Skip to content

Commit 8c60eae

Browse files
s4n7h0s4n7h0
committed
bug fixes with php version 7
1 parent 84f3db1 commit 8c60eae

File tree

8 files changed

+41
-46
lines changed

8 files changed

+41
-46
lines changed

config.php

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,10 @@
11
<?php
2-
$XVWA_WEBROOT = "/var/www/html";
2+
$XVWA_WEBROOT = "";
33
$host = "localhost";
44
$dbname = 'xvwa';
5-
$user = "root";
6-
$pass = "";
7-
$conn = mysql_connect($host,$user,$pass);
8-
$conn = mysql_select_db($dbname);
5+
$user = "root";
6+
$pass = "";
7+
$conn = new mysqli($host,$user,$pass,$dbname);
98
$conn1 = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);
109
$conn1->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
11-
?>
10+
?>

header.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
<ul class="nav pull-right navbar-nav">
1616
<li class="dropdown" id="menuLogin">
1717
<?php
18-
include(dirname(__FILE__).DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR.'/xvwa/config.php');
18+
include(__DIR__.'/xvwa/config.php');
1919
if(isset($_SESSION['user'])){
2020
echo "<a href='#' class='dropdown-toggle' data-toggle='dropdown'> " . ucfirst(($_SESSION['user'])) . " <b class='caret'></b></a>";
2121
echo "<ul class='dropdown-menu'>";

setup/home.php

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -19,14 +19,13 @@
1919
</div>
2020
</div>
2121
<?php
22-
//include(dirname(__FILE__).DIRECTORY_SEPARATOR.'..'.DIRECTORY_SEPARATOR.'/xvwa/config.php');
2322
include('../config.php');
2423
function cleanup($conn,$XVWA_WEBROOT){
2524
// clean the database
2625
$tables = array('comments','caffaine','users');
2726
for($i=0;$i<count($tables);$i++){
2827
$sql = 'DROP TABLE '. $tables[$i].';';
29-
$sqlexec = mysql_query($sql);
28+
$sqlexec = $conn->query($sql);
3029
}
3130
// clean extra files
3231
$files = glob('../img/uploads/*');
@@ -35,23 +34,24 @@ function cleanup($conn,$XVWA_WEBROOT){
3534
unlink($file);
3635
}
3736
}
38-
37+
3938
}
4039
$submit = isset($_GET['action']) ? $_GET['action'] : '';
4140
// $submit=$_GET['action'];
4241
if($submit){
4342
echo "<div class=\"well\">";
4443
echo "<ul class=\"featureList\">";
45-
if(!$conn){
46-
die("<li class=\"cross\">Connection Failed. Check the configuration file.".mysql_error()."</li>");
44+
if($conn->connect_errno > 0){
45+
die("<li class=\"cross\">Connection Failed. Check the configuration file.".$conn->connect_error ."</li>");
4746
}else{
4847
//connection successfull.
48+
4949
cleanup($conn,$XVWA_WEBROOT);
5050
echo "<li class=\"tick\">Connected to database sucessfully.</li>";
5151
// creating comment tables
52-
$table_comment=mysql_query('CREATE TABLE comments(id int not null primary key auto_increment,user varchar(30),comment varchar(100),date varchar(30))');
52+
$table_comment=$conn->query('CREATE TABLE comments(id int not null primary key auto_increment,user varchar(30),comment varchar(100),date varchar(30))');
5353
if($table_comment){
54-
$insert_comment=mysql_query('INSERT INTO comments (id,user,comment,date) VALUES (\'1\', \'admin\', \'Keep posting your comments here \', \'10 Aug 2015\');');
54+
$insert_comment=$conn->query('INSERT INTO comments (id,user,comment,date) VALUES (\'1\', \'admin\', \'Keep posting your comments here \', \'10 Aug 2015\');');
5555
if($insert_comment){
5656
echo "<li class=\"tick\">Table comments sucessfully.</li>";
5757
}else{
@@ -62,7 +62,7 @@ function cleanup($conn,$XVWA_WEBROOT){
6262
}
6363

