From 22f80861cbfed373347059099b58cafc738f60ae Mon Sep 17 00:00:00 2001 From: webpwnized Date: Tue, 5 Nov 2024 20:43:08 -0500 Subject: [PATCH] 2.11.24 Update web service documentation --- src/ajax/lookup-pen-test-tool.php | 6 ++-- src/authorization-required.php | 2 +- src/browser-info.php | 11 ++++--- src/cache-control.php | 2 +- src/capture-data.php | 2 +- src/captured-data.php | 19 +++++------ src/client-side-control-challenge.php | 6 ++-- src/conference-room-lookup.php | 6 ++-- src/content-security-policy.php | 9 +++--- src/credits.php | 1 + src/database-offline.php | 2 +- src/framer.html | 4 +-- src/framing.php | 2 +- src/hints-page-wrapper.php | 2 +- src/home.php | 4 +-- src/html5-storage.php | 14 ++++----- src/pen-test-tool-lookup-ajax.php | 29 ++++++++--------- src/pen-test-tool-lookup.php | 45 ++++++++++++++------------- src/redirectandlog.php | 7 +++-- src/rene-magritte.php | 2 +- src/set-background-color.php | 2 +- src/show-log.php | 6 ++-- src/site-footer-xss-discussion.php | 2 +- src/source-viewer.php | 12 +++---- src/styling.php | 8 ++--- src/text-file-viewer.php | 1 + src/upload-file.php | 7 +++-- src/user-poll.php | 13 +++++--- src/view-someones-blog.php | 12 +++---- src/view-user-privilege-level.php | 6 ++-- src/xml-validator.php | 6 ++-- 31 files changed, 132 insertions(+), 118 deletions(-) diff --git a/src/ajax/lookup-pen-test-tool.php b/src/ajax/lookup-pen-test-tool.php index 525f79e8..80a8e96d 100755 --- a/src/ajax/lookup-pen-test-tool.php +++ b/src/ajax/lookup-pen-test-tool.php @@ -36,7 +36,7 @@ try { switch ($_SESSION["security-level"]){ case "0": // This code is insecure. - $lUseServerSideValidation = FALSE; + $lUseServerSideValidation = false; $lEncodeOutput = false; $lTokenizeAllowedMarkup = false; $lProtectAgainstSQLInjection = false; @@ -45,7 +45,7 @@ break; case "1": // This code is insecure. - $lUseServerSideValidation = FALSE; + $lUseServerSideValidation = false; $lEncodeOutput = false; $lTokenizeAllowedMarkup = false; $lProtectAgainstSQLInjection = false; @@ -57,7 +57,7 @@ case "3": case "4": case "5": // This code is fairly secure - $lUseServerSideValidation = TRUE; + $lUseServerSideValidation = true; $lProtectAgainstMethodTampering = true; /* * NOTE: Input validation is excellent but not enough. The output must be diff --git a/src/authorization-required.php b/src/authorization-required.php index a170f670..ed441456 100755 --- a/src/authorization-required.php +++ b/src/authorization-required.php @@ -3,7 +3,7 @@ $LogHandler->writeToLog("User attempted to access forbidden page."); } catch (Exception $e) { echo $CustomErrorHandler->FormatError($e, "Error writing to log"); - }// end try + }// end try ?>
Authorization Required
diff --git a/src/browser-info.php b/src/browser-info.php index 7693fb07..ed94c065 100755 --- a/src/browser-info.php +++ b/src/browser-info.php @@ -2,9 +2,10 @@ try{ switch ($_SESSION["security-level"]){ + default: // This code is insecure case "0": // This code is insecure case "1": // This code is insecure - // DO NOTHING: This is insecure + // DO NOTHING: This is insecure $lEncodeOutput = false; $luseSafeJavaScript = "false"; break; @@ -35,9 +36,9 @@ $lEncodeOutput = true; $luseSafeJavaScript = "true"; break; - }// end switch + }// end switch - require_once (__SITE_ROOT__.'/classes/ClientInformationHandler.php'); + require_once __SITE_ROOT__.'/classes/ClientInformationHandler.php'; $lClientInformationHandler = new ClientInformationHandler(); if ($lEncodeOutput){ @@ -80,7 +81,7 @@ Remote Client Port WhoIs info for client IP
$value){ echo 'Cookie '.$Encoder->encodeForHTML($key).''.$Encoder->encodeForHTML($value).''; }// end foreach @@ -89,7 +90,7 @@ echo 'Cookie '.$key.''.$value.''; }// end foreach }// end if - ?> + ?>
 
 
diff --git a/src/cache-control.php b/src/cache-control.php index ae9e4576..bd694426 100755 --- a/src/cache-control.php +++ b/src/cache-control.php @@ -47,7 +47,7 @@ Nirsoft IE CacheView also useful

Reporting -

+

