Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

<?php goto Xu3ji; QSwVF: dvwaLocaleSet($_DVWA["\144\x65\x66\141\165\154\164\x5f\x6c\x6f\x..

Decoded Output download

<?php
 goto Xu3ji; QSwVF: dvwaLocaleSet($_DVWA["default_locale"]); goto sDKs5; MeouZ: function dvwaMessagePop() { $dvwaSession =& dvwaSessionGrab(); if (!isset($dvwaSession["messages"]) || count($dvwaSession["messages"]) == 0) { return false; } return array_shift($dvwaSession["messages"]); } goto qpOCC; byTEe: $MYSQL_PASS = "Database password: <em>" . ($_DVWA["db_password"] != '' ? "******" : "*blank*") . "</em>"; goto Nh7JW; aKric: $DVWARecaptcha = "reCAPTCHA key: <span class="" . (isset($_DVWA["recaptcha_public_key"]) && $_DVWA["recaptcha_public_key"] != '' ? "success">" . $_DVWA["recaptcha_public_key"] : "failure">Missing") . "</span>"; goto a2pyt; fsaqZ: function dvwaIsLoggedIn() { global $_DVWA; if (in_array("disable_authentication", $_DVWA) && $_DVWA["disable_authentication"]) { return true; } $dvwaSession =& dvwaSessionGrab(); return isset($dvwaSession["username"]); } goto YTZUB; LrEaJ: $phpGD = "PHP module gd: <span class="" . (extension_loaded("gd") && function_exists("gd_info") ? "success">Installed" : "failure">Missing - Only an issue if you want to play with captchas") . "</span>"; goto pqsUb; Atmzb: function dvwaRedirect($pLocation) { session_commit(); header("Location: {$pLocation}"); die; } goto oCq_2; ocCl5: $phpPDO = "PHP module pdo_mysql: <span class="" . (extension_loaded("pdo_mysql") ? "success">Installed" : "failure">Missing") . "</span>"; goto aKric; iuW35: function dvwaLocaleSet($pLocale) { $dvwaSession =& dvwaSessionGrab(); $locales = array("en", "zh"); if (in_array($pLocale, $locales)) { $dvwaSession["locale"] = $pLocale; } else { $dvwaSession["locale"] = "en"; } } goto lmXHu; ZSh5J: function dvwaHtmlEcho($pPage) { $menuBlocks = array(); $menuBlocks["home"] = array(); if (dvwaIsLoggedIn()) { $menuBlocks["home"][] = array("id" => "home", "name" => "Home", "url" => "."); $menuBlocks["home"][] = array("id" => "instructions", "name" => "Instructions", "url" => "instructions.php"); $menuBlocks["home"][] = array("id" => "setup", "name" => "Setup / Reset DB", "url" => "setup.php"); } else { $menuBlocks["home"][] = array("id" => "setup", "name" => "Setup DVWA", "url" => "setup.php"); $menuBlocks["home"][] = array("id" => "instructions", "name" => "Instructions", "url" => "instructions.php"); } if (dvwaIsLoggedIn()) { $menuBlocks["vulnerabilities"] = array(); $menuBlocks["vulnerabilities"][] = array("id" => "brute", "name" => "Brute Force", "url" => "vulnerabilities/brute/"); $menuBlocks["vulnerabilities"][] = array("id" => "exec", "name" => "Command Injection", "url" => "vulnerabilities/exec/"); $menuBlocks["vulnerabilities"][] = array("id" => "csrf", "name" => "CSRF", "url" => "vulnerabilities/csrf/"); $menuBlocks["vulnerabilities"][] = array("id" => "fi", "name" => "File Inclusion", "url" => "vulnerabilities/fi/.?page=include.php"); $menuBlocks["vulnerabilities"][] = array("id" => "upload", "name" => "File Upload", "url" => "vulnerabilities/upload/"); $menuBlocks["vulnerabilities"][] = array("id" => "captcha", "name" => "Insecure CAPTCHA", "url" => "vulnerabilities/captcha/"); $menuBlocks["vulnerabilities"][] = array("id" => "sqli", "name" => "SQL Injection", "url" => "vulnerabilities/sqli/"); $menuBlocks["vulnerabilities"][] = array("id" => "sqli_blind", "name" => "SQL Injection (Blind)", "url" => "vulnerabilities/sqli_blind/"); $menuBlocks["vulnerabilities"][] = array("id" => "weak_id", "name" => "Weak Session IDs", "url" => "vulnerabilities/weak_id/"); $menuBlocks["vulnerabilities"][] = array("id" => "xss_d", "name" => "XSS (DOM)", "url" => "vulnerabilities/xss_d/"); $menuBlocks["vulnerabilities"][] = array("id" => "xss_r", "name" => "XSS (Reflected)", "url" => "vulnerabilities/xss_r/"); $menuBlocks["vulnerabilities"][] = array("id" => "xss_s", "name" => "XSS (Stored)", "url" => "vulnerabilities/xss_s/"); $menuBlocks["vulnerabilities"][] = array("id" => "csp", "name" => "CSP Bypass", "url" => "vulnerabilities/csp/"); $menuBlocks["vulnerabilities"][] = array("id" => "javascript", "name" => "JavaScript", "url" => "vulnerabilities/javascript/"); if (dvwaCurrentUser() == "admin") { $menuBlocks["vulnerabilities"][] = array("id" => "authbypass", "name" => "Authorisation Bypass", "url" => "vulnerabilities/authbypass/"); } $menuBlocks["vulnerabilities"][] = array("id" => "open_redirect", "name" => "Open HTTP Redirect", "url" => "vulnerabilities/open_redirect/"); } $menuBlocks["meta"] = array(); if (dvwaIsLoggedIn()) { $menuBlocks["meta"][] = array("id" => "security", "name" => "DVWA Security", "url" => "security.php"); $menuBlocks["meta"][] = array("id" => "phpinfo", "name" => "PHP Info", "url" => "phpinfo.php"); } $menuBlocks["meta"][] = array("id" => "about", "name" => "About", "url" => "about.php"); if (dvwaIsLoggedIn()) { $menuBlocks["logout"] = array(); $menuBlocks["logout"][] = array("id" => "logout", "name" => "Logout", "url" => "logout.php"); } $menuHtml = ''; foreach ($menuBlocks as $menuBlock) { $menuBlockHtml = ''; foreach ($menuBlock as $menuItem) { $selectedClass = $menuItem["id"] == $pPage["page_id"] ? "selected" : ''; $fixedUrl = DVWA_WEB_PAGE_TO_ROOT . $menuItem["url"]; $menuBlockHtml .= "<li class="{$selectedClass}"><a href="{$fixedUrl}">{$menuItem["name"]}</a></li>
"; } $menuHtml .= "<ul class="menuBlocks">{$menuBlockHtml}</ul>"; } $securityLevelHtml = ''; switch (dvwaSecurityLevelGet()) { case "low": $securityLevelHtml = "low"; break; case "medium": $securityLevelHtml = "medium"; break; case "high": $securityLevelHtml = "high"; break; default: $securityLevelHtml = "impossible"; break; } $userInfoHtml = "<em>Username:</em> " . dvwaCurrentUser(); $securityLevelHtml = "<em>Security Level:</em> {$securityLevelHtml}"; $localeHtml = "<em>Locale:</em> " . dvwaLocaleGet(); $sqliDbHtml = "<em>SQLi DB:</em> " . dvwaSQLiDBGet(); $messagesHtml = messagesPopAllToHtml(); if ($messagesHtml) { $messagesHtml = "<div class="body_padded">{$messagesHtml}</div>"; } $systemInfoHtml = ''; if (dvwaIsLoggedIn()) { $systemInfoHtml = "<div align="left">{$userInfoHtml}<br />{$securityLevelHtml}<br />{$localeHtml}<br />{$sqliDbHtml}</div>"; } if ($pPage["source_button"]) { $systemInfoHtml = dvwaButtonSourceHtmlGet($pPage["source_button"]) . " {$systemInfoHtml}"; } if ($pPage["help_button"]) { $systemInfoHtml = dvwaButtonHelpHtmlGet($pPage["help_button"]) . " {$systemInfoHtml}"; } Header("Cache-Control: no-cache, must-revalidate"); Header("Content-Type: text/html;charset=utf-8"); Header("Expires: Tue, 23 Jun 2009 12:00:00 GMT"); echo "<!DOCTYPE html>\xa
<html lang="en-GB">