6464
//creating product_caffe table
65-
$table_product=mysql_query('CREATE TABLE caffaine(itemid int not null primary key auto_increment, itemcode varchar(15),itemdisplay varchar(500),itemname varchar(50),itemdesc varchar(1000),categ varchar(200),price varchar(20))');
65+
$table_product=$conn->query('CREATE TABLE caffaine(itemid int not null primary key auto_increment, itemcode varchar(15),itemdisplay varchar(500),itemname varchar(50),itemdesc varchar(1000),categ varchar(200),price varchar(20))');
6666
if($table_product){
6767
$itemcode = array('XVWA0987','XVWA3876','XVWA4589','XVWA7619','XVWA5642','XVWA7569','XVWA3671','XVWA1672','XVWA4276','XVWA9680');
6868
$itemname = array('Affogato','Americano','Bicerin','Café Bombón','Café au lait','Caffé corretto','Caffé latte','Café mélange','Cafe mocha','Cappuccino');
@@ -72,7 +72,7 @@ function cleanup($conn,$XVWA_WEBROOT){
7272
for($i = 0; $i<count($itemcode); $i++){
7373
$pic = '/xvwa/img/'.$itemcode[$i].'.png';
7474
$sql = 'INSERT into caffaine(itemcode,itemdisplay,itemname,itemdesc,categ,price) VALUES (\''.$itemcode[$i].'\',\''.$pic.'\',\''.$itemname[$i].'\',\''.$itemdesc[$i].'\',\''.$categ[$i].'\',\''.$itemprice[$i].'\');';
75-
$insert_product=mysql_query($sql);
75+
$insert_product=$conn->query($sql);
7676
}
7777
if($insert_product){
7878
echo "<li class=\"tick\">Table products created sucessfully.</li>";
@@ -83,13 +83,13 @@ function cleanup($conn,$XVWA_WEBROOT){
8383
echo "<li class=\"cross\">Failed to use/select database. Check the configuration file.".mysql_error()."</li>";
8484
}
8585
//creating user table
86-
$table_user=mysql_query("CREATE table users(uid int not null primary key auto_increment, username varchar(20),password varchar(50))");
86+
$table_user=$conn->query("CREATE table users(uid int not null primary key auto_increment, username varchar(20),password varchar(50))");
8787
if($table_user){
8888
$uname = array('admin','xvwa','user');
8989
$pwd = array('21232f297a57a5a743894a0e4a801fc3','570992ec4b5ad7a313f5dc8fd0825395','25890deab1075e916c06b9e1efc2e25f');
9090
for($i=0;$i<count($uname);$i++){
9191
$sql = "INSERT INTO users (username,password) values ('".$uname[$i]."','".$pwd[$i]."')";
92-
$insert_user=mysql_query($sql);
92+
$insert_user=$conn->query($sql);
9393
}
9494
if($insert_user){
9595
echo "<li class=\"tick\">Table users created sucessfully.</li>";
@@ -100,7 +100,7 @@ function cleanup($conn,$XVWA_WEBROOT){
100100
echo "<li class=\"cross\">Failed to use/select database. Check the configuration file.".mysql_error()."</li>";
101101
}
102102

103-
103+
104104

105105
echo "<br><li class=\"tick\">Setup finished</li>";
106106

vulnerabilities/fi/home.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,11 +25,11 @@
2525
<p>
2626
<form method="get" action="">
2727
<div class="form-group">
28-
Click on the link below to read the help file. <br><br>
28+
<br>
2929
<div class="text-left">
3030
<?php
3131
$f='readme.txt';
32-
echo "<a class=\"btn btn-primary\" href=\".?file=$f\" /> Readme </a><br><br>";
32+
echo "<a class=\"btn btn-primary\" href=\".?file=$f\" /> Click here </a><br><br>";
3333

3434
if($file=$_GET['file']){
3535
include($file);

vulnerabilities/fi/readme.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
file inclusions here
1+
File inclusion is an attack that would allow an attacker to access unintended files on the server. This vulnerability exploits application’s functionality to include dynamic files. Two categories in this attack are Local File Inclusion (LFI) and Remote File Inclusion (RFI).

vulnerabilities/php_object_injection/home.php

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,13 +18,11 @@
1818
<div class="text-left">
1919
<label></label>
2020
<div class="form-group" align="left">
21-
<a class="btn btn-primary" href='?r=a:2:{i:0;s:4:"XVWA";i:1;s:33:"Xtreme Vulnerable Web Application";}' type="submit">SUBMIT</a>
21+
<a class="btn btn-primary" href='?r=a:2:{i:0;s:4:"XVWA";i:1;s:33:"Xtreme Vulnerable Web Application";}' type="submit">CLICK HERE</a>
2222
</div>
2323
<?php
24-
error_reporting(E_ALL);
2524
class PHPObjectInjection{
2625
public $inject;
27-
2826
function __construct(){
2927

3028
}
@@ -35,7 +33,6 @@ function __wakeup(){
3533
}
3634
}
3735
}
38-
//?r=a:2:{i:0;s:4:"XVWA";i:1;s:33:"Xtreme Vulnerable Web Application";}
3936
if(isset($_REQUEST['r'])){
4037

