forked from webpwnized/mutillidae
-
Notifications
You must be signed in to change notification settings - Fork 0
/
test-connectivity.php
executable file
·105 lines (90 loc) · 3.47 KB
/
test-connectivity.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
/* Command Injection
* Method Tampering
* Cross Site Scripting
* HTML Injection
* Server-side Request Forgery (SSRF) */
try {
switch ($_SESSION["security-level"]){
case "0": // This code is insecure. No input validation is performed.
$lProtectAgainstMethodTampering = FALSE;
$lProtectAgainstCommandInjection=FALSE;
$lProtectAgainstXSS = FALSE;
$lProtectAgainstSSRF = FALSE;
break;
case "1": // This code is insecure. No input validation is performed.
$lProtectAgainstMethodTampering = FALSE;
$lProtectAgainstCommandInjection=FALSE;
$lProtectAgainstXSS = FALSE;
$lProtectAgainstSSRF = FALSE;
break;
case "2":
case "3":
case "4":
case "5": // This code is fairly secure
$lProtectAgainstCommandInjection=TRUE;
$lProtectAgainstMethodTampering = TRUE;
$lProtectAgainstXSS = TRUE;
$lProtectAgainstSSRF = TRUE;
break;
}// end switch
$lFormSubmitted = FALSE;
if (isset($_POST["ServerURL"]) || isset($_REQUEST["ServerURL"])) {
$lFormSubmitted = TRUE;
}// end if
$lDefaultServerURL = "http://".$_SERVER['SERVER_NAME']."/webservices/rest/ws-test-connectivity.php";
if ($lFormSubmitted){
if ($lProtectAgainstCommandInjection) {
// We do not accept user input to determine where HTTP request will be sent by the application
$lServerURL = $lDefaultServerURL;
}else{
$lProtectAgainstMethodTampering?$lServerURL = $_POST["ServerURL"]:$lServerURL = $_REQUEST["ServerURL"];
}//end if
if ($lProtectAgainstXSS) {
/* Protect against XSS by output encoding */
$lServerURLText = $Encoder->encodeForHTML($lServerURL);
}else{
/* allow XSS by not encoding output */
$lServerURLText = $lServerURL;
}//end if
}// end if $lFormSubmitted
}catch(Exception $e){
echo $CustomErrorHandler->FormatError($e, "Error setting up configuration on page test-connectivity.php");
}// end try
?>
<div class="page-title"><span style="font-size: 18pt;">Can you hear me now?</div>
<?php include_once (__SITE_ROOT__.'/includes/back-button.inc');?>
<?php include_once (__SITE_ROOT__.'/includes/hints/hints-menu-wrapper.inc'); ?>
<!-- BEGIN HTML OUTPUT -->
<form action="index.php?page=test-connectivity.php"
method="post"
enctype="application/x-www-form-urlencoded"
id="idEchoForm">
<table>
<tr><td></td></tr>
<tr>
<td colspan="2" class="form-header">Click the Test Connectivity Button to Test Webservice Connection</td>
</tr>
<tr><td></td></tr>
<tr>
<td colspan="2" style="text-align:center;">
<input name="ServerURL" value="<?php echo $lDefaultServerURL; ?>" type="hidden" id="idServerURLInput" />
<input name="echo-php-submit-button" class="button" type="submit" value="Test Connectivity" />
</td>
</tr>
<tr><td></td></tr>
<tr><td></td></tr>
</table>
</form>
<?php
/* Output results of shell command sent to operating system */
if ($lFormSubmitted){
try{
echo '<div class="report-header">Results for '.$lServerURLText.'</div>';
echo '<pre class="output">'.shell_exec("curl --silent " . $lServerURL).'</pre>';
$LogHandler->writeToLog("Executed PHP command: curl --silent " . $lServerURLText);
}catch(Exception $e){
echo $CustomErrorHandler->FormatError($e, "Input: " . $lServerURLText);
}// end try
}// end if (isset($_POST))
?>