\x9<head>
\x9	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

\x9\x9<title>{$pPage["title"]}</title>
\xa\x9\x9<link rel="stylesheet" type="text/css" href="" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/main.css" />\xa\xa	\x9<link rel="icon" type="\image/ico" href="" . DVWA_WEB_PAGE_TO_ROOT . "favicon.ico" />\xa
\x9	<script type="text/javascript" src="" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/js/dvwaPage.js"></script>
\xa\x9</head>\xa
	<body class="home">
		<div id="container">
\xa\x9\x9	<div id="header">\xa
\x9	\x9\x9<img src="" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/logo.png" alt="Damn Vulnerable Web Application" />
\xa\x9	\x9</div>

\x9	\x9<div id="main_menu">\xa\xa\x9			<div id="main_menu_padded">\xa			\x9{$menuHtml}\xa			\x9</div>\xa\xa\x9\x9\x9</div>
\xa\x9\x9	<div id="main_body">\xa\xa\x9	\x9	{$pPage["body"]}\xa	\x9\x9	<br /><br />
\x9\x9\x9\x9{$messagesHtml}
\xa	\x9	</div>\xa\xa\x9\x9	<div class="clear">\xa	\x9\x9</div>\xa
\x9		<div id="system_info">\xa	\x9		{$systemInfoHtml}
	\x9\x9</div>