RFC-7234 from the Internet Engineering Task Force (IETF) specifies caching controls. HTTP headers are used to specify caching directives (Section 5.2.1). "Cache-Control" is standard for HTTP/1.1. diff --git a/src/capture-data.php b/src/capture-data.php index e9262fa9..1f1afb22 100755 --- a/src/capture-data.php +++ b/src/capture-data.php @@ -10,7 +10,7 @@
- + Captured Data Icon View Captured Data
diff --git a/src/captured-data.php b/src/captured-data.php index d5a5d86d..89000535 100755 --- a/src/captured-data.php +++ b/src/captured-data.php @@ -6,11 +6,12 @@ */ switch ($_SESSION["security-level"]){ + default: // This code is insecure case "0": // This code is insecure case "1": // This code is insecure - // DO NOTHING: This is insecure + // DO NOTHING: This is insecure $lEncodeOutput = false; - $lLimitOutput= FALSE; + $lLimitOutput= false; break; case "2": @@ -42,9 +43,9 @@ * Amplifications attacks are also done by sending single IP packets to networks * which will broadcast the packet thus ampliphying the packet many times. */ - $lLimitOutput= TRUE; + $lLimitOutput= true; break; - }// end switch + }// end switch if(isset($_GET["deleteLogs"])){ try{ @@ -86,17 +87,17 @@
- + Refresh Refresh - + Delete Delete Capured Data - + Capture Data Capture Data
@@ -113,7 +114,7 @@ Client IP Address Client Port User Agent - Referrer + Referrer Data Date/Time '; @@ -131,7 +132,7 @@ $lClientIPAddress = $row->ip_address; $lClientPort = $row->port; $lClientUserAgentString = $row->user_agent_string; - $lClientReferrer = $row->referrer; + $lClientReferrer = $row->referrer; $lData = $row->data; $lCaptureDate = $row->capture_date; }else{ diff --git a/src/client-side-control-challenge.php b/src/client-side-control-challenge.php index 903987ea..00eeeda6 100755 --- a/src/client-side-control-challenge.php +++ b/src/client-side-control-challenge.php @@ -52,11 +52,11 @@ public function __construct (){ }//end constructor public function EnableOutputEncoding(){ - $this->mEncodeOutput = TRUE; + $this->mEncodeOutput = true; }// end try public function DisableOutputEncoding(){ - $this->mEncodeOutput = FALSE; + $this->mEncodeOutput = false; }// end try public function addFieldHelper(/*ClientField*/ $pClientField){ @@ -250,7 +250,7 @@ public function prettyPrintFields(){ $lRandomFlag = $_SESSION['cscc-random-flag']; } catch(Exception $e){ - $lSubmitButtonClicked = FALSE; + $lSubmitButtonClicked = false; echo $CustomErrorHandler->FormatError($e, "Error creating client-side challenge"); }// end try ?> diff --git a/src/conference-room-lookup.php b/src/conference-room-lookup.php index 96199614..ccadef8b 100755 --- a/src/conference-room-lookup.php +++ b/src/conference-room-lookup.php @@ -24,21 +24,21 @@ function encodeForLDAP(/*string*/ $pString) { $lEnableJavaScriptValidation = false; $lEnableHTMLControls = false; $lProtectAgainstMethodTampering = false; - $lProtectAgainstLDAPInjection=FALSE; + $lProtectAgainstLDAPInjection=false; break; case "1": // This code is insecure. No input validation is performed. $lEnableJavaScriptValidation = true; $lEnableHTMLControls = true; $lProtectAgainstMethodTampering = false; - $lProtectAgainstLDAPInjection=FALSE; + $lProtectAgainstLDAPInjection=false; break; case "2": case "3": case "4": case "5": // This code is fairly secure - $lProtectAgainstLDAPInjection=TRUE; + $lProtectAgainstLDAPInjection=true; $lEnableHTMLControls = true; $lEnableJavaScriptValidation = true; $lProtectAgainstMethodTampering = true; diff --git a/src/content-security-policy.php b/src/content-security-policy.php index 67f80cf6..ddca0e48 100755 --- a/src/content-security-policy.php +++ b/src/content-security-policy.php @@ -6,7 +6,8 @@ try { switch ($_SESSION["security-level"]){ - case "0": // This code is insecure. No input validation is performed. + default: // This code is insecure. + case "0": // This code is insecure. $lEnableJavaScriptValidation = false; $lEnableHTMLControls = false; $lProtectAgainstMethodTampering = false; @@ -14,7 +15,7 @@ $lProtectAgainstXSS = false; break; - case "1": // This code is insecure. No input validation is performed. + case "1": // This code is insecure. $lEnableJavaScriptValidation = true; $lEnableHTMLControls = true; $lProtectAgainstMethodTampering = false; @@ -64,12 +65,12 @@ - + Malware Icon Switch to Cross-Site Scripting (XSS) - + CORS Icon Switch to Cross-Origin Resource Sharing (CORS) diff --git a/src/credits.php b/src/credits.php index 0897badd..aedccab5 100755 --- a/src/credits.php +++ b/src/credits.php @@ -1,5 +1,6 @@ - + diff --git a/src/framer.html b/src/framer.html index 80400bd1..c1bc1c8d 100755 --- a/src/framer.html +++ b/src/framer.html @@ -1,5 +1,5 @@ - + @@ -26,7 +26,7 @@
