-
Notifications
You must be signed in to change notification settings - Fork 1
/
phpi.php
139 lines (96 loc) · 4.59 KB
/
phpi.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
session_start();
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
header("location: login.php");
}
function commandi($data)
{
return $data;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>VulnApp - Dashboard</title>
<!-- Custom fonts for this template-->
<link href="vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
<link href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i" rel="stylesheet">
<!-- Custom styles for this template-->
<link href="css/main.min.css" rel="stylesheet">
</head>
<body>
<!-- Page Wrapper -->
<div id="wrapper">
<?php
include('siderbar.php');
?>
<!-- Content Wrapper -->
<div id="content-wrapper" class="d-flex flex-column">
<!-- Main Content -->
<div id="content" style="background-color: #000;">
<?php
include('header.php');
?>
<div id="main">
<h1>PHP Code Injection</h1>
<div class="card shadow mb-4" style="margin-left: 25px; margin-right: 300px;margin-top: 20px;">
<div class="card-header py-3">
<h6 class="m-0 font-weight-bold text-primary">This is just a test page, reflecting back your Message</h6>
</div>
<div class="card-body">
<p> <a href="<?php echo ($_SERVER["SCRIPT_NAME"]); ?>?message=test"></a></p>
<form action="<?php echo ($_SERVER["SCRIPT_NAME"]); ?>" method="GET">
<p><label for="firstname">Message:</label><br />
<input type="text" id="message" name="message">
</p>
<button type="submit" class="btn btn-primary btn-lg" name="form" value="submit">Go</button>
</form>
<?php
if (isset($_REQUEST["message"])) {
// If the security level is not MEDIUM or HIGH
if ($_COOKIE["security_level"] != "1" && $_COOKIE["security_level"] != "2") {
?>
<p><i><?php @eval("echo " . $_REQUEST["message"] . ";"); ?></i></p>
<?php
}
// If the security level is MEDIUM or HIGH
else {
?>
<p><i><?php echo htmlspecialchars($_REQUEST["message"], ENT_QUOTES, "UTF-8");; ?></i></p>
<?php
}
}
?>
<br />
</div>
</div>
</div>
<div class="mb-6">
<div class="card card-sm card-body rounded mb-3" style="margin-left: 25px; margin-right: 25px;">
<div data-target="#panel-1" class="accordion-panel-header" data-toggle="collapse" role="button" aria-expanded="false" aria-controls="panel-1"><span class="h6 mb-0">Solution</span><span class="icon" style="margin-left: 10px;"><i class="fas fa-angle-down"></i></span></div>
<div class="collapse" id="panel-1">
<div class="pt-3">
<p class="mb-0"><?php echo htmlspecialchars("phpinfo()");?></p>
</div>
</div>
</div>
</div>
<!-- Bootstrap core JavaScript-->
<script src="vendor/jquery/jquery.min.js"></script>
<script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- Core plugin JavaScript-->
<script src="vendor/jquery-easing/jquery.easing.min.js"></script>
<!-- Custom scripts for all pages-->
<script src="js/main.min.js"></script>
<!-- Page level plugins -->
<script src="vendor/chart.js/Chart.min.js"></script>
<!-- Page level custom scripts -->
<script src="js/demo/chart-area-demo.js"></script>
<script src="js/demo/chart-pie-demo.js"></script>
</body>
</html>