forked from digininja/DVWA
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup.php
109 lines (92 loc) · 3.23 KB
/
setup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<?php
define( 'DVWA_WEB_PAGE_TO_ROOT', '' );
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup( array( 'phpids' ) );
$page = dvwaPageNewGrab();
$page[ 'title' ] = 'Setup' . $page[ 'title_separator' ].$page[ 'title' ];
$page[ 'page_id' ] = 'setup';
if( isset( $_POST[ 'create_db' ] ) ) {
// Anti-CSRF
if (array_key_exists ("session_token", $_SESSION)) {
$session_token = $_SESSION[ 'session_token' ];
} else {
$session_token = "";
}
checkToken( $_REQUEST[ 'user_token' ], $session_token, 'setup.php' );
if( $DBMS == 'MySQL' ) {
include_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/DBMS/MySQL.php';
}
elseif($DBMS == 'PGSQL') {
// include_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/DBMS/PGSQL.php';
dvwaMessagePush( 'PostgreSQL is not yet fully supported.' );
dvwaPageReload();
}
else {
dvwaMessagePush( 'ERROR: Invalid database selected. Please review the config file syntax.' );
dvwaPageReload();
}
}
// Anti-CSRF
generateSessionToken();
$database_type_name = "Unknown - The site is probably now broken";
if( $DBMS == 'MySQL' ) {
$database_type_name = "MySQL/MariaDB";
} elseif($DBMS == 'PGSQL') {
$database_type_name = "PostgreSQL";
}
$page[ 'body' ] .= "
<div class=\"body_padded\">
<h1>Database Setup <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/spanner.png\" /></h1>
<p>Click on the 'Create / Reset Database' button below to create or reset your database.<br />
If you get an error make sure you have the correct user credentials in: <em>" . realpath( getcwd() . DIRECTORY_SEPARATOR . "config" . DIRECTORY_SEPARATOR . "config.inc.php" ) . "</em></p>
<p>If the database already exists, <em>it will be cleared and the data will be reset</em>.<br />
You can also use this to reset the administrator credentials (\"<em>admin</em> // <em>password</em>\") at any stage.</p>
<hr />
<br />
<h2>Setup Check</h2>
{$SERVER_NAME}<br />
<br />
{$DVWAOS}<br />
<br />
PHP version: <em>" . phpversion() . "</em><br />
{$phpDisplayErrors}<br />
{$phpSafeMode}<br/ >
{$phpURLInclude}<br/ >
{$phpURLFopen}<br />
{$phpMagicQuotes}<br />
{$phpGD}<br />
{$phpMySQL}<br />
{$phpPDO}<br />
<br />
Backend database: <em>{$database_type_name}</em><br />
{$MYSQL_USER}<br />
{$MYSQL_PASS}<br />
{$MYSQL_DB}<br />
{$MYSQL_SERVER}<br />
{$MYSQL_PORT}<br />
<br />
{$DVWARecaptcha}<br />
<br />
{$DVWAUploadsWrite}<br />
{$DVWAPHPWrite}<br />
<br />
<br />
{$bakWritable}
<br />
<i><span class=\"failure\">Status in red</span>, indicate there will be an issue when trying to complete some modules.</i><br />
<br />
If you see disabled on either <i>allow_url_fopen</i> or <i>allow_url_include</i>, set the following in your php.ini file and restart Apache.<br />
<pre><code>allow_url_fopen = On
allow_url_include = On</code></pre>
These are only required for the file inclusion labs so unless you want to play with those, you can ignore them.
<br /><br /><br />
<!-- Create db button -->
<form action=\"#\" method=\"post\">
<input name=\"create_db\" type=\"submit\" value=\"Create / Reset Database\">
" . tokenField() . "
</form>
<br />
<hr />
</div>";
dvwaHtmlEcho( $page );
?>