-
Notifications
You must be signed in to change notification settings - Fork 192
/
Copy pathsecurity.php
163 lines (135 loc) · 6.27 KB
/
security.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
<?php
define( 'DVWA_WEB_PAGE_TO_ROOT', '' );
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup( array( 'authenticated', 'phpids' ) );
$page = dvwaPageNewGrab();
$page[ 'title' ] = 'DVWA Security' . $page[ 'title_separator' ].$page[ 'title' ];
$page[ 'page_id' ] = 'security';
$securityHtml = '';
if( isset( $_POST['seclev_submit'] ) ) {
// Anti-CSRF
checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'security.php' );
$securityLevel = '';
switch( $_POST[ 'security' ] ) {
case 'low':
$securityLevel = 'low';
break;
//Changed
//case 'medium':
// $securityLevel = 'medium';
// break;
case 'high':
$securityLevel = 'high';
break;
default:
$securityLevel = 'impossible';
break;
}
dvwaSecurityLevelSet( $securityLevel );
dvwaMessagePush( "Security level set to {$securityLevel}" );
dvwaPageReload();
}
if( isset( $_GET['phpids'] ) ) {
switch( $_GET[ 'phpids' ] ) {
case 'on':
dvwaPhpIdsEnabledSet( true );
dvwaMessagePush( "PHPIDS is now enabled" );
break;
case 'off':
dvwaPhpIdsEnabledSet( false );
dvwaMessagePush( "PHPIDS is now disabled" );
break;
}
dvwaPageReload();
}
$securityOptionsHtml = '';
$securityLevelHtml = '';
//Changed
//foreach( array( 'low', 'medium', 'high', 'impossible' ) as $securityLevel ) {
foreach( array( 'low', 'high', 'impossible' ) as $securityLevel ) {
$selected = '';
if( $securityLevel == dvwaSecurityLevelGet() ) {
$selected = ' selected="selected"';
$securityLevelHtml = "<p>Security level is currently: <em>$securityLevel</em>.<p>";
}
$securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>" . ucfirst($securityLevel) . "</option>";
}
$phpIdsHtml = 'PHPIDS is currently: ';
// Able to write to the PHPIDS log file?
$WarningHtml = '';
if( dvwaPhpIdsIsEnabled() ) {
$phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">Disable PHPIDS</a>]';
# Only check if PHPIDS is enabled
if( !is_writable( $PHPIDSPath ) ) {
$WarningHtml .= "<div class=\"warning\"><em>Cannot write to the PHPIDS log file</em>: ${PHPIDSPath}</div>";
}
}
else {
$phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">Enable PHPIDS</a>]';
}
// Anti-CSRF
generateSessionToken();
$page[ 'body' ] .= "
<div class=\"body_padded\">
<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\" /></h1>
<br />
<h2>Security Level</h2>
{$securityHtml}
<form action=\"#\" method=\"POST\">
{$securityLevelHtml}
<p>You can set the security level to low, medium, high or impossible. The security level changes the vulnerability level of DVWA:</p>
<ol>
<li> Low - This security level is completely vulnerable and <em>has no security measures at all</em>. It's use is to be as an example of how web application vulnerabilities manifest through bad coding practices and to serve as a platform to teach or learn basic exploitation techniques.</li>
<li> Medium - This setting is mainly to give an example to the user of <em>bad security practices</em>, where the developer has tried but failed to secure an application. It also acts as a challenge to users to refine their exploitation techniques.</li>
<li> High - This option is an extension to the medium difficulty, with a mixture of <em>harder or alternative bad practices</em> to attempt to secure the code. The vulnerability may not allow the same extent of the exploitation, similar in various Capture The Flags (CTFs) competitions.</li>
<li> Impossible - This level should be <em>secure against all vulnerabilities</em>. It is used to compare the vulnerable source code to the secure source code.<br />
Prior to DVWA v1.9, this level was known as 'high'.</li>
</ol>
<select name=\"security\">
{$securityOptionsHtml}
</select>
<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">
" . tokenField() . "
</form>
<br />
<hr />
<br />
<h2>PHPIDS</h2>
{$WarningHtml}
<p>" . dvwaExternalLinkUrlGet( 'https://github.com/PHPIDS/PHPIDS', 'PHPIDS' ) . " v" . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) is a security layer for PHP based web applications.</p>
<p>PHPIDS works by filtering any user supplied input against a blacklist of potentially malicious code. It is used in DVWA to serve as a live example of how Web Application Firewalls (WAFs) can help improve security and in some cases how WAFs can be circumvented.</p>
<p>You can enable PHPIDS across this site for the duration of your session.</p>
<p>{$phpIdsHtml}</p>
[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -
[<a href=\"ids_log.php\">View IDS log</a>]
</div>";
$page_custom[ 'body' ] .= "
<div class=\"body_padded\">
<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\" /></h1>
<br />
<h2>Security Level</h2>
{$securityHtml}
<form action=\"#\" method=\"POST\">
{$securityLevelHtml}
<p>You can set the security level to low, medium, high or impossible. The security level changes the vulnerability level of DVWA:</p>
<ol>
<li> Low - This security level is completely vulnerable and <em>has no security measures at all</em>. It's use is to be as an example of how web application vulnerabilities manifest through bad coding practices and to serve as a platform to teach or learn basic exploitation techniques.</li>
<li> Medium - This setting is mainly to give an example to the user of <em>bad security practices</em>, where the developer has tried but failed to secure an application. It also acts as a challenge to users to refine their exploitation techniques.</li>
<li> High - This option is an extension to the medium difficulty, with a mixture of <em>harder or alternative bad practices</em> to attempt to secure the code. The vulnerability may not allow the same extent of the exploitation, similar in various Capture The Flags (CTFs) competitions.</li>
<li> Impossible - This level should be <em>secure against all vulnerabilities</em>. It is used to compare the vulnerable source code to the secure source code.<br />
Prior to DVWA v1.9, this level was known as 'high'.</li>
</ol>
<select name=\"security\">
{$securityOptionsHtml}
</select>
<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">
" . tokenField() . "
</form>
<br />
<hr />
<br />
</div>";
//Changed
//dvwaHtmlEcho( $page );
dvwaHtmlEcho( $page_custom );
?>