forked from webpwnized/mutillidae
-
Notifications
You must be signed in to change notification settings - Fork 1
/
set-up-database.php
executable file
·1311 lines (1253 loc) · 75.3 KB
/
set-up-database.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?php
if (session_status() == PHP_SESSION_NONE){
session_start();
}// end if
if(isset($_SESSION["security-level"])){
$lSecurityLevel = $_SESSION["security-level"];
}else{
$lSecurityLevel = 0;
}
//initialize custom error handler
require_once 'classes/CustomErrorHandler.php';
if (!isset($CustomErrorHandler)){
$CustomErrorHandler = new CustomErrorHandler("owasp-esapi-php/src/", $lSecurityLevel);
}// end if
require_once 'classes/MySQLHandler.php';
$MySQLHandler = new MySQLHandler("owasp-esapi-php/src/", $lSecurityLevel);
$lErrorDetected = FALSE;
function format($pMessage, $pLevel ) {
switch ($pLevel){
case "I": $lStyle = "database-informative-message";break;
case "S": $lStyle = "database-success-message";break;
case "F": $lStyle = "database-failure-message";break;
case "W": $lStyle = "database-warning-message";break;
}// end switch
return "<div class=\"".$lStyle."\">" . $pMessage . "</div>";
}// end function
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
<link rel="shortcut icon" href="./images/favicon.ico" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="./styles/global-styles.css" />
</head>
<body>
<div> </div>
<div class="page-title">Setting up the database...</div><br /><br />
<div class="label" style="text-align: center;">If you see no error messages, it should be done.</div>
<div> </div>
<div class="label" style="text-align: center;"><a href="index.php">Continue back to the frontpage.</a></div>
<br />
<script>
try{
window.sessionStorage.clear();
window.localStorage.clear();
}catch(e){
alert("Error clearing HTML 5 Local and Session Storage" + e.toString());
};
</script>
<div class="database-success-message">HTML 5 Local and Session Storage cleared unless error popped-up already.</div>
<?php
try{
echo format("Attempting to connect to MySQL server on host " . MySQLHandler::$mMySQLDatabaseHost . " with user name " . MySQLHandler::$mMySQLDatabaseUsername,"I");
$MySQLHandler->openDatabaseConnection();
echo format("Connected to MySQL server at " . MySQLHandler::$mMySQLDatabaseHost . " as " . MySQLHandler::$mMySQLDatabaseUsername,"I");
try{
echo format("Preparing to drop database " . MySQLHandler::$mMySQLDatabaseName,"I");
$lQueryString = "DROP DATABASE IF EXISTS " . MySQLHandler::$mMySQLDatabaseName;
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
echo format("Was not able to drop database " . MySQLHandler::$mMySQLDatabaseName,"F");
}else{
echo format("Executed query 'DROP DATABASE IF EXISTS' for database " . MySQLHandler::$mMySQLDatabaseName . " with result ".$lQueryResult,"S");
}// end if
}catch(Exception $e){
// We do not want error dropping database to derail entire database setup.
echo format("Error was reported while attempting to drop database " . MySQLHandler::$mMySQLDatabaseName,"F");
echo format("MySQL sometimes throws errors attempting to drop databases. Here is error in case the error is serious.","I");
echo $CustomErrorHandler->FormatError($e, $lQueryString);
}//end try
echo format("Preparing to create database " . MySQLHandler::$mMySQLDatabaseName,"I");
$lQueryString = "CREATE DATABASE " . MySQLHandler::$mMySQLDatabaseName;
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
echo format("Was not able to create database " . MySQLHandler::$mMySQLDatabaseName,"F");
}else{
echo format("Executed query 'CREATE DATABASE' for database " . MySQLHandler::$mMySQLDatabaseName . " with result ".$lQueryResult,"S");
}// end if
echo format("Switching to use database " . MySQLHandler::$mMySQLDatabaseName,"I");
$lQueryString = "USE " . MySQLHandler::$mMySQLDatabaseName;
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
echo format("Was not able to use database " . MySQLHandler::$mMySQLDatabaseName,"F");
}else{
echo format("Executed query 'USE DATABASE' " . MySQLHandler::$mMySQLDatabaseName . " with result ".$lQueryResult,"I");
}// end if
$lQueryString = 'CREATE TABLE user_poll_results( '.
'cid INT NOT NULL AUTO_INCREMENT, '.
'tool_name TEXT, '.
'username TEXT, '.
'date DATETIME, '.
'PRIMARY KEY(cid))';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
$lQueryString = 'CREATE TABLE blogs_table( '.
'cid INT NOT NULL AUTO_INCREMENT, '.
'blogger_name TEXT, '.
'comment TEXT, '.
'date DATETIME, '.
'PRIMARY KEY(cid))';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
$lQueryString = 'CREATE TABLE accounts( '.
'cid INT NOT NULL AUTO_INCREMENT, '.
'username TEXT, '.
'password TEXT, '.
'mysignature TEXT, '.
'is_admin VARCHAR(5),'.
'firstname TEXT, '.
'lastname TEXT, '.
'PRIMARY KEY(cid))';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
$lQueryString = 'CREATE TABLE hitlog( '.
'cid INT NOT NULL AUTO_INCREMENT, '.
'hostname TEXT, '.
'ip TEXT, '.
'browser TEXT, '.
'referer TEXT, '.
'date DATETIME, '.
