Merge branch 'master' into patch-1

s4n7h0 · Sep 12, 2020 · 0fbe6e5 · 0fbe6e5
2 parents 2864ca4 + 535abdf
commit 0fbe6e5
Show file tree

Hide file tree

Showing 12 changed files with 83 additions and 68 deletions.
diff --git a/README.md b/README.md
@@ -3,8 +3,7 @@ Xtreme Vulnerable Web Application (XVWA)
 XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.  It’s not advisable to host this application online as it is designed to be “Xtremely Vulnerable”. We recommend hosting this application in local/controlled environment and sharpening your application security ninja skills with any tools of your own choice. It’s totally legal to break or hack into this. The idea is to evangelize web application security to the community in possibly the easiest and fundamental way. Learn and acquire these skills for good purpose. How you use these skills and knowledge base is not our responsibility. 
 
 
-![Image of XVWA Home Page]
-(https://pbs.twimg.com/media/CWsFq1SVEAACsCh.png:large) 
+![Image of XVWA Home Page](https://pbs.twimg.com/media/CWsFq1SVEAACsCh.png:large) 
 
 XVWA is designed to understand following security issues. 
 
@@ -54,6 +53,9 @@ $user = 'root';
 $pass = 'root';
 ```
 
+Please note that mysql version 5.7 and above requires sudoer to access root user. This means apache user will not be able to use 'root' username to access the database. In such cases, a new username would need to be created and config.php file would also need to be changed accordingly.  
+
+
 Make following changes in PHP configuration file
 
 ```php

diff --git a/header.php b/header.php
@@ -1,49 +1,51 @@
-<link rel="icon" type="image/png" href="/xvwa/img/xvwa-logo-1.png" />
-<div class="container">
-    <!-- Brand and toggle get grouped for better mobile display -->
-    <div class="navbar-header">
-        <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
-            <span class="sr-only">Toggle navigation</span>
-            <span class="icon-bar"></span>
-            <span class="icon-bar"></span>
-            <span class="icon-bar"></span>
-        </button>
-        <a class="navbar-brand" href="/xvwa/">XVWA</a>
-    </div>
-    <!-- Collect the nav links, forms, and other content for toggling -->
-    <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
-        <ul class="nav pull-right navbar-nav">
-            <li class="dropdown" id="menuLogin">
-                <?php
-                    include(__DIR__.'/config.php');
-                    if(isset($_SESSION['user'])){
-                        echo "<a href='#' class='dropdown-toggle' data-toggle='dropdown'> " . ucfirst(($_SESSION['user'])) . " <b class='caret'></b></a>";
-                        echo "<ul class='dropdown-menu'>";
-                        echo "<li><a href='".$XVWA_WEBROOT."/xvwa/logout.php'>Logout</a></li>";
-                        echo "</ul>";
-                    }else{
-                      echo "<a class='dropdown-toggle' href='#' data-toggle='dropdown' id='navLogin'>Login</a>";
-                      echo "<div class='dropdown-menu' style='padding:17px;'>";
-                      echo "<form class='form' method='POST' id='formLogin' action='".$XVWA_WEBROOT."/xvwa/login.php'>"; 
-                      echo "<input name='username'  id='username' placeholder='Username' type='text'><br>";
-                      echo "<input name='password'  id='password' placeholder='Password' type='password'><br><br>";
-                      echo "<button type='submit' id='btnLogin' class='btn btn-primary pull-right'>Login</button>";
-                      echo "</form></div>";
-                    }
-                ?>
-
-
-        </li>
-        <li>
-            <a href="#" data-toggle="modal" data-target="#myModal">About</a>
-
-
-
-      </li>
-  </ul>
-
-</div>
-<!-- /.navbar-collapse -->
-</div>
-
-
+<link rel="icon" type="image/png" href="/xvwa/img/xvwa-logo-1.png" />
+<div class="container">
+    <!-- Brand and toggle get grouped for better mobile display -->
+    <div class="navbar-header">
+        <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
+            <span class="sr-only">Toggle navigation</span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+        </button>
+        <a class="navbar-brand" href="/xvwa/">XVWA</a>
+    </div>
+    <!-- Collect the nav links, forms, and other content for toggling -->
+    <div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
+        <ul class="nav pull-right navbar-nav">
+            <li class="dropdown" id="menuLogin">
+                <?php
+
+                    include('config.php');
+
+                    if(isset($_SESSION['user'])){
+                        echo "<a href='#' class='dropdown-toggle' data-toggle='dropdown'> " . ucfirst(($_SESSION['user'])) . " <b class='caret'></b></a>";
+                        echo "<ul class='dropdown-menu'>";
+                        echo "<li><a href='".$XVWA_WEBROOT."/xvwa/logout.php'>Logout</a></li>";
+                        echo "</ul>";
+                    }else{
+                      echo "<a class='dropdown-toggle' href='#' data-toggle='dropdown' id='navLogin'>Login</a>";
+                      echo "<div class='dropdown-menu' style='padding:17px;'>";
+                      echo "<form class='form' method='POST' id='formLogin' action='".$XVWA_WEBROOT."/xvwa/login.php'>"; 
+                      echo "<input name='username'  id='username' placeholder='Username' type='text'><br>";
+                      echo "<input name='password'  id='password' placeholder='Password' type='password'><br><br>";
+                      echo "<button type='submit' id='btnLogin' class='btn btn-primary pull-right'>Login</button>";
+                      echo "</form></div>";
+                    }
+                ?>
+
+
+        </li>
+        <li>
+            <a href="#" data-toggle="modal" data-target="#myModal">About</a>
+
+
+
+      </li>
+  </ul>
+
+</div>
+<!-- /.navbar-collapse -->
+</div>
+
+
diff --git a/img/uploads/1 b/img/uploads/1
@@ -0,0 +1 @@
+
diff --git a/vulnerabilities/cmdi/home.php b/vulnerabilities/cmdi/home.php
@@ -30,7 +30,8 @@
         </p>
     </div>
             <?php
-                $target = $_REQUEST[ 'target' ];
+            if (isset($_REQUEST['target'])) {
+                $target = $_REQUEST['target'];
                 if($target){
                     if (stristr(php_uname('s'), 'Windows NT')) { 
 
