Permalink
Browse files

bug fixes with php version 7

  • Loading branch information...
s4n7h0 committed Jan 20, 2017
1 parent 84f3db1 commit 8c60eae5ba5ae2dd5bb2c162ed53ed9498309f55
View
@@ -1,11 +1,10 @@
<?php
$XVWA_WEBROOT = "/var/www/html";
$XVWA_WEBROOT = "";
$host = "localhost";
$dbname = 'xvwa';
$user = "root";
$pass = "";
$conn = mysql_connect($host,$user,$pass);
$conn = mysql_select_db($dbname);
$user = "root";
$pass = "";
$conn = new mysqli($host,$user,$pass,$dbname);
$conn1 = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
$conn1->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
?>
?>
View
@@ -15,7 +15,7 @@
<ul class="nav pull-right navbar-nav">
<li class="dropdown" id="menuLogin">
<?php
include(dirname(__FILE__).DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR.'/xvwa/config.php');
include(__DIR__.'/xvwa/config.php');
if(isset($_SESSION['user'])){
echo "<a href='#' class='dropdown-toggle' data-toggle='dropdown'> " . ucfirst(($_SESSION['user'])) . " <b class='caret'></b></a>";
echo "<ul class='dropdown-menu'>";
View
@@ -19,14 +19,13 @@
</div>
</div>
<?php
//include(dirname(__FILE__).DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR.'/xvwa/config.php');
include('../config.php');
function cleanup($conn,$XVWA_WEBROOT){
// clean the database
$tables = array('comments','caffaine','users');
for($i=0;$i<count($tables);$i++){
$sql = 'DROP TABLE '. $tables[$i].';';
$sqlexec = mysql_query($sql);
$sqlexec = $conn->query($sql);
}
// clean extra files
$files = glob('../img/uploads/*');
@@ -35,23 +34,24 @@ function cleanup($conn,$XVWA_WEBROOT){
unlink($file);
}
}
}
$submit = isset($_GET['action']) ? $_GET['action'] : '';
// $submit=$_GET['action'];
if($submit){
echo "<div class=\"well\">";
echo "<ul class=\"featureList\">";
if(!$conn){
die("<li class=\"cross\">Connection Failed. Check the configuration file.".mysql_error()."</li>");
if($conn->connect_errno > 0){
die("<li class=\"cross\">Connection Failed. Check the configuration file.".$conn->connect_error ."</li>");
}else{
//connection successfull.
cleanup($conn,$XVWA_WEBROOT);
echo "<li class=\"tick\">Connected to database sucessfully.</li>";
// creating comment tables
$table_comment=mysql_query('CREATE TABLE comments(id int not null primary key auto_increment,user varchar(30),comment varchar(100),date varchar(30))');
$table_comment=$conn->query('CREATE TABLE comments(id int not null primary key auto_increment,user varchar(30),comment varchar(100),date varchar(30))');
if($table_comment){
$insert_comment=mysql_query('INSERT INTO comments (id,user,comment,date) VALUES (\'1\', \'admin\', \'Keep posting your comments here \', \'10 Aug 2015\');');
$insert_comment=$conn->query('INSERT INTO comments (id,user,comment,date) VALUES (\'1\', \'admin\', \'Keep posting your comments here \', \'10 Aug 2015\');');
if($insert_comment){
echo "<li class=\"tick\">Table comments sucessfully.</li>";
}else{
@@ -62,7 +62,7 @@ function cleanup($conn,$XVWA_WEBROOT){
}
//creating product_caffe table