'PRIMARY KEY(cid))';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
$lQueryString = "INSERT INTO accounts (username, password, mysignature, is_admin, firstname, lastname) VALUES
('admin', 'adminpass', 'g0t r00t?', 'TRUE' ,'System' ,'Administrator'),
('adrian', 'somepassword', 'Zombie Films Rock!', 'TRUE' ,'Adrian' ,'Crenshaw'),
('john', 'monkey', 'I like the smell of confunk', 'FALSE' ,'John' ,'Pentest'),
('jeremy', 'password', 'd1373 1337 speak', 'FALSE' ,'Jeremy' ,'Druin'),
('bryce', 'password', 'I Love SANS', 'FALSE' ,'Bryce' ,'Galbraith'),
('samurai', 'samurai', 'Carving fools', 'FALSE' ,'Samurai' ,'WTF'),
('jim', 'password', 'Rome is burning', 'FALSE' ,'Jim' ,'Rome'),
('bobby', 'password', 'Hank is my dad', 'FALSE' ,'Bobby' ,'Hill'),
('simba', 'password', 'I am a super-cat', 'FALSE' ,'Simba' ,'Lion'),
('dreveil', 'password', 'Preparation H', 'FALSE' ,'Dr.' ,'Evil'),
('scotty', 'password', 'Scotty do', 'FALSE' ,'Scotty' ,'Evil'),
('cal', 'password', 'C-A-T-S Cats Cats Cats', 'FALSE' ,'John' ,'Calipari'),
('john', 'password', 'Do the Duggie!', 'FALSE' ,'John' ,'Wall'),
('kevin', '42', 'Doug Adams rocks', 'FALSE' ,'Kevin' ,'Johnson'),
('dave', 'set', 'Bet on S.E.T. FTW', 'FALSE' ,'Dave' ,'Kennedy'),
('patches', 'tortoise', 'meow', 'FALSE' ,'Patches' ,'Pester'),
('rocky', 'stripes', 'treats?', 'FALSE' ,'Rocky' ,'Paws'),
('tim', 'lanmaster53', 'Because reconnaissance is hard to spell', 'FALSE' ,'Tim' ,'Tomes'),
('ABaker', 'SoSecret', 'Muffin tops only', 'TRUE' ,'Aaron' ,'Baker'),
('PPan', 'NotTelling', 'Where is Tinker?', 'FALSE' ,'Peter' ,'Pan'),
('CHook', 'JollyRoger', 'Gator-hater', 'FALSE' ,'Captain' ,'Hook'),
('james', 'i<3devs', 'Occupation: Researcher', 'FALSE' ,'James' ,'Jardine'),
('ed', 'pentest', 'Commandline KungFu anyone?', 'FALSE' ,'Ed' ,'Skoudis')";
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo "<div class=\"database-success-message\">Executed query 'INSERT INTO TABLE' with result ".$lQueryResult."</div>";
}// end if
$lQueryString ="INSERT INTO `blogs_table` (`cid`, `blogger_name`, `comment`, `date`) VALUES
(1, 'adrian', 'Well, I''ve been working on this for a bit. Welcome to my crappy blog software. :)', '2009-03-01 22:26:12'),
(2, 'adrian', 'Looks like I got a lot more work to do. Fun, Fun, Fun!!!', '2009-03-01 22:26:54'),
(3, 'anonymous', 'An anonymous blog? Huh? ', '2009-03-01 22:27:11'),
(4, 'ed', 'I love me some Netcat!!!', '2009-03-01 22:27:48'),
(5, 'john', 'Listen to Pauldotcom!', '2009-03-01 22:29:04'),
(6, 'jeremy', 'Mutillidae is fun', '2009-03-01 22:29:49'),
(7, 'john', 'Chocolate is GOOD!!!', '2009-03-01 22:30:06'),
(8, 'admin', 'Fear me, for I am ROOT!', '2009-03-01 22:31:13'),
(9, 'dave', 'Social Engineering is woot-tastic', '2009-03-01 22:31:13'),
(10, 'kevin', 'Read more Douglas Adams', '2009-03-01 22:31:13'),
(11, 'kevin', 'You should take SANS SEC542', '2009-03-01 22:31:13'),
(12, 'asprox', 'Fear me, for I am asprox!', '2009-03-01 22:31:13')";
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo "<div class=\"database-success-message\">Executed query 'INSERT INTO TABLE' with result ".$lQueryResult."</div>";
}// end if
$lQueryString = 'CREATE TABLE credit_cards( '.
'ccid INT NOT NULL AUTO_INCREMENT, '.
'ccnumber TEXT, '.
'ccv TEXT, '.
'expiration DATE, '.
'PRIMARY KEY(ccid))';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
$lQueryString ="INSERT INTO `credit_cards` (`ccid`, `ccnumber`, `ccv`, `expiration`) VALUES
(1, '4444111122223333', '745', '2012-03-01 10:01:12'),
(2, '7746536337776330', '722', '2015-04-01 07:00:12'),
(3, '8242325748474749', '461', '2016-03-01 11:55:12'),
(4, '7725653200487633', '230', '2017-06-01 04:33:12'),
(5, '1234567812345678', '627', '2018-11-01 13:31:13')";
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo "<div class=\"database-success-message\">Executed query 'INSERT INTO TABLE' with result ".$lQueryResult."</div>";
}// end if
$lQueryString =
'CREATE TABLE pen_test_tools('.
'tool_id INT NOT NULL AUTO_INCREMENT, '.
'tool_name TEXT, '.
'phase_to_use TEXT, '.
'tool_type TEXT, '.
'comment TEXT, '.
'PRIMARY KEY(tool_id))';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
$lQueryString ="INSERT INTO `pen_test_tools` (`tool_id`, `tool_name`, `phase_to_use`, `tool_type`, `comment`) VALUES
(1, 'WebSecurify', 'Discovery', 'Scanner', 'Can capture screenshots automatically'),
(2, 'Grendel-Scan', 'Discovery', 'Scanner', 'Has interactive-mode. Lots plug-ins. Includes Nikto. May not spider JS menus well.'),
(3, 'Skipfish', 'Discovery', 'Scanner', 'Agressive. Fast. Uses wordlists to brute force directories.'),
(4, 'w3af', 'Discovery', 'Scanner', 'GUI simple to use. Can call sqlmap. Allows scan packages to be saved in profiles. Provides evasion, discovery, brute force, vulneraility assessment (audit), exploitation, pattern matching (grep).'),
(5, 'Burp-Suite', 'Discovery', 'Scanner', 'GUI simple to use. Provides highly configurable manual scan assistence with productivity enhancements.'),
(6, 'Netsparker Community Edition', 'Discovery', 'Scanner', 'Excellent spider abilities and reporting. GUI driven. Runs on Windows. Good at SQLi and XSS detection. From Mavituna Security. Professional version available for purchase.'),
(7, 'NeXpose', 'Discovery', 'Scanner', 'GUI driven. Runs on Windows. From Rapid7. Professional version available for purchase. Updates automatically. Requires large amounts of memory.'),
(8, 'Hailstorm', 'Discovery', 'Scanner', 'From Cenzic. Professional version requires dedicated staff, multiple dediciated servers, professional pen-tester to analyze results, and very large license fee. Extensive scanning ability. Very large vulnerability database. Highly configurable. Excellent reporting. Can scan entire networks of web applications. Extremely expensive. Requires large amounts of memory.'),
(9, 'Tamper Data', 'Discovery', 'Interception Proxy', 'Firefox add-on. Easy to use. Tampers with POST parameters and HTTP Headers. Does not tamper with URL query parameters. Requires manual browsing.'),
(10, 'DirBuster', 'Discovery', 'Fuzzer', 'OWASP tool. Fuzzes directory names to brute force directories.'),
(11, 'SQL Inject Me', 'Discovery', 'Fuzzer', 'Firefox add-on. Attempts common strings which elicit XSS responses. Not compatible with Firefox 8.0.'),
(12, 'XSS Me', 'Discovery', 'Fuzzer', 'Firefox add-on. Attempts common strings which elicit responses from databases when SQL injection is present. Not compatible with Firefox 8.0.'),
(13, 'GreaseMonkey', 'Discovery', 'Browser Manipulation Tool', 'Firefox add-on. Allows the user to inject Javascripts and change page.'),
(14, 'NSLookup', 'Reconnaissance', 'DNS Server Query Tool', 'DNS query tool can query DNS name or reverse lookup on IP. Set debug for better output. Premiere tool on Windows but Linux perfers Dig. DNS traffic generally over UDP 53 unless response long then over TCP 53. Online version combined with anonymous proxy or TOR network may be prefered for stealth.'),
(15, 'Whois', 'Reconnaissance', 'Domain name lookup service', 'Whois is available in Linux naitvely and Windows as a Sysinternals download plus online. Whois can lookup the registrar of a domain and the IP block associated. An online version is http://network-tools.com/'),
(16, 'Dig', 'Reconnaissance', 'DNS Server Query Tool', 'The Domain Information Groper is prefered on Linux over NSLookup and provides more information natively. NSLookup must be in debug mode to give similar output. DIG can perform zone transfers if the DNS server allows transfers.'),
(17, 'Fierce Domain Scanner', 'Reconnaissance', 'DNS Server Query Tool', 'Powerful DNS scan tool. FDS is a Perl program which scans and reverse scans a domain plus scans IPs within the same block to look for neighoring machines. Available in the Samurai and Backtrack distributions plus http://ha.ckers.org/fierce/'),
(18, 'host', 'Reconnaissance', 'DNS Server Query Tool', 'A simple DNS lookup tool included with BIND. The tool is a friendly and capible command line tool with excellent documentation. Does not posess the automation of FDS.'),
(19, 'zaproxy', 'Reconnaissance', 'Interception Proxy', 'OWASP Zed Attack Proxy. An interception proxy that can also passively or actively scan applications as well as perform brute-forcing. Similar to Burp-Suite without the disadvantage of requiring a costly license.'),
(20, 'Google intitle', 'Discovery', 'Search Engine','intitle and site directives allow directory discovery. GHDB available to provide hints. See Hackers for Charity site.')";
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo "<div class=\"database-success-message\">Executed query 'INSERT INTO TABLE' with result ".$lQueryResult."</div>";
}// end if
$lQueryString =
'CREATE TABLE captured_data('.