4138
$var1=unserialize($_REQUEST['r']);
@@ -45,7 +42,7 @@ function __wakeup(){
4542
echo "<br/>".$var1[0]." - ".$var1[1];
4643
}
4744
}else{
48-
echo "parameter is missing";
45+
echo ""; # nothing happens here
4946
}
5047
?>
5148
</div>

vulnerabilities/sqli/home.php

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -25,15 +25,16 @@
2525
<label></label>
2626
<select class="form-control" name="item">
2727
<option value="">Select Item Code</option>
28-
<?php
29-
include('../../config.php');
28+
<?php
3029
error_reporting(E_ALL);
31-
if(!$conn){
30+
ini_set('display_errors', 1);
31+
include('../../config.php');
32+
if($conn->connect_errno > 0){
3233
echo "Error in connecting to database";
3334
}else{
3435
$sql = 'select itemid from caffaine';
35-
$result = mysql_query($sql);
36-
while($rows = mysql_fetch_array($result)){
36+
$result = $conn->query($sql);
37+
while($rows = $result->fetch_assoc()) {
3738
echo "<option value=\"".$rows['itemid']."\">".$rows['itemid']."</option>";
3839
}
3940
}
@@ -52,16 +53,16 @@
5253
echo "</ul>";
5354
}else if($item){
5455
$sql = "select * from caffaine where itemid = ".$item;
55-
$result = mysql_query($sql) or die(mysql_error());
56+
$result = $conn->query($sql);
5657
$isSearch = true;
5758
}else if($search){
5859
$sql = "SELECT * FROM caffaine WHERE itemname LIKE '%" . $search . "%' OR itemdesc LIKE '%" . $search . "%' OR categ LIKE '%" . $search . "%'";
59-
$result = mysql_query($sql) or die(mysql_error());
60+
$result = $conn->query($sql);
6061
$isSearch = true;
6162
}
6263
if($isSearch){
6364
echo "<table>";
64-
while($rows = mysql_fetch_array($result)){
65+
while($rows = $result->fetch_assoc()){
6566
echo "<tr><td><b>Item Code : </b>".$rows['itemcode']."</td><td rowspan=5>&nbsp;&nbsp;</td><td rowspan=5 valign=\"top\" align=\"justify\"><b>Description : </b>".$rows['itemdesc']."</td></tr>";
6667
echo "<tr><td><b>Item Name : </b>".$rows['itemname']."</td></tr>";
6768
echo "<td><img src='".$rows['itemdisplay']."' height=130 weight=20/></td>";

vulnerabilities/sqli_blind/home.php

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -27,14 +27,12 @@
2727
<option value="">Select Item Code</option>
2828
<?php
2929
include('../../config.php');
30-
if(!$conn){
30+
if($conn->connect_errno > 0){
3131
echo "Error in connecting to database";
32-
33-
}else{
34-
$dbselect=mysql_select_db($dbname,$conn);
32+
}else{
3533
$sql = 'select itemid from caffaine';
36-
$result = mysql_query($sql,$conn);
37-
while($rows = mysql_fetch_array($result)){
34+
$result = $conn->query($sql);
35+
while($rows = $result->fetch_assoc()){
3836
echo "<option value=\"".$rows['itemid']."\">".$rows['itemid']."</option>";
3937
}
4038
}
@@ -53,22 +51,22 @@
5351
echo "</ul>";
5452
}else if($item){
5553
$sql = "select * from caffaine where itemid = ".$item;
56-
$result = mysql_query($sql);
57-
$rowcount = @mysql_numrows($result); # this avoid errors cause by sql attacks
54+
$result = $conn->query($sql);
55+
$rowcount = $result->num_rows;
5856
if($rowcount>0){
5957
$isSearch = true;
6058
}
6159
}else if($search){
6260
$sql = "SELECT * FROM caffaine WHERE itemname LIKE '%" . $search . "%' OR itemdesc LIKE '%" . $search . "%' OR categ LIKE '%" . $search . "%'";
63-
$result = mysql_query($sql);
64-
$rowcount = @mysql_numrows($result); # this avoid errors cause by sql attacks
61+
$result = $conn->query($sql);
62+
$rowcount = $result->num_rows;
6563
if($rowcount>0){
6664
$isSearch = true;
6765
}
6866
}
6967
if($isSearch){
7068
echo "<table>";
71-
while($rows = mysql_fetch_array($result)){
69+
while($rows = $result->fetch_assoc()){
7270
echo "<tr><td><b>Item Code : </b>".$rows['itemcode']."</td><td rowspan=5>&nbsp;&nbsp;</td><td rowspan=5 valign=\"top\" align=\"justify\"><b>Description : </b>".$rows['itemdesc']."</td></tr>";
7371
echo "<tr><td><b>Item Name : </b>".$rows['itemname']."</td></tr>";
7472
echo "<td><img src='".$rows['itemdisplay']."' height=130 weight=20/></td>";

0 commit comments

Comments
 (0)