		\x9<div id="footer">\xa
			\x9<p>Damn Vulnerable Web Application (DVWA)</p>\xa\x9			<script src='" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/js/add_event_listeners.js'></script>\xa\xa\x9		</div>\xa\xa\x9	</div>\xa\xa	</body>\xa\xa</html>"; } goto YRmrk; v2JYx: $DVWAOS = "Operating system: <em>" . (strtoupper(substr(PHP_OS, 0, 3)) === "WIN" ? "Windows" : "*nix") . "</em>"; goto OZc9f; R5VPt: $PHPCONFIGPath = realpath(getcwd() . DIRECTORY_SEPARATOR . DVWA_WEB_PAGE_TO_ROOT . "config"); goto ds_Iq; b4v_p: function dvwaButtonSourceHtmlGet($pId) { $security = dvwaSecurityLevelGet(); return "<input type="button" value="View Source" class="popup_button" id='source_button' data-source-url='" . DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/view_source.php?id={$pId}&security={$security}' )">"; } goto plCvA; tlWO9: $MYSQL_PORT = "Database port: <em>" . $_DVWA["db_port"] . "</em>"; goto LCXJ3; gvjHN: require_once DVWA_WEB_PAGE_TO_ROOT . "config/config.inc.php"; goto qtNU8; Om4A2: function dvwaSecurityLevelSet($pSecurityLevel) { if ($pSecurityLevel == "impossible") { $httponly = true; } else { $httponly = false; } setcookie("security", $pSecurityLevel, 0, "/", '', false, $httponly); $_COOKIE["security"] = $pSecurityLevel; } goto EcS7_; lmXHu: function dvwaMessagePush($pMessage) { $dvwaSession =& dvwaSessionGrab(); if (!isset($dvwaSession["messages"])) { $dvwaSession["messages"] = array(); } $dvwaSession["messages"][] = $pMessage; } goto MeouZ; xnpRD: $MYSQL_SERVER = "Database host: <em>" . $_DVWA["db_server"] . "</em>"; goto tlWO9; YTZUB: function dvwaLogout() { $dvwaSession =& dvwaSessionGrab(); unset($dvwaSession["username"]); } goto DR5xX; Nh7JW: $MYSQL_DB = "Database database: <em>" . $_DVWA["db_database"] . "</em>"; goto xnpRD; sDKs5: function &dvwaSessionGrab() { if (!isset($_SESSION["dvwa"])) { $_SESSION["dvwa"] = array(); } return $_SESSION["dvwa"]; } goto yPkP6; qtNU8: if (!isset($html)) { $html = ''; } goto vqIhI; oCq_2: function dvwaGuestbook() { $query = "SELECT name, comment FROM guestbook"; $result = mysqli_query($GLOBALS["___mysqli_ston"], $query); $guestbook = ''; while ($row = mysqli_fetch_row($result)) { if (dvwaSecurityLevelGet() == "impossible") { $name = htmlspecialchars($row[0]); $comment = htmlspecialchars($row[1]); } else { $name = $row[0]; $comment = $row[1]; } $guestbook .= "<div id="guestbook_comments">Name: {$name}<br />" . "Message: {$comment}<br /></div>
"; } return $guestbook; } goto D8_Jk; EpvF2: if (array_key_exists("Login", $_POST) && $_POST["Login"] == "Login") { dvwa_start_session(); } else { if (!session_id()) { session_start(); } } goto bhUgI; Z1hwl: function dvwaLogin($pUsername) { $dvwaSession =& dvwaSessionGrab(); $dvwaSession["username"] = $pUsername; } goto fsaqZ; W1OXH: $PHPUploadPath = realpath(getcwd() . DIRECTORY_SEPARATOR . DVWA_WEB_PAGE_TO_ROOT . "hackable" . DIRECTORY_SEPARATOR . "uploads") . DIRECTORY_SEPARATOR; goto R5VPt; yr7l2: function dvwaSecurityLevelGet() { global $_DVWA; if (isset($_COOKIE["security"])) { return $_COOKIE["security"]; } if (in_array("disable_authentication", $_DVWA) && $_DVWA["disable_authentication"]) { return $_DVWA["default_security_level"]; } return "impossible"; } goto Om4A2; gkxay: $phpDisplayErrors = "PHP function display_errors: <span class="" . (ini_get("display_errors") ? "success">Enabled" : "failure">Disabled") . "</span>"; goto