'data_id INT NOT NULL AUTO_INCREMENT, '.
'ip_address TEXT, '.
'hostname TEXT, '.
'port TEXT, '.
'user_agent_string TEXT, '.
'referrer TEXT, '.
'data TEXT, '.
'capture_date DATETIME, '.
'PRIMARY KEY(data_id)'.
')';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
$lQueryString =
'CREATE TABLE page_hints('.
'page_name VARCHAR(64) NOT NULL, '.
'hint_key INT, '.
'hint TEXT, '.
'PRIMARY KEY(page_name, hint_key)'.
')';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
$lQueryString =
'CREATE TABLE page_help('.
'page_name VARCHAR(64) NOT NULL, '.
'help_text_key INT, '.
'order_preference INT, '.
'PRIMARY KEY(page_name, help_text_key)'.
')';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
$lQueryString ="INSERT INTO `page_help` (`page_name`, `help_text_key`, `order_preference`) VALUES
('home.php', 0, 5),
('home.php', 1, 5),
('home.php', 2, 5),
('home.php', 3, 5),
('home.php', 4, 5),
('home.php', 5, 5),
('home.php', 6, 5),
('home.php', 7, 0),
('home.php', 9, 5),
('home.php', 24, 5),
('home.php', 39, 5),
('home.php', 40, 5),
('home.php', 57, 5),
('home.php', 56, 5),
('home.php', 59, 5),
('home.php', 60, 0),
('home.php', 61, 3),
('home.php', 62, 1),
('home.php', 64, 4),
('add-to-your-blog.php', 8, 0),
('add-to-your-blog.php', 10, 2),
('add-to-your-blog.php', 53, 2),
('add-to-your-blog.php', 11, 3),
('add-to-your-blog.php', 55, 3),
('add-to-your-blog.php', 12, 1),
('add-to-your-blog.php', 13, 1),
('add-to-your-blog.php', 14, 1),
('add-to-your-blog.php', 30, 1),
('add-to-your-blog.php', 48, 1),
('add-to-your-blog.php', 54, 1),
('add-to-your-blog.php', 56, 1),
('add-to-your-blog.php', 59, 1),
('arbitrary-file-inclusion.php', 11, 3),
('arbitrary-file-inclusion.php', 55, 3),
('arbitrary-file-inclusion.php', 12, 1),
('arbitrary-file-inclusion.php', 15, 0),
('arbitrary-file-inclusion.php', 16, 1),
('arbitrary-file-inclusion.php', 17, 1),
('arbitrary-file-inclusion.php', 39, 1),
('arbitrary-file-inclusion.php', 40, 1),
('arbitrary-file-inclusion.php', 56, 1),
('arbitrary-file-inclusion.php', 59, 1),
('back-button-discussion.php', 11, 3),
('back-button-discussion.php', 55, 3),
('back-button-discussion.php', 12, 1),
('back-button-discussion.php', 18, 1),
('back-button-discussion.php', 19, 1),
('back-button-discussion.php', 56, 1),
('back-button-discussion.php', 59, 1),
('browser-info.php', 11, 3),
('browser-info.php', 55, 3),
('browser-info.php', 12, 1),
('browser-info.php', 18, 1),
('browser-info.php', 56, 1),
('browser-info.php', 59, 1),
('capture-data.php', 1, 1),
('capture-data.php', 10, 2),
('capture-data.php', 53, 2),
('capture-data.php', 11, 3),
('capture-data.php', 55, 3),
('capture-data.php', 12, 1),
('capture-data.php', 48, 1),
('captured-data.php', 11, 3),
('captured-data.php', 55, 3),
('captured-data.php', 12, 1),
('captured-data.php', 56, 1),
('captured-data.php', 59, 1),
('client-side-comments.php', 57, 1),
('client-side-comments.php', 56, 1),
('client-side-comments.php', 59, 1),
('client-side-control-challenge.php', 11, 3),
('client-side-control-challenge.php', 55, 3),
('client-side-control-challenge.php', 12, 1),
('client-side-control-challenge.php', 13, 1),
('client-side-control-challenge.php', 30, 1),
('client-side-control-challenge.php', 51, 1),
('client-side-control-challenge.php', 56, 1),
('client-side-control-challenge.php', 59, 1),
('conference-room-lookup.php', 29, 1),
('conference-room-lookup.php', 30, 1),
('conference-room-lookup.php', 56, 1),
('conference-room-lookup.php', 59, 1),
('conference-room-lookup.php', 63, 1),
('conference-room-lookup.php', 64, 1),
('content-security-policy.php', 11, 3),
('content-security-policy.php', 55, 3),
('content-security-policy.php', 12, 1),
('content-security-policy.php', 13, 1),
('content-security-policy.php', 20, 1),
('content-security-policy.php', 30, 1),
('content-security-policy.php', 48, 1),
('content-security-policy.php', 56, 1),
('content-security-policy.php', 59, 1),
('content-security-policy.php', 65, 1),
('cors.php', 11, 3),
('cors.php', 55, 3),
('cors.php', 12, 1),
('cors.php', 13, 1),
('cors.php', 20, 1),
('cors.php', 30, 1),
('cors.php', 48, 1),
('cors.php', 56, 1),
('cors.php', 59, 1),
('cors.php', 67, 1),
('credits.php', 19, 1),
('credits.php', 56, 1),
('credits.php', 59, 1),
('directory-browsing.php', 9, 1),
('directory-browsing.php', 56, 1),
('directory-browsing.php', 59, 1),
('dns-lookup.php', 11, 3),
('dns-lookup.php', 55, 3),
('dns-lookup.php', 12, 1),
('dns-lookup.php', 13, 1),
('dns-lookup.php', 20, 1),
('dns-lookup.php', 30, 1),
('dns-lookup.php', 48, 1),
('dns-lookup.php', 56, 1),
('dns-lookup.php', 59, 1),
('document-viewer.php', 11, 3),
('document-viewer.php', 55, 3),
('document-viewer.php', 12, 1),
('document-viewer.php', 21, 1),
('document-viewer.php', 30, 1),
