gnh1201/Vulnerable-Web-Application
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
Ramazan Emre Erkan 2018-11-29 22:08:15 +03:00 committed by GitHub
parent 7993aa133a
commit 3aa27eb47a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 203 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
FileInclusion/hint2/hint2.php Normal file
View File

@ -0,0 +1,7 @@
<html>
<body>
<p>
<div align="center"><b><h1><i> You Shall Not Pass!!! </i></h1></b></div>
<div align="center"><b><h3> You found one!!</h3></b></div>
</body>
</html>

3
FileInclusion/info.php Normal file
View File

@ -0,0 +1,3 @@
<?php
phpinfo();
?>

6
FileInclusion/pages/1.php Normal file
View File

@ -0,0 +1,6 @@
<html>
<body>
<p>
<div align="center"><b><h1> Why Dont You Click the Other Button??</h1></b></div>
</body>
</html>

9
FileInclusion/pages/2.php Normal file
View File

@ -0,0 +1,9 @@
<html>
<body>
<p>
<div align="center"><b><h1> Did you notice anything changed? Browse the site.</h1></b></div>
<!-- "There are 2 hints under the File Inclusion folder. They should be there -> " <!-->
<!-- "Hint1 : C:\xampp\htdocs\FileInclusion\pages\dontOpen\hint1 <!-->
<!-- "Hint2 : C:\xampp\htdocs\FileInclusion\hint2\hint2.php" <!-->
</body>
</html>

7
FileInclusion/pages/dontOpen/hint1/hint1.php Normal file
View File

@ -0,0 +1,7 @@
<html>
<body>
<p>
<div align="center"><b><h1><i><b> A day may come when the courage of men fails… but it is not this day. </b></i></h1></b></div>
<div align="center"><b><h3> You found one!!</h3></b></div>
</body>
</html>

30
FileInclusion/pages/lvl1.php Normal file
View File

@ -0,0 +1,30 @@
<html>
<head>
<meta charset="utf-8">
<link rel="shortcut icon" href="../../Resources/hmbct.png" />
<title> Level 1 </title>
</head>
<body>
<button type="button" name="homeButton" onclick="location.href='../../homepage.html';">Home Page</button>
<button type="button" name="mainButton" onclick="location.href='main.html';">Main Page</button>
<button type="button" name="nextButton" onclick="location.href='lvl2.php';">Next Level</button>
<div align="center"><b><h3>This is Level 1</h3></b></div>
<div align="center">
<a href=lvl1.php?file=1.php><button>Button</button></a>
<a href=lvl1.php?file=2.php><button>The Other Button!</button></a>
</div>
<?php
echo "</br></br>";
if (isset( $_GET[ 'file' ]))
{
@include($_GET[ 'file' ]);
echo"<div align='center'><b><h5>".$_GET[ 'file' ]."</h5></b></div> ";
}
?>
</body>
</html>

37
FileInclusion/pages/lvl2.php Normal file
View File

@ -0,0 +1,37 @@
<html>
<head>
<meta charset="utf-8">
<link rel="shortcut icon" href="../../Resources/hmbct.png" />
<title> Level 2 </title>
</head>
<body>
<button type="button" name="homeButton" onclick="location.href='../../homepage.html';">Home Page</button>
<button type="button" name="mainButton" onclick="location.href='main.html';">Main Page</button>
<button type="button" name="nextButton" onclick="location.href='lvl3.php';">Next Level</button>
<div align="center"><b><h3>This is Level 2</h3></b></div>
<div align="center">
<a href=lvl2.php?file=1.php><button>Button</button></a>
<a href=lvl2.php?file=2.php><button>The Other Button!</button></a>
</div>
<?php
echo "</br></br>";
if (isset( $_GET[ 'file' ]))
{
$secure2 = $_GET[ 'file' ];
$secure2 = str_replace( array( "..\\" , ".\\", " ./", "../"),"", $secure2 );
$secure2 = str_replace( array( "http://" , "https://" ) ,"" , $secure2 );
if (isset($secure2))
{
@include($secure2);
echo"<div align='center'><b><h5>".$secure2."</h5></b></div> ";
}
}
?>
</body>
</html>