Larht; Larht: $phpURLInclude = "PHP function allow_url_include: <span class="" . (ini_get("allow_url_include") ? "success">Enabled" : "failure">Disabled") . "</span>"; goto Y8l15; u5Iu_: function destroySessionToken() { unset($_SESSION["session_token"]); } goto KE8a3; HSnfr: function dvwaSQLiDBGet() { global $_DVWA; return $_DVWA["SQLI_DB"]; } goto iuW35; cgH0Q: $bakWritable = "Writable folder " . $PHPCONFIGPath . ": <span class="" . (is_writable($PHPCONFIGPath) ? "success">Yes" : "failure">No") . "</span>"; goto v2JYx; a2pyt: $DVWAUploadsWrite = "Writable folder " . $PHPUploadPath . ": <span class="" . (is_writable($PHPUploadPath) ? "success">Yes" : "failure">No") . "</span>"; goto cgH0Q; gh0mD: function dvwaCurrentUser() { $dvwaSession =& dvwaSessionGrab(); return isset($dvwaSession["username"]) ? $dvwaSession["username"] : "Unknown"; } goto LcQ5M; ds_Iq: $phpDisplayErrors = "PHP function display_errors: <span class="" . (ini_get("display_errors") ? "success">Enabled" : "failure">Disabled") . "</span>"; goto BRyNn; LcQ5M: function &dvwaPageNewGrab() { $returnArray = array("title" => "Damn Vulnerable Web Application (DVWA)", "title_separator" => " :: ", "body" => '', "page_id" => '', "help_button" => '', "source_button" => ''); return $returnArray; } goto yr7l2; Y8l15: $phpURLFopen = "PHP function allow_url_fopen: <span class="" . (ini_get("allow_url_fopen") ? "success">Enabled" : "failure">Disabled") . "</span>"; goto LrEaJ; gRxND: $MYSQL_USER = "Database username: <em>" . $_DVWA["db_user"] . "</em>"; goto byTEe; KE8a3: function tokenField() { return "<input type='hidden' name='user_token' value='{$_SESSION["session_token"]}' />"; } goto W1OXH; Ql0Sz: if (!isset($_COOKIE["security"]) || !in_array($_COOKIE["security"], $security_levels)) { if (in_array($_DVWA["default_security_level"], $security_levels)) { dvwaSecurityLevelSet($_DVWA["default_security_level"]); } else { dvwaSecurityLevelSet("impossible"); } dvwa_start_session(); } goto Ew198; plCvA: if ($DBMS == "MySQL") { $DBMS = htmlspecialchars(strip_tags($DBMS)); } elseif ($DBMS == "PGSQL") { $DBMS = htmlspecialchars(strip_tags($DBMS)); } else { $DBMS = "No DBMS selected."; } goto Tx81Q; qpOCC: function messagesPopAllToHtml() { $messagesHtml = ''; while ($message = dvwaMessagePop()) { $messagesHtml .= "<div class="message">{$message}</div>"; } return $messagesHtml; } goto ZSh5J; D8_Jk: function checkToken($user_token, $session_token, $returnURL) { global $_DVWA; if (in_array("disable_authentication", $_DVWA) && $_DVWA["disable_authentication"]) { return true; } if ($user_token !== $session_token || !isset($session_token)) { dvwaMessagePush("CSRF token is incorrect"); dvwaRedirect($returnURL); } } goto bWkZt; bhUgI: if (!array_key_exists("default_locale", $_DVWA)) { $_DVWA["default_locale"] = "en"; } goto QSwVF; yPkP6: function dvwaPageStartup($pActions) { if (in_array("authenticated", $pActions)) { if (!dvwaIsLoggedIn()) { dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . "login.php"); } } } goto Z1hwl; YRmrk: function dvwaHelpHtmlEcho($pPage) { Header("Cache-Control: no-cache, must-revalidate"); Header("Content-Type: text/html;charset=utf-8"); Header("Expires: Tue, 23 Jun 2009 12:00:00 GMT"); echo "<!DOCTYPE html>
\xa<html lang="en-GB">\xa\xa	<head>\xa
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
\xa	\x9<title>{$pPage["title"]}</title>