('document-viewer.php', 41, 1),
('document-viewer.php', 48, 1),
('document-viewer.php', 56, 1),
('document-viewer.php', 59, 1),
('echo.php', 11, 3),
('echo.php', 55, 3),
('echo.php', 12, 1),
('echo.php', 13, 1),
('echo.php', 20, 1),
('echo.php', 30, 1),
('echo.php', 48, 1),
('echo.php', 56, 1),
('echo.php', 59, 1),
('edit-account-profile.php', 10, 2),
('edit-account-profile.php', 11, 3),
('edit-account-profile.php', 12, 1),
('edit-account-profile.php', 14, 1),
('edit-account-profile.php', 16, 3),
('edit-account-profile.php', 30, 1),
('edit-account-profile.php', 48, 1),
('edit-account-profile.php', 53, 2),
('edit-account-profile.php', 54, 1),
('edit-account-profile.php', 55, 3),
('edit-account-profile.php', 56, 1),
('edit-account-profile.php', 59, 1),
('framing.php', 22, 1),
('framing.php', 56, 1),
('framing.php', 59, 1),
('html5-storage.php', 12, 1),
('html5-storage.php', 23, 1),
('html5-storage.php', 42, 1),
('html5-storage.php', 56, 1),
('html5-storage.php', 59, 1),
('labs/lab-1.php', 68, 1),
('labs/lab-2.php', 69, 1),
('labs/lab-3.php', 70, 1),
('labs/lab-4.php', 71, 1),
('labs/lab-5.php', 72, 1),
('labs/lab-6.php', 10, 1),
('labs/lab-6.php', 53, 1),
('labs/lab-6.php', 73, 1),
('labs/lab-7.php', 10, 1),
('labs/lab-7.php', 53, 1),
('labs/lab-7.php', 74, 1),
('labs/lab-8.php', 10, 1),
('labs/lab-8.php', 53, 1),
('labs/lab-8.php', 75, 1),
('labs/lab-9.php', 10, 1),
('labs/lab-9.php', 53, 1),
('labs/lab-9.php', 76, 1),
('labs/lab-10.php', 10, 1),
('labs/lab-10.php', 53, 1),
('labs/lab-10.php', 77, 1),
('labs/lab-11.php', 10, 1),
('labs/lab-11.php', 53, 1),
('labs/lab-11.php', 78, 1),
('labs/lab-12.php', 79, 1),
('labs/lab-13.php', 80, 1),
('labs/lab-14.php', 81, 1),
('labs/lab-15.php', 82, 1),
('labs/lab-16.php', 83, 1),
('labs/lab-17.php', 84, 1),
('labs/lab-18.php', 85, 1),
('labs/lab-19.php', 86, 1),
('labs/lab-20.php', 87, 1),
('labs/lab-21.php', 88, 1),
('labs/lab-22.php', 89, 1),
('labs/lab-23.php', 90, 1),
('labs/lab-24.php', 91, 1),
('labs/lab-25.php', 92, 1),
('labs/lab-26.php', 93, 1),
('labs/lab-27.php', 94, 1),
('labs/lab-28.php', 95, 1),
('labs/lab-29.php', 96, 1),
('labs/lab-30.php', 97, 1),
('labs/lab-31.php', 98, 1),
('labs/lab-32.php', 99, 1),
('labs/lab-33.php', 100, 1),
('labs/lab-34.php', 101, 1),
('labs/lab-35.php', 102, 1),
('labs/lab-36.php', 103, 1),
('labs/lab-37.php', 104, 1),
('labs/lab-38.php', 105, 1),
('labs/lab-39.php', 106, 1),
('labs/lab-40.php', 107, 1),
('labs/lab-41.php', 108, 1),
('labs/lab-42.php', 109, 1),
('labs/lab-43.php', 110, 1),
('labs/lab-44.php', 111, 1),
('labs/lab-45.php', 112, 1),
('labs/lab-46.php', 113, 1),
('labs/lab-47.php', 114, 1),
('labs/lab-48.php', 115, 1),
('labs/lab-49.php', 116, 1),
('labs/lab-50.php', 117, 1),
('labs/lab-51.php', 118, 1),
('labs/lab-52.php', 119, 1),
('labs/lab-53.php', 120, 1),
('labs/lab-54.php', 121, 1),
('labs/lab-55.php', 122, 1),
('labs/lab-56.php', 123, 1),
('labs/lab-57.php', 124, 1),
('labs/lab-58.php', 125, 1),
('labs/lab-59.php', 126, 1),
('labs/lab-60.php', 127, 1),
('labs/lab-61.php', 128, 1),
('labs/lab-62.php', 129, 1),
('labs/lab-63.php', 130, 1),
('login.php', 1, 1),
('login.php', 10, 2),
('login.php', 53, 2),
('login.php', 11, 3),
('login.php', 55, 3),
('login.php', 12, 1),
('login.php', 13, 1),
('login.php', 25, 1),
('login.php', 47, 1),
('login.php', 48, 1),
('login.php', 54, 1),
('login.php', 56, 1),
('login.php', 59, 1),
('login.php', 60, 1),
('password-generator.php', 1, 1),
('password-generator.php', 11, 3),
('password-generator.php', 55, 3),
('password-generator.php', 12, 1),
('password-generator.php', 18, 1),
('password-generator.php', 56, 1),
('password-generator.php', 59, 1),
('pen-test-tool-lookup.php', 26, 1),
('pen-test-tool-lookup-ajax.php', 26, 1),
('pen-test-tool-lookup-ajax.php', 56, 1),
('pen-test-tool-lookup-ajax.php', 59, 1),
('phpinfo.php', 27, 1),
('phpinfo.php', 28, 1),
('phpinfo.php', 29, 1),
('phpinfo.php', 56, 1),
('phpinfo.php', 59, 1),
('register.php', 10, 2),
('register.php', 11, 3),
('register.php', 12, 1),
('register.php', 14, 1),
('register.php', 30, 1),
('register.php', 48, 1),
('register.php', 53, 2),
('register.php', 54, 1),
('register.php', 55, 3),
('register.php', 56, 1),
('register.php', 59, 1),
('rene-magritte.php', 22, 1),
('rene-magritte.php', 56, 1),
('rene-magritte.php', 59, 1),
('robots-txt.php', 9, 1),
('robots-txt.php', 29, 1),
('robots-txt.php', 43, 1),
('robots-txt.php', 56, 1),
('robots-txt.php', 59, 1),
('repeater.php', 11, 3),
('repeater.php', 55, 3),
('repeater.php', 12, 1),
('repeater.php', 13, 1),
('repeater.php', 31, 1),
('repeater.php', 32, 1),
('repeater.php', 56, 1),
('repeater.php', 59, 1),
('secret-administrative-pages.php', 6, 1),
('secret-administrative-pages.php', 27, 1),