$table_product=mysql_query('CREATE TABLE caffaine(itemid int not null primary key auto_increment, itemcode varchar(15),itemdisplay varchar(500),itemname varchar(50),itemdesc varchar(1000),categ varchar(200),price varchar(20))');
$table_product=$conn->query('CREATE TABLE caffaine(itemid int not null primary key auto_increment, itemcode varchar(15),itemdisplay varchar(500),itemname varchar(50),itemdesc varchar(1000),categ varchar(200),price varchar(20))');
if($table_product){
$itemcode = array('XVWA0987','XVWA3876','XVWA4589','XVWA7619','XVWA5642','XVWA7569','XVWA3671','XVWA1672','XVWA4276','XVWA9680');
$itemname = array('Affogato','Americano','Bicerin','Café Bombón','Café au lait','Caffé corretto','Caffé latte','Café mélange','Cafe mocha','Cappuccino');
@@ -72,7 +72,7 @@ function cleanup($conn,$XVWA_WEBROOT){
for($i = 0; $i<count($itemcode); $i++){
$pic = '/xvwa/img/'.$itemcode[$i].'.png';
$sql = 'INSERT into caffaine(itemcode,itemdisplay,itemname,itemdesc,categ,price) VALUES (\''.$itemcode[$i].'\',\''.$pic.'\',\''.$itemname[$i].'\',\''.$itemdesc[$i].'\',\''.$categ[$i].'\',\''.$itemprice[$i].'\');';
$insert_product=mysql_query($sql);
$insert_product=$conn->query($sql);
}
if($insert_product){
echo "<li class=\"tick\">Table products created sucessfully.</li>";
@@ -83,13 +83,13 @@ function cleanup($conn,$XVWA_WEBROOT){
echo "<li class=\"cross\">Failed to use/select database. Check the configuration file.".mysql_error()."</li>";
}
//creating user table
$table_user=mysql_query("CREATE table users(uid int not null primary key auto_increment, username varchar(20),password varchar(50))");
$table_user=$conn->query("CREATE table users(uid int not null primary key auto_increment, username varchar(20),password varchar(50))");
if($table_user){
$uname = array('admin','xvwa','user');
$pwd = array('21232f297a57a5a743894a0e4a801fc3','570992ec4b5ad7a313f5dc8fd0825395','25890deab1075e916c06b9e1efc2e25f');
for($i=0;$i<count($uname);$i++){
$sql = "INSERT INTO users (username,password) values ('".$uname[$i]."','".$pwd[$i]."')";
$insert_user=mysql_query($sql);
$insert_user=$conn->query($sql);
}
if($insert_user){
echo "<li class=\"tick\">Table users created sucessfully.</li>";
@@ -100,7 +100,7 @@ function cleanup($conn,$XVWA_WEBROOT){
echo "<li class=\"cross\">Failed to use/select database. Check the configuration file.".mysql_error()."</li>";
}
echo "<br><li class=\"tick\">Setup finished</li>";
@@ -25,11 +25,11 @@
<p>
<form method="get" action="">
<div class="form-group">
Click on the link below to read the help file. <br><br>
<br>
<div class="text-left">
<?php
$f='readme.txt';
echo "<a class=\"btn btn-primary\" href=\".?file=$f\" /> Readme </a><br><br>";
echo "<a class=\"btn btn-primary\" href=\".?file=$f\" /> Click here </a><br><br>";
if($file=$_GET['file']){
include($file);
@@ -1 +1 @@
file inclusions here
File inclusion is an attack that would allow an attacker to access unintended files on the server. This vulnerability exploits application’s functionality to include dynamic files. Two categories in this attack are Local File Inclusion (LFI) and Remote File Inclusion (RFI).
