gnh1201/Vulnerable-Web-Application
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
OguzTozkoparan 2018-11-27 16:32:55 +03:00 committed by GitHub
parent 424ee79fa0
commit e54372889a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 142 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CommandExecution/CommandExec-1.php Normal file
View File

@ -0,0 +1,32 @@
<html>
<head>
<title>CommandExec-1</title>
</head>
<body bgcolor="#FFFFD2">
<div style="background-color:#c9c9c9;padding:15px;">
<button class="button" type="button" name="homeButton" onclick="location.href='../homepage.html';">Home Page</button>
<button class="button" type="button" name="mainButton" onclick="location.href='commandexec.html';">Main Page</button>
<button class="button" type="button" name="nextButton" onclick="location.href='CommandExec-2.php';">Next Level</button>
</div>
<div style="background-color:#FEFE9A;padding:20px;">
<h1 align="center">LOGIN</h1>
<form align="center" action="CommandExec-1.php" method="$_GET">
<label>Username:</label><br>
<input type="text" name="username" value="Admin"><br>
<label>Password:</label><br>
<input type="text" name="password" value=""><br>
<input type="submit">
</form>
</div>
<div style="background-color:#ecf2d0;padding:20px" align="center">
<?php
if(isset($_GET["username"])){
echo shell_exec( $_GET["username"]);
}
if($_GET["username"] == "Admin" && $_GET["password"] == "flag1")
echo "WELLDONE";
?>
</div>
</body>
</html>

32
CommandExecution/CommandExec-2.php Normal file
View File

@ -0,0 +1,32 @@
<html>
<head>
<title>CommandExec-2</title>
</head>
<body bgcolor="#FFFFD2">
<div style="background-color:#c9c9c9;padding:15px;">
<button class="button" type="button" name="homeButton" onclick="location.href='../homepage.html';">Home Page</button>
<button class="button" type="button" name="mainButton" onclick="location.href='commandexec.html';">Main Page</button>
<button class="button" type="button" name="nextButton" onclick="location.href='CommandExec-3.php';">Next Level</button>
<button class="button" type="button" name="prevButton" onclick="location.href='CommandExec-1.php';">Previous Level</button>
</div>
<div style="background-color:#FEFE9A;padding:20px;">
<h1 align="center">HELLO</h1>
<form align="center" action="CommandExec-2.php" method="$_GET">
Write Field:<input type="text" name="typeBox" value=""><br>
<input type="submit">
</form>
</div>
<div style="background-color:#ecf2d0;padding:20px" align="center">
<?php
if(isset($_GET["typeBox"])){
$target =$_GET["typeBox"];
$substitutions = array('&&' => '',';' => '', );
$target = str_replace(array_keys($substitutions),$substitutions,$target);
echo shell_exec($target);
}
if($_GET["typeBox"] == "flag2")
echo "HELAL OLSUN KARDŞİİM!";
?>
</div>
</body>
</html>

24
CommandExecution/CommandExec-3.php Normal file
View File

@ -0,0 +1,24 @@
<html>
<head>
<title>CommandExec-3</title>
</head>
<body bgcolor="#FFFFD2">
<div style="background-color:#c9c9c9;padding:15px;">
<button class="button" type="button" name="homeButton" onclick="location.href='../homepage.html';">Home Page</button>
<button class="button" type="button" name="mainButton" onclick="location.href='commandexec.html';">Main Page</button>
<button class="button" type="button" name="nextButton" onclick="location.href='CommandExec-4.php';">Next Level</button>
<button class="button" type="button" name="prevButton" onclick="location.href='CommandExec-2.php';">Previous Level</button>
</div>
<div style="background-color:#FEFE9A;padding:20px;">
<h1 align="center"></h1>
<form align="center" action="CommandExec-3.php" method="$_GET">
<input type="text" name="typeBox" value=""><br>
<input type="submit">
</form>
</div>
<div style="background-color:#ecf2d0;padding:20px" align="center">
<?php
?>
</div>
</body>
</html>

23
CommandExecution/CommandExec-4.php Normal file
View File

@ -0,0 +1,23 @@
<html>
<head>
<title>CommandExec-4</title>
</head>
<body bgcolor="#FFFFD2">
<div style="background-color:#c9c9c9;padding:15px;">
<button class="button" type="button" name="homeButton" onclick="location.href='../homepage.html';">Home Page</button>
<button class="button" type="button" name="mainButton" onclick="location.href='commandexec.html';">Main Page</button>
<button class="button" type="button" name="prevButton" onclick="location.href='CommandExec-3.php';">Previous Level</button>
</div>
<div style="background-color:#FEFE9A;padding:20px;">
<h1 align="center"></h1>
<form align="center" action="CommandExec-4.php" method="$_GET">
<input type="text" name="typeBox" value=""><br>
<input type="submit">
</form>
</div>
<div style="background-color:#ecf2d0;padding:20px" align="center">
<?php
?>
</div>
</body>
</html>

10
CommandExecution/comex1/log-1.txt Normal file
View File

@ -0,0 +1,10 @@
-->Sanki bakması zor gibi??
hadi
koyumuze
geri
donelim
password:flag1
fadimenin
dugununde
fadimeyi
sevelim

1
CommandExecution/comex2/log-2.txt Normal file
View File

@ -0,0 +1 @@
password:flag2

20
CommandExecution/commandexec.html Normal file
View File

@ -0,0 +1,20 @@
<!DOCTYPE html>
<html>
<head>
<title>Command Execution</title>
</head>
<body bgcolor="#ffffff" style="background-image: url('../Resources/background.png');background-size:1500px 740px;">
<link rel="stylesheet" href="../Resources/button.css">
<div style="background-color:#afafaf;padding:15px;border-radius:20px 20px 0px 0px;">
<p align="center" style="font-family:'Georgia';font-size:200%">Command Execution</p>
</div>
<div class="button" style="background-color:#c9c9c9;padding:15px;border-radius:0px 0px 20px 20px;">
<button class="button" type="button" name="homeB" onclick="location.href='../homepage.html';">Home</button>
<button class="button" type="button" name="comex1Button" onclick="location.href='CommandExec-1.php';">Command Execution Level 1</button>
<button class="button" type="button" name="comex2Button" onclick="location.href='CommandExec-2.php';">Command Execution Level 2</button>
<button class="button" type="button" name="comex3Button" onclick="location.href='CommandExec-3.php';">Command Execution Level 3</button>
<button class="button" type="button" name="comex4Button" onclick="location.href='CommandExec-4.php';">Command Execution Level 4</button>
</div>
</link>
</body>
</html>