('secret-administrative-pages.php', 28, 1),
('secret-administrative-pages.php', 29, 1),
('secret-administrative-pages.php', 44, 1),
('secret-administrative-pages.php', 56, 1),
('secret-administrative-pages.php', 59, 1),
('set-background-color.php', 11, 3),
('set-background-color.php', 55, 3),
('set-background-color.php', 12, 1),
('set-background-color.php', 33, 1),
('set-background-color.php', 56, 1),
('set-background-color.php', 59, 1),
('show-log.php', 11, 3),
('show-log.php', 55, 3),
('show-log.php', 12, 1),
('show-log.php', 34, 1),
('show-log.php', 56, 1),
('show-log.php', 59, 1),
('site-footer-xss-discussion.php', 11, 3),
('site-footer-xss-discussion.php', 55, 3),
('site-footer-xss-discussion.php', 12, 1),
('site-footer-xss-discussion.php', 56, 1),
('site-footer-xss-discussion.php', 59, 1),
('source-viewer.php', 11, 3),
('source-viewer.php', 55, 3),
('source-viewer.php', 12, 1),
('source-viewer.php', 15, 1),
('source-viewer.php', 16, 1),
('source-viewer.php', 39, 1),
('source-viewer.php', 40, 1),
('source-viewer.php', 48, 1),
('source-viewer.php', 56, 1),
('source-viewer.php', 59, 1),
('styling-frame.php', 11, 3),
('styling-frame.php', 55, 3),
('styling-frame.php', 12, 1),
('styling-frame.php', 16, 1),
('styling-frame.php', 39, 1),
('styling-frame.php', 40, 1),
('styling-frame.php', 41, 1),
('styling-frame.php', 48, 1),
('styling-frame.php', 50, 1),
('styling-frame.php', 56, 1),
('styling-frame.php', 59, 1),
('sqlmap-targets.php', 10, 2),
('sqlmap-targets.php', 53, 2),
('sqlmap-targets.php', 56, 1),
('sqlmap-targets.php', 59, 1),
('ssl-misconfiguration.php', 1, 1),
('ssl-misconfiguration.php', 56, 1),
('ssl-misconfiguration.php', 59, 1),
('ssl-misconfiguration.php', 60, 1),
('text-file-viewer.php', 11, 3),
('text-file-viewer.php', 55, 3),
('text-file-viewer.php', 12, 1),
('text-file-viewer.php', 15, 1),
('text-file-viewer.php', 16, 1),
('text-file-viewer.php', 30, 1),
('text-file-viewer.php', 35, 1),
('text-file-viewer.php', 39, 1),
('text-file-viewer.php', 40, 1),
('text-file-viewer.php', 56, 1),
('text-file-viewer.php', 59, 1),
('upload-file.php', 46, 1),
('upload-file.php', 11, 2),
('upload-file.php', 55, 2),
('upload-file.php', 12, 2),
('upload-file.php', 54, 2),
('upload-file.php', 56, 1),
('upload-file.php', 59, 1),
('user-agent-impersonation.php', 11, 3),
('user-agent-impersonation.php', 55, 3),
('user-agent-impersonation.php', 18, 1),
('user-agent-impersonation.php', 45, 1),
('user-agent-impersonation.php', 56, 1),
('user-agent-impersonation.php', 59, 1),
('user-info.php', 1, 1),
('user-info.php', 10, 2),
('user-info.php', 53, 2),
('user-info.php', 11, 3),
('user-info.php', 55, 3),
('user-info.php', 12, 1),
('user-info.php', 13, 1),
('user-info.php', 30, 1),
('user-info.php', 54, 1),
('user-info.php', 56, 1),
('user-info.php', 59, 1),
('user-info-xpath.php', 1, 1),
('user-info-xpath.php', 11, 3),
('user-info-xpath.php', 55, 3),
('user-info-xpath.php', 12, 1),
('user-info-xpath.php', 13, 1),
('user-info-xpath.php', 30, 1),
('user-info-xpath.php', 49, 1),
('user-info-xpath.php', 54, 1),
('user-info-xpath.php', 58, 1),
('user-info-xpath.php', 56, 1),
('user-info-xpath.php', 59, 1),
('user-poll.php', 10, 2),
('user-poll.php', 53, 2),
('user-poll.php', 11, 3),
('user-poll.php', 55, 3),
('user-poll.php', 12, 1),
('user-poll.php', 14, 1),
('user-poll.php', 21, 1),
('user-poll.php', 30, 1),
('user-poll.php', 54, 1),
('user-poll.php', 56, 1),
('user-poll.php', 59, 1),
('view-someones-blog.php', 11, 3),
('view-someones-blog.php', 55, 3),
('view-someones-blog.php', 12, 1),
('view-someones-blog.php', 14, 1),
('view-someones-blog.php', 30, 1),
('view-someones-blog.php', 54, 1),
('view-someones-blog.php', 56, 1),
('view-someones-blog.php', 59, 1),
('view-user-privilege-level.php', 11, 3),
('view-user-privilege-level.php', 55, 3),
('view-user-privilege-level.php', 12, 1),
('view-user-privilege-level.php', 25, 1),
('view-user-privilege-level.php', 31, 1),
('view-user-privilege-level.php', 38, 1),
('view-user-privilege-level.php', 56, 1),
('view-user-privilege-level.php', 59, 1),
('xml-validator.php', 11, 3),
('xml-validator.php', 55, 3),
('xml-validator.php', 12, 2),
('xml-validator.php', 15, 2),
('xml-validator.php', 36, 2),
('xml-validator.php', 58, 1),
('xml-validator.php', 56, 1),
('xml-validator.php', 59, 1),
('jwt.php', 66, 1)
;";
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo "<div class=\"database-success-message\">Executed query 'INSERT INTO TABLE' with result ".$lQueryResult."</div>";
}// end if
$lQueryString =
'CREATE TABLE level_1_help_include_files('.
'level_1_help_include_file_key INT, '.
'level_1_help_include_file_description TEXT, '.
'level_1_help_include_file TEXT, '.
'PRIMARY KEY(level_1_help_include_file_key)'.