	\x9<link rel="stylesheet" type="text/css" href="" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/help.css" />
\xa\x9\x9<link rel="icon" type="\image/ico" href="" . DVWA_WEB_PAGE_TO_ROOT . "favicon.ico" />

\x9</head>
\xa\x9<body>\xa
\x9<div id="container">
\xa\x9		{$pPage["body"]}
\xa\x9	</div>\xa
	</body>

</html>"; } goto ytGfX; oWrvO: function dvwaButtonHelpHtmlGet($pId) { $security = dvwaSecurityLevelGet(); $locale = dvwaLocaleGet(); return "<input type="button" value="View Help" class="popup_button" id='help_button' data-help-url='" . DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/view_help.php?id={$pId}&security={$security}&locale={$locale}' )">"; } goto b4v_p; DR5xX: function dvwaPageReload() { if (array_key_exists("HTTP_X_FORWARDED_PREFIX", $_SERVER)) { dvwaRedirect($_SERVER["HTTP_X_FORWARDED_PREFIX"] . $_SERVER["PHP_SELF"]); } else { dvwaRedirect($_SERVER["PHP_SELF"]); } } goto gh0mD; Xu3ji: if (!defined("DVWA_WEB_PAGE_TO_ROOT")) { die("DVWA System error- WEB_PAGE_TO_ROOT undefined"); die; } goto Paq_u; ytGfX: function dvwaSourceHtmlEcho($pPage) { Header("Cache-Control: no-cache, must-revalidate"); Header("Content-Type: text/html;charset=utf-8"); Header("Expires: Tue, 23 Jun 2009 12:00:00 GMT"); echo "<!DOCTYPE html>\xa\xa<html lang="en-GB">\xa
\x9<head>