42
FileInclusion/pages/lvl3.php Normal file
View File

@ -0,0 +1,42 @@
<html>
<head>
<meta charset="utf-8">
<link rel="shortcut icon" href="../../Resources/hmbct.png" />
<title> Level 3 </title>
</head>
<body>
<button type="button" name="homeButton" onclick="location.href='../../homepage.html';">Home Page</button>
<button type="button" name="mainButton" onclick="location.href='main.html';">Main Page</button>
<button type="button" name="nextButton" onclick="location.href='lvl4.php';">Next Level</button>
<div align="center"><b><h3>This is Level 3</h3></b></div>
<div align="center">
<a href=lvl3.php?file=1><button>Button</button></a>
<a href=lvl3.php?file=2><button>The Other Button!</button></a>
</div>
<?php
echo "</br></br>";
if (isset( $_GET[ 'file' ]))
{
$secure3=$_GET[ 'file' ];
$secure3=strtolower($secure3);
$secure3=str_replace( array("http://", "https://") ,"" , $secure3);
$secure3=str_replace (array ( ":" , "/" , "..\\", "../" ), "" , $secure3);
if (isset($secure3))
{
include($secure3.".php");
}
}
?>
</body>
</html>

38
FileInclusion/pages/lvl4.php Normal file
View File

@ -0,0 +1,38 @@
<html>
<head>
<meta charset="utf-8">
<link rel="shortcut icon" href="../../Resources/hmbct.png" />
<title> Level 4 </title>
</head>
<body>
<button type="button" name="homeButton" onclick="location.href='../../homepage.html';">Home Page</button>
<button type="button" name="mainButton" onclick="location.href='main.html';">Main Page</button>
<div align="center"><b><h3>This is Level 4</h3></b></div>
<div align="center">
<a href=lvl4.php?file=1.php><button>Button</button></a>
<a href=lvl4.php?file=2.php><button>The Other Button!</button></a>
</div>
<?php
echo "</br></br>";
if (isset( $_GET[ 'file' ]))
{
$secure4 = $_GET[ 'file' ];
if ($secure4!="1.php" && $secure4!="2.php")
{
$secure4=substr($secure4, 0,-4);
}
if (isset($secure4))
{
include($secure4);
}
}
?>
</body>
</html>

24
FileInclusion/pages/main.html Normal file
View File

@ -0,0 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<link rel="shortcut icon" href="../../Resources/hmbct.png" />
<title> File Inclusion </title>
</head>
<body>
<link rel="stylesheet" href="../../Resources/button.css">
<div style="background-color:#afafaf;padding:15px;border-radius:20px 20px 0px 0px;">
<p align="center" style="font-family:'Georgia';font-size:200%">File Inclusion</p>
</div>
<div class="button" style="background-color:#c9c9c9;padding:15px;border-radius:0px 0px 20px 20px;">
<button class="button" type="button" name="homeB" onclick="location.href='../../homepage.html';">Home</button>
<button class="button" type="button" name="comex1Button" onclick="location.href='lvl1.php';">File Inclusion Level 1</button>
<button class="button" type="button" name="comex2Button" onclick="location.href='lvl2.php';">File Inclusion Level 2</button>
<button class="button" type="button" name="comex3Button" onclick="location.href='lvl3.php';">File Inclusion Level 3</button>
<button class="button" type="button" name="comex3Button" onclick="location.href='lvl4.php';">File Inclusion Level 4</button>
</div>
</link>
<img src="../../Resources/hmb.png" align="left" style="width:40%" alt="HummingbirdsCyberTeam">
<img src="../../Resources/gazicyber.jpg" align="right" style="width:15%" alt="GaziCyber">
</body>
</html>