')';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
/* NOTE: Be sure to keep indexes in the help_texts table
* relatively the same as the level_1_help_include_files
* table so we can reuse the keys in the page_help table.
*/
$lQueryString ="
INSERT INTO level_1_help_include_files (
level_1_help_include_file_key,
level_1_help_include_file_description,
level_1_help_include_file
) VALUES
(1, 'SSL Misconfiguration', 'ssl-misconfiguration-hint.inc'),
(9, 'Directory Browsing', 'directory-browsing-hint.inc'),
(10, 'SQL Injection (SQLi)', 'sql-injection-hint.inc'),
(11, 'Cross-site Scripting (XSS)', 'cross-site-scripting-hint.inc'),
(12, 'HTML Injection (HTMLi)', 'html-injection-hint.inc'),
(13, 'JavaScript Validation Bypass', 'javascript-validation-bypass-hint.inc'),
(14, 'Cross-site Request Forgery (CSRF)', 'cross-site-request-forgery-hint.inc'),
(16, 'Insecure Direct Object References (IDOR)', 'insecure-direct-object-reference-hint.inc'),
(18, 'JavaScript Injection', 'javascript-injection-hint.inc'),
(19, 'Unvalidated Redirects', 'unvalidated-redirects-and-forwards.inc'),
(20, 'Command Injection (CMDi)', 'command-injection-hint.inc'),
(21, 'Parameter Pollution', 'parameter-pollution-hint.inc'),
(22, 'Click-Jacking', 'click-jacking-hint.inc'),
(23, 'Document Object Model (DOM) Injection', 'dom-injection-hint.inc'),
(25, 'Authentication Bypass', 'authentication-bypass-hint.inc'),
(26, 'JavaScript Object Notation (JSON) Injection', 'json-injection-hint.inc'),
(27, 'Platform Path Disclosure', 'platform-path-disclosure-hint.inc'),
(28, 'Application Path Disclosure', 'application-path-disclosure-hint.inc'),
(29, 'Information Disclosure', 'information-disclosure-hint.inc'),
(30, 'Method Tampering', 'method-tampering-hint.inc'),
(31, 'Parameter Addition', 'parameter-addition-hint.inc'),
(32, 'Buffer Overflow', 'buffer-overflow-hint.inc'),
(33, 'Cascading Style Sheet (CSS) Injection', 'cascading-style-sheet-injection-hint.inc'),
(36, 'XML External Entity (XXE) Injection', 'xml-external-entity-attack-hint.inc'),
(38, 'CBC Bit-flipping Attack', 'cbc-bit-flipping-attack-hint.inc'),
(39, 'Local File Inclusion', 'local-file-inclusion-hint.inc'),
(40, 'Remote File Inclusion', 'remote-file-inclusion-hint.inc'),
(41, 'Frame Source Injection', 'frame-source-injection-hint.inc'),
(42, 'HTML-5 Web Storage Injection', 'html5-web-storage-hint.inc'),
(43, 'Robots.txt', 'robots-txt-hint.inc'),
(44, 'Secret Administrative Pages', 'secret-administrative-pages-hint.inc'),
(45, 'User-agent Impersonation', 'user-agent-impersonation-hint.inc'),
(46, 'Unrestricted File Upload', 'unrestricted-file-upload-hint.inc'),
(48, 'Application Log Injection', 'application-log-injection.inc'),
(49, 'XPath Injection', 'xpath-injection-hint.inc'),
(50, 'Path Relative Style-sheet Injection', 'path-relative-stylesheet-injection.inc'),
(51, 'Client-side Security Control Bypass', 'client-side-security-control-bypass.inc'),
(53, 'SQL Injection with SQLMap', 'sqlmap-hint.inc'),
(54, 'Insufficient Transport Layer Protection', 'insufficient-transport-layer-protection.inc'),
(55, 'Cross-site Scripting with BeEF Framework', 'beef-framework-hint.inc'),
(56, 'Using Burp-Suite', 'burp-suite-hint.inc'),
(57, 'Client-side Comments', 'client-side-comments.inc'),
(58, 'XML Entity Expansion', 'xml-entity-expansion-hint.inc'),
(59, 'Using OWASP Zed Attack Proxy (ZAP)', 'owasp-zap-hint.inc'),
(60, 'Set Up HTTPS Self-signed Certificate', 'setting-up-ssl-hint.inc'),
(61, 'Set Up Apache Virtual Hosts', 'setting-up-virtual-hosts-hint.inc'),
(62, 'Set Up Local Hostnames', 'setting-up-local-hostnames-hint.inc'),
(63, 'LDAP Injection', 'ldap-injection-hint.inc'),
(64, 'Setting up LDAP Server', 'ldap-setup-hint.inc'),
(65, 'Content Security Policy (CSP)', 'content-security-policy-hint.inc'),
(66, 'JSON Web Tokens (JWT)', 'jwt-hint.inc'),
(67, 'Cross-origin Resource Sharing (CORS)', 'cross-origin-resource-sharing-hint.inc'),
(68, 'Lab 1', 'lab-1-hint.inc'),
(69, 'Lab 2', 'lab-2-hint.inc'),
(70, 'Lab 3', 'lab-3-hint.inc'),
(71, 'Lab 4', 'lab-4-hint.inc'),
(72, 'Lab 5', 'lab-5-hint.inc'),
(73, 'Lab 6', 'lab-6-hint.inc'),
(74, 'Lab 7', 'lab-7-hint.inc'),
(75, 'Lab 8', 'lab-8-hint.inc'),
(76, 'Lab 9', 'lab-9-hint.inc'),
(77, 'Lab 10', 'lab-10-hint.inc'),
(78, 'Lab 11', 'lab-11-hint.inc'),
(79, 'Lab 12', 'lab-12-hint.inc'),
(80, 'Lab 13', 'lab-13-hint.inc'),
(81, 'Lab 14', 'lab-14-hint.inc'),
(82, 'Lab 15', 'lab-15-hint.inc'),
(83, 'Lab 16', 'lab-16-hint.inc'),
(84, 'Lab 17', 'lab-17-hint.inc'),
(85, 'Lab 18', 'lab-18-hint.inc'),
(86, 'Lab 19', 'lab-19-hint.inc'),
(87, 'Lab 20', 'lab-20-hint.inc'),
(88, 'Lab 21', 'lab-21-hint.inc'),
(89, 'Lab 22', 'lab-22-hint.inc'),
(90, 'Lab 23', 'lab-23-hint.inc'),
(91, 'Lab 24', 'lab-24-hint.inc'),
(92, 'Lab 25', 'lab-25-hint.inc'),
(93, 'Lab 26', 'lab-26-hint.inc'),
(94, 'Lab 27', 'lab-27-hint.inc'),
(95, 'Lab 28', 'lab-28-hint.inc'),
(96, 'Lab 29', 'lab-29-hint.inc'),
(97, 'Lab 30', 'lab-30-hint.inc'),
(98, 'Lab 31', 'lab-31-hint.inc'),
(99, 'Lab 32', 'lab-32-hint.inc'),
(100, 'Lab 33', 'lab-33-hint.inc'),
(101, 'Lab 34', 'lab-34-hint.inc'),
(102, 'Lab 35', 'lab-35-hint.inc'),
(103, 'Lab 36', 'lab-36-hint.inc'),
(104, 'Lab 37', 'lab-37-hint.inc'),
(105, 'Lab 38', 'lab-38-hint.inc'),
(106, 'Lab 39', 'lab-39-hint.inc'),
(107, 'Lab 40', 'lab-40-hint.inc'),
(108, 'Lab 41', 'lab-41-hint.inc'),
(109, 'Lab 42', 'lab-42-hint.inc'),
(110, 'Lab 43', 'lab-43-hint.inc'),
(111, 'Lab 44', 'lab-44-hint.inc'),
(112, 'Lab 45', 'lab-45-hint.inc'),
(113, 'Lab 46', 'lab-46-hint.inc'),
(114, 'Lab 47', 'lab-47-hint.inc'),
(115, 'Lab 48', 'lab-48-hint.inc'),
(116, 'Lab 49', 'lab-49-hint.inc'),
(117, 'Lab 50', 'lab-50-hint.inc'),
(118, 'Lab 51', 'lab-51-hint.inc'),
(119, 'Lab 52', 'lab-52-hint.inc'),
(120, 'Lab 53', 'lab-53-hint.inc'),
(121, 'Lab 54', 'lab-54-hint.inc'),
(122, 'Lab 55', 'lab-55-hint.inc'),
(123, 'Lab 56', 'lab-56-hint.inc'),
(124, 'Lab 57', 'lab-57-hint.inc'),
(125, 'Lab 58', 'lab-58-hint.inc'),
(126, 'Lab 59', 'lab-59-hint.inc'),
(127, 'Lab 60', 'lab-60-hint.inc'),
(128, 'Lab 61', 'lab-61-hint.inc'),
(129, 'Lab 62', 'lab-62-hint.inc'),
(130, 'Lab 63', 'lab-63-hint.inc'),
(999, 'Hints Not Found', 'hints-not-found.inc')";
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
$lQueryString =
'CREATE TABLE help_texts('.
'help_text_key INT, '.
'help_text TEXT, '.
'PRIMARY KEY(help_text_key)'.
')';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if
/* NOTE: Be sure to keep indexes in the help_texts table
* relatively the same as the level_1_help_include_files
* table so we can reuse the keys in the page_help table.
*/
$lQueryString ="INSERT INTO help_texts (help_text_key, help_text) VALUES