@@ -42,11 +43,13 @@
                         echo '<pre>'.$cmd.'</pre>';
                     }
                 }
+            }
+
             ?>
 
 
     <hr>
 
 </div>
 
-<?php include_once('../../about.html'); ?>
+<?php include_once('../../about.html'); ?>
diff --git a/vulnerabilities/fi/home.php b/vulnerabilities/fi/home.php
@@ -31,9 +31,10 @@
                     $f='readme.txt';
                     echo "<a class=\"btn btn-primary\" href=\".?file=$f\" /> Click here </a><br><br>";
 
-                    if($file=$_GET['file']){
+                    if (isset($_GET['file'])) {
+                        $file=$_GET['file'];
                         include($file);
-                    }                    
+                    }                 
                 ?>
                 </div>
             </div>
@@ -44,4 +45,4 @@
     <hr>
 
 </div>
-<?php include_once('../../about.html'); ?>
+<?php include_once('../../about.html'); ?>
diff --git a/vulnerabilities/formula_injection/export.php b/vulnerabilities/formula_injection/export.php
@@ -7,7 +7,8 @@
 fputcsv($output, array('itemcode', 'itemname', 'categ','price'));
 
 include('../../config.php');  
-$rows = mysql_query('SELECT itemcode,itemname,categ,price from caffaine');
+$sql='SELECT itemcode,itemname,categ,price from caffaine';
+$result = $conn->query($sql);
 
-while ($row = mysql_fetch_assoc($rows)) fputcsv($output, $row);
-?>
+while ($row = mysqli_fetch_assoc($result)) fputcsv($output, $row);
+?>
diff --git a/vulnerabilities/reflected_xss/home.php b/vulnerabilities/reflected_xss/home.php
@@ -28,12 +28,15 @@
                </div> 
             </form>
             <?php
-                echo $_GET['item'];
+                if (isset($_GET['item'])) {
+                    echo $_GET['item'];
+                }
+
             ?>
         </p>
     </div>
 
     <hr>
 
 </div>
-<?php include_once('../../about.html'); ?>
+<?php include_once('../../about.html'); ?>
diff --git a/vulnerabilities/sessionflaws/home.php b/vulnerabilities/sessionflaws/home.php
@@ -19,7 +19,7 @@
         <p>
         <strong>
             <?php
-            if($_SESSION['user']){
+            if(isset($_SESSION['user'])){
                 echo "Welcome ". ucfirst($_SESSION['user']); 
                 echo "<br><br><a href='../../logout.php'>Logout</a>";
             }else{

diff --git a/vulnerabilities/sqli/home.php b/vulnerabilities/sqli/home.php
@@ -27,6 +27,7 @@
                             <option value="">Select Item Code</option>
                             <?php 
                             error_reporting(E_ALL);
+                            mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
                             ini_set('display_errors', 1);
                             include('../../config.php');
                             if($conn->connect_errno > 0){
@@ -83,4 +84,4 @@
                     </div>
                 </div>
 
-                <?php include_once('../../about.html'); ?>
+                <?php include_once('../../about.html'); ?>
diff --git a/vulnerabilities/sqli_blind/home.php b/vulnerabilities/sqli_blind/home.php
@@ -26,6 +26,7 @@
                         <select class="form-control" name="item">
                             <option value="">Select Item Code</option>
                             <?php
+                            error_reporting(0);
                             include('../../config.php');
                             if($conn->connect_errno > 0){
                                 echo "Error in connecting to database";
@@ -88,4 +89,4 @@
                     </div>
                 </div>
 
-                        <?php include_once('../../about.html'); ?>
+                        <?php include_once('../../about.html'); ?>
diff --git a/vulnerabilities/ssrf_xspa/home.php b/vulnerabilities/ssrf_xspa/home.php
@@ -31,7 +31,7 @@
                 $image = "";
                 if(isset($_POST['img_url'])){
                     $remote_content = file_get_contents($_POST['img_url']);
-                    $filename = "./images/".rand()."img1.jpg";
+                    $filename = "../../img/".rand()."img1.jpg";
                     file_put_contents($filename, $remote_content);
                     echo $_POST['img_url']."<br>";
                     $image = "<img src=\"".$filename."\" width=\"100\" height=\"100\" />";
@@ -45,4 +45,4 @@
     <hr>
 
 </div>
-<?php include_once('../../about.html'); ?>
+<?php include_once('../../about.html'); ?>
diff --git a/vulnerabilities/xpath/home.php b/vulnerabilities/xpath/home.php
@@ -32,7 +32,7 @@
             <form method='POST' action=''>
                 <div class="form-group"> 
                     <label></label> 
-                    <input type="text" class="form-control" placeholder="Search by ID" name="search" value="<?php echo $input;?>"> </input> <br>
+                    <input type="text" class="form-control" placeholder="Search by ID" name="search" value="<?php if(isset($input)){echo $input;}?>"> </input> <br>
                     <div align="right"> <button class="btn btn-default" name="submit" type="submit">Search</button></div>
                </div> 
             </form>
@@ -59,4 +59,4 @@
     <hr>
 
 </div>
-<?php include_once('../../about.html'); ?>
+<?php include_once('../../about.html'); ?>