"></script> | ||
|
||
<!-- Bootstrap Core JavaScript --> | ||
<script src="../../js/bootstrap.min.js"></script> | ||
|
||
</body> | ||
|
||
</html> |
Oops, something went wrong.