(0, 'The index page has several global vulnerabilities.'),
(1, '<span class=\"label\">SSLStrip</span> can be used to downgrade the connection when the Enforce SSL button is selected.'),
(2, 'Output fields such as the logged-in username, signature, and the footer are vulnerable to cross-site scripting.'),
(3, 'The hints cookie and other cookies can be hacked to login as another user and gain admin access.'),
(4, 'Cookies are missing the HTTPOnly attribute and may be accessed via cross-site scripting.'),
(5, 'Check HTML comments for database credentials.'),
(6, 'The \"page\" input parameter is vulnerable to insecure direct object reference. Fuzzing the parameter with administrative page names or system file paths is likely to yield results.'),
(7, 'This is the home page. Its primary purpose is to provide a starting page for the user and provide instructions. There are no known vulnerabilties on the home.php page.'),
(8, '<span class=\"label\">Stored Cross-Site Scripting</span>: Attempt to inject cross-site scripts which will be stored in the backend database. When a user visits this page, the cross-site scripts will be fetched from the database, incorporated into the HTML generated, and sent to the user browser. The user browser will execute the Javascript. One option is to inject a cross-site script which sends the user to the capture-data.php page. You can view captured data on the captured-data.php page.'),
(9, '<span class=\"label\">Directory Browsing</span>: The entire site is vulnerable to directory browsing. Looking at the robots.txt file can provide hints of interesting directories.'),
(10, '<span class=\"label\">SQL Injection</span>: Attempt to inject special database characters or SQL timing attacks into page parameters. Database errors, page defacement, or noticable delays in response may indicate SQL injection flaws. This page is vulnerable.'),
(11, '<span class=\"label\">Reflected Cross-Site Scripting:</span> This page is vulnerable to reflected cross-site scripting because the input is not encoded prior to be used as output. Determine which input field contributes output here and inject scripts. Try to redirect the user to the capture-data.php page which records cookies and other parameters. Visit the captured-data.php page to view captured data.'),
(12, '<span class=\"label\">HTML Injection</span>: It is possible to inject your own HTML into this page because the input is not encoded prior to be used as output. Determine which input field contributes output here and inject HTML, CSS, and/or Javascripts in order to alter the client-side code of this page.'),
(13, '<span class=\"label\">Javascript Validation Bypass</span>: Set the page to at least security level 1 to activate the javascript validation. Javascript validation can always be bypassed. Use a client-proxy like Burp-Suite to capture the request after it has left the browser. You can alter the request at that time. Also, Javascript can be disabled.'),
(14, '<span class=\"label\">Cross Site Request Forgery</span>: This page is vulnerable to cross-site request forgery. There are a few steps to prepare a cross-site script to carry out the cross-site request forgery. Begin by filling out the form capturing the legitimate request. Inject a stored or reflected cross-site script anywhere on the site that will cause the browser to submit a copy of the legitimate request to the server. The server will process the request as if the user had filled out the form themselves.'),
(15, '<span class=\"label\">System File Compromise</span>: It is possible to access system files by injecting input parameters with the pathnames of system files. The web application will fetch the system files instead of application files. The system files may be displayed and/or included in page output. Remember web applications are usually served from a system directory like /var/www or C:XAMPP. You may need to move up directories.'),
(16, '<span class=\"label\">Insecure Direct Object Reference</span>: This page refers directly to resources by there real name or identifier making it possible to modify the name/ID to access other resources. Determine what resources are fetched. Provide the name or ID of a different resource. Resources can be filenames, record identifiers or others.'),
(17, '<span class=\"label\">Server Side Include</span>: It is possible to make the application include application files in this page that are not intended. These files may even come from other sites.'),
(18, '<span class=\"label\">Javascript Injection</span>: This page uses at least some of the input from the user to generate Javascript code. Usually in these cases the user input is used to create either a Javascript string or JSON object. Attempt to inject input which when incorporated with the page will form a syntactically correct Javascript statement. This will allow the injection to execute in the context of the browser.'),
(19, '<span class=\"label\">Unvalidated Redirects and Forwards</span>: This page refers directly to dynamic URLs. If the user clicks on one of the link, the URL embedded is passed to a page which performs redirection. Try to over-write one of the intended pages beind passed to redirect the user to an arbitrary page. Give the poisoned link you create to a freind and see if they are redirected to a site of your choosing.'),
(20, '<span class=\"label\">Operating System Command Injection</span>: Command injection may occur when a web application passes user input in part or in whole to the operating system for execution. This page incorporates user input into a larger statement that is submitted to an operating system shell for execution. Try to determine the operating system in use. Enter characters that are reserved in shells; especially characters used to concatenate commands.'),
(21, '<span class=\"label\">HTTP Parameter Pollution</span>: If multiple parameters with the same name are sent in a request, different application servers will react differently. PHP takes only one of the parameters but not neccesarily the parameters intended by the developer. By duplicating parameters with a value of your choosing and placing that parameters before and-or after the pages native parameters, you can influence the pages behavior. Note that ASP and Java application servers act different.'),
(22, '<span class=\"label\">Click-jacking</span>: By placing an invisible overlay over top of a legitimate page, a malicious agent can hijack a users mouse clicks. To overlay the vulnerable page, the malicious agent will host the victim page inside a full page frame with no borders.'),