@@ -18,13 +18,11 @@
<div class="text-left">
<label></label>
<div class="form-group" align="left">
<a class="btn btn-primary" href='?r=a:2:{i:0;s:4:"XVWA";i:1;s:33:"Xtreme Vulnerable Web Application";}' type="submit">SUBMIT</a>
<a class="btn btn-primary" href='?r=a:2:{i:0;s:4:"XVWA";i:1;s:33:"Xtreme Vulnerable Web Application";}' type="submit">CLICK HERE</a>
</div>
<?php
error_reporting(E_ALL);
class PHPObjectInjection{
public $inject;
function __construct(){
}
@@ -35,7 +33,6 @@ function __wakeup(){
}
}
}
//?r=a:2:{i:0;s:4:"XVWA";i:1;s:33:"Xtreme Vulnerable Web Application";}
if(isset($_REQUEST['r'])){
$var1=unserialize($_REQUEST['r']);
@@ -45,7 +42,7 @@ function __wakeup(){
echo "<br/>".$var1[0]." - ".$var1[1];
}
}else{
echo "parameter is missing";
echo ""; # nothing happens here
}
?>
</div>
@@ -25,15 +25,16 @@
<label></label>
<select class="form-control" name="item">
<option value="">Select Item Code</option>
<?php
include('../../config.php');
<?php
error_reporting(E_ALL);
if(!$conn){
ini_set('display_errors', 1);
include('../../config.php');
if($conn->connect_errno > 0){
echo "Error in connecting to database";
}else{
$sql = 'select itemid from caffaine';
$result = mysql_query($sql);
while($rows = mysql_fetch_array($result)){
$result = $conn->query($sql);
while($rows = $result->fetch_assoc()) {
echo "<option value=\"".$rows['itemid']."\">".$rows['itemid']."</option>";
}
}
@@ -52,16 +53,16 @@
echo "</ul>";
}else if($item){
$sql = "select * from caffaine where itemid = ".$item;
$result = mysql_query($sql) or die(mysql_error());
$result = $conn->query($sql);
$isSearch = true;
}else if($search){
$sql = "SELECT * FROM caffaine WHERE itemname LIKE '%" . $search . "%' OR itemdesc LIKE '%" . $search . "%' OR categ LIKE '%" . $search . "%'";
$result = mysql_query($sql) or die(mysql_error());
$result = $conn->query($sql);
$isSearch = true;
}
if($isSearch){
echo "<table>";
while($rows = mysql_fetch_array($result)){
while($rows = $result->fetch_assoc()){
echo "<tr><td><b>Item Code : </b>".$rows['itemcode']."</td><td rowspan=5>&nbsp;&nbsp;</td><td rowspan=5 valign=\"top\" align=\"justify\"><b>Description : </b>".$rows['itemdesc']."</td></tr>";
echo "<tr><td><b>Item Name : </b>".$rows['itemname']."</td></tr>";
echo "<td><img src='".$rows['itemdisplay']."' height=130 weight=20/></td>";
@@ -27,14 +27,12 @@
<option value="">Select Item Code</option>
<?php
include('../../config.php');
if(!$conn){
if($conn->connect_errno > 0){
echo "Error in connecting to database";
}else{
$dbselect=mysql_select_db($dbname,$conn);
}else{
$sql = 'select itemid from caffaine';
$result = mysql_query($sql,$conn);
while($rows = mysql_fetch_array($result)){
$result = $conn->query($sql);
while($rows = $result->fetch_assoc()){
echo "<option value=\"".$rows['itemid']."\">".$rows['itemid']."</option>";
}
}
@@ -53,22 +51,22 @@
echo "</ul>";
}else if($item){
$sql = "select * from caffaine where itemid = ".$item;
$result = mysql_query($sql);
$rowcount = @mysql_numrows($result); # this avoid errors cause by sql attacks
$result = $conn->query($sql);
$rowcount = $result->num_rows;
if($rowcount>0){
$isSearch = true;
}
}else if($search){
$sql = "SELECT * FROM caffaine WHERE itemname LIKE '%" . $search . "%' OR itemdesc LIKE '%" . $search . "%' OR categ LIKE '%" . $search . "%'";
$result = mysql_query($sql);
$rowcount = @mysql_numrows($result); # this avoid errors cause by sql attacks
$result = $conn->query($sql);
$rowcount = $result->num_rows;
if($rowcount>0){
$isSearch = true;
}
}
if($isSearch){
echo "<table>";
while($rows = mysql_fetch_array($result)){
while($rows = $result->fetch_assoc()){
echo "<tr><td><b>Item Code : </b>".$rows['itemcode']."</td><td rowspan=5>&nbsp;&nbsp;</td><td rowspan=5 valign=\"top\" align=\"justify\"><b>Description : </b>".$rows['itemdesc']."</td></tr>";
echo "<tr><td><b>Item Name : </b>".$rows['itemname']."</td></tr>";
echo "<td><img src='".$rows['itemdisplay']."' height=130 weight=20/></td>";

0 comments on commit 8c60eae

Please sign in to comment.