- + Back Button    Return to Mutillidae
diff --git a/src/framing.php b/src/framing.php index 7c4aa7f3..d1eba875 100755 --- a/src/framing.php +++ b/src/framing.php @@ -25,7 +25,7 @@
-Giant Invisible Click-Jacking Button +Giant Invisible Click-Jacking Button
- + Sign Post Switch to POST Version of page diff --git a/src/pen-test-tool-lookup.php b/src/pen-test-tool-lookup.php index dc4bf35c..120051fe 100755 --- a/src/pen-test-tool-lookup.php +++ b/src/pen-test-tool-lookup.php @@ -1,29 +1,30 @@ FormatError($e, "Error setting up configuration on page pentest-lookup-tool.php"); - }// end try + }// end try /* ---------------------------------------------------------- * Get the tools to populate the drop down box @@ -67,7 +68,7 @@ //echo '' . PHP_EOL; $lPenTestToolsOptions .= '' . PHP_EOL; - }// end while + }// end while } catch (Exception $e) { echo $CustomErrorHandler->FormatError($e, $lQueryString); @@ -90,12 +91,12 @@ if(!empty($lPostedButton)){ - $lErrorNoChoiceMade = FALSE; + $lErrorNoChoiceMade = false; if ($lPostedToolID == "0923ac83-8b50-4eda-ad81-f1aac6168c5c" || strlen($lPostedToolID) == 0){ - $lErrorNoChoiceMade = TRUE; + $lErrorNoChoiceMade = true; }else{ - $lErrorNoChoiceMade = FALSE; + $lErrorNoChoiceMade = false; $qPenTestToolResults = $SQLQueryHandler->getPenTestTool($lPostedToolID); $lPenTestToolsDetails = ""; @@ -139,7 +140,7 @@ echo "var gUseJavaScriptValidation = \"TRUE\";".PHP_EOL; }else{ echo "var gUseJavaScriptValidation = \"FALSE\";".PHP_EOL; - }//end if + }//end if if ($lErrorNoChoiceMade){ echo "var gDisplayError = \"TRUE\";".PHP_EOL; @@ -160,7 +161,7 @@ var lToolIDTD = lDocRoot.createElement("td"); var lToolNameTD = lDocRoot.createElement("td"); - var lPhaseTD = lDocRoot.createElement("td"); + var lPhaseTD = lDocRoot.createElement("td"); var lToolTypeTD = lDocRoot.createElement("td"); var lCommentTD = lDocRoot.createElement("td"); @@ -228,15 +229,15 @@ - + AJAX Logo Switch to AJAX Version of page
Pen Test Tools -
diff --git a/src/redirectandlog.php b/src/redirectandlog.php index a4103d97..04da5bc8 100755 --- a/src/redirectandlog.php +++ b/src/redirectandlog.php @@ -28,10 +28,10 @@ * validate as string. */ $forwardurl=$_REQUEST["forwardurl"]; - $LogHandler->writeToLog("Redirected user to: " . $forwardurl); + $LogHandler->writeToLog("Redirected user to: " . $forwardurl); echo ''; //header("Location: " . $forwardurl); /* Redirect browser */ - exit; /* prevent other headers from runnning */ + exit; /* prevent other headers from runnning */ break; case "2": @@ -49,7 +49,7 @@ * Regex pattern makes sure the user doesnt send in characters that * are not actually digits but can be cast to digits. */ - $isDigits = (preg_match("/\d{1,2}/", $forwardurl) == 1); + $isDigits = (preg_match("/\d{1,2}/", $forwardurl) == 1); if ($isDigits && $forwardurl > 0 && $forwardurl < 11){ $lURL = ""; /* Insecure Direct Object References are patched @@ -66,6 +66,7 @@ * the direct object, which is the forwarding URL. */ switch($forwardurl){ + default: $lURL = "http://www.irongeek.com/";break; case 1: $lURL = "http://www.irongeek.com/";break; case 2: $lURL = "http://www.owasp.org";break; case 3: $lURL = "http://www.issa-kentuckiana.org/";break; diff --git a/src/rene-magritte.php b/src/rene-magritte.php index 01aab59e..8c21c2cc 100755 --- a/src/rene-magritte.php +++ b/src/rene-magritte.php @@ -1,5 +1,5 @@ - +Rene Magritte Frame diff --git a/src/set-background-color.php b/src/set-background-color.php index 3f13d59c..0e2b80da 100755 --- a/src/set-background-color.php +++ b/src/set-background-color.php @@ -48,7 +48,7 @@ }else{ $lBackgroundColor = $lBackgroundColorText = "eecccc"; - }// end if (isset($_POST)) + }// end if (isset($_POST)) ?>