(23, '<span class=\"label\">Document Object Model (DOM) Injection</span>: User input is incorporated into the document object model (DOM) of the page itself. This allows a user to inject HTML which will be incorporated into the source code of the page. The browser will execute this new code immediately.'),
(24, 'The UID cookie is used in an SQL query allowing SQL injection via a cookie value.'),
(25, '<span class=\"label\">Authentication Bypass</span>: Authentication bypass can be achieved by either hacking the UID cookie or by SQL injecting the login.'),
(26, '<span class=\"label\">Javascript Object Notation (JSON) Injection</span>: This page uses JSON to pass data which is later parsed and incorporated into the page. Because the output is not properly encoded, it is possible to carefully craft an injection which will add extra data into the JSON without breaking the JSON syntax. This extra data will be executed by the browser once the data is incorporated into the page.'),
(27, '<span class=\"label\">Platform Path Disclosure</span>: Internal system paths are disclosed by this page under certain conditions.'),
(28, '<span class=\"label\">Application Path Disclosure</span>: Application file paths are disclosed by this page under certain conditions.'),
(29, '<span class=\"label\">Information Disclosure</span>: This page gives away internal system information, configuration information, paths, filenames, or other private information.'),
(30, '<span class=\"label\">Method Tampering</span>: Because the page does not specify that the input parameters must be posted, it is possible to submit input parameters via a post or a get. This is a second order vulnerability allowing other vulnerabilities to be exploited easier.'),
(31, '<span class=\"label\">Parameter Addition</span>: If extra parameters are submitted, the page will include them in output. A parameter can be added containing scripts which will be executed when loaded in the users browser.'),
(32, '<span class=\"label\">Buffer Overflow</span>: If very long input is submitted, it is possible to exhaust the available space alloted on the heap.'),
(33, '<span class=\"label\">Cascading Style Sheet Injection</span>: CSS styles can be used to interpret and execute Javascript. If styles can be injected, it is possible to inject a style with embedded Javascript which will be executed when loaded into the users browser.'),
(34, '<span class=\"label\">Denial of Service</span>: This page allows denial of service. DOS can be performed by exhausting system resource(s) such as filling up disk drives or consuming available network bandwidth.'),
(35, '<span class=\"label\">Phishing/Remote File Inclusion</span>: Due to defects allowing arbitrary web pages to be loaded into this pages frames, phishing and malware downloads are possible.'),
(36, '<span class=\"label\">XML External Entity Injection Attack</span>: This page parses XML which the user can influence. If external entities embedded in the XML contain system file directives, it is possible to cause the page to load system files and include the contents in the XML output.'),
(38, '<span class=\"label\">Cipher Block Chaining (CBC) Bit Flipping Attack</span>: This page is vulnerable to CBC bit flipping attack.'),
(39, '<span class=\"label\">Local File Inclusion</span>: This page is vulnerable to local file inclusion if the user account under which PHP is running has access to files besides the intended web site files.'),
(40, '<span class=\"label\">Remote File Inclusion</span>: This page is vulnerable to remote file inclusion if the PHP server configuration parameters \"allow_url_fopen\" and \"allow_url_include\" are set to \"On\" in php.ini.'),
(41, '<span class=\"label\">Frame Source Injection</span>: By controlling the parameter which determines the src attribute of a pages frame, a carefully injected value can load any arbitrary page into the frame.'),
(42, '<span class=\"label\">HTML 5 Web Storage Theft and Manipulation</span>: Using a cross site scripting attack, this page is vulnerable to having an attacker read, insert, update, or delete the values stored in the HTML5 web storage.'),
(43, '<span class=\"label\">Robots.txt</span>: This file gives away sensitive file paths.'),
(44, '<span class=\"label\">Secret Administrative Pages</span>: These pages are obscured by not being linked from other pages but they can be found using other vulnerabilities such as directory browsing, robots.txt, and local file inclusion.'),
(45, '<span class=\"label\">User Agent Impersonation</span>: Based on the information sent by the browser, this page decides if the user is authorized.'),
(46, '<span class=\"label\">Unrestricted File Upload</span>: This page allows dangerous files to be uploaded.'),
(47, '<span class=\"label\">Username Enumeration</span>: This page allows usernames to be enumerated.'),
(48, '<span class=\"label\">Application Log Injection</span>: Some inputs on this page are recorded into log records which can be read by visiting the Show Log page. Vulnerabilities on the Show Log page may allow injections in log records to execute.'),
(49, '<span class=\"label\">XPath Injection</span>: Some inputs on this page are vulnerable to XPath injection.'),
(50, '<span class=\"label\">Path Relative Stylesheet Injection</span>: Within this page is an iframe containing another page. The page being framed is vulnerable to path relative stylesheet injection.'),
(51, '<span class=\"label\">Client-side Security Control Bypass</span>: This page attempts to implement security using client-side security controls. Any page using such controls, including this page, is vulnerable to security control bypass.'),
(53, '<span class=\"label\">SQL Injection with SQLMap</span>: This page contains an sql injection vulnerability. The SQLMap tool may be able to automate testing and confirming this vulnerability.'),
(54, '<span class=\"label\">Insufficent Transport Layer Protection</span>: This page is vulnerable to interception with wireshark or tcpdump.'),
(63, '<span class=\"label\">LDAP Injection</span>: This page is vulnerable to LDAP injection.')";
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo "<div class=\"database-success-message\">Executed query 'INSERT INTO TABLE' with result ".$lQueryResult."</div>";
}// end if
$lQueryString = 'CREATE TABLE youTubeVideos( '.
'recordIndetifier INT NOT NULL, '.
'identificationToken VARCHAR(32), '.
'title VARCHAR(128),
PRIMARY KEY (recordIndetifier),
UNIQUE KEY (identificationToken))';
$lQueryResult = $MySQLHandler->executeQuery($lQueryString);
if (!$lQueryResult) {
$lErrorDetected = TRUE;
}else{
echo format("Executed query 'CREATE TABLE' with result ".$lQueryResult,"S");
}// end if