\x9\x9<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

	\x9<title>{$pPage["title"]}</title>\xa\xa		<link rel="stylesheet" type="text/css" href="" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/source.css" />

		<link rel="icon" type="\image/ico" href="" . DVWA_WEB_PAGE_TO_ROOT . "favicon.ico" />\xa
	</head>\xa\xa	<body>

		<div id="container">

	\x9\x9{$pPage["body"]}

		</div>
\xa\x9</body>\xa\xa</html>"; } goto mzFqA; pqsUb: $phpMySQL = "PHP module mysql: <span class="" . (extension_loaded("mysqli") && function_exists("mysqli_query") ? "success">Installed" : "failure">Missing") . "</span>"; goto ocCl5; EcS7_: function dvwaLocaleGet() { $dvwaSession =& dvwaSessionGrab(); return $dvwaSession["locale"]; } goto HSnfr; vqIhI: $security_levels = array("low", "medium", "high", "impossible"); goto Ql0Sz; OZc9f: $SERVER_NAME = "Web Server SERVER_NAME: <em>" . $_SERVER["SERVER_NAME"] . "</em>"; goto gRxND; BRyNn: $phpDisplayStartupErrors = "PHP function display_startup_errors: <span class="" . (ini_get("display_startup_errors") ? "success">Enabled" : "failure">Disabled") . "</span>"; goto gkxay; bWkZt: function generateSessionToken() { if (isset($_SESSION["session_token"])) { destroySessionToken(); } $_SESSION["session_token"] = md5(uniqid()); } goto u5Iu_; Paq_u: if (!file_exists(DVWA_WEB_PAGE_TO_ROOT . "config/config.inc.php")) { die("DVWA System error - config file not found. Copy config/config.inc.php.dist to config/config.inc.php and configure to your environment."); } goto gvjHN; mzFqA: function dvwaExternalLinkUrlGet($pLink, $text = null) { if (is_null($text)) { return "<a href="" . $pLink . "" target="_blank">" . $pLink . "</a>"; } else { return "<a href="" . $pLink . "" target="_blank">" . $text . "</a>"; } } goto oWrvO; Ew198: function dvwa_start_session() { $security_level = dvwaSecurityLevelGet(); if ($security_level == "impossible") { $httponly = true; $samesite = "Strict"; } else { $httponly = false; $samesite = ''; } $maxlifetime = 86400; $secure = false; $domain = parse_url($_SERVER["HTTP_HOST"], PHP_URL_HOST); if (session_id()) { session_write_close(); } session_set_cookie_params(array("lifetime" => $maxlifetime, "path" => "/", "domain" => $domain, "secure" => $secure, "httponly" => $httponly, "samesite" => $samesite)); session_start(); session_regenerate_id(); } goto EpvF2; Tx81Q: function dvwaDatabaseConnect() { global $_DVWA; global $DBMS; global $db; global $sqlite_db_connection; if ($DBMS == "MySQL") { if (!@($GLOBALS["___mysqli_ston"] = mysqli_connect($_DVWA["db_server"], $_DVWA["db_user"], $_DVWA["db_password"], '', $_DVWA["db_port"])) || !@(bool) mysqli_query($GLOBALS["___mysqli_ston"], "USE " . $_DVWA["db_database"])) { dvwaLogout(); dvwaMessagePush("Unable to connect to the database.<br />" . mysqli_error($GLOBALS["___mysqli_ston"])); dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . "setup.php"); } $db = new PDO("mysql:host=" . $_DVWA["db_server"] . ";dbname=" . $_DVWA["db_database"] . ";port=" . $_DVWA["db_port"] . ";charset=utf8", $_DVWA["db_user"], $_DVWA["db_password"]); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); } elseif ($DBMS == "PGSQL") { dvwaMessagePush("PostgreSQL is not currently supported."); dvwaPageReload(); } else { die("Unknown {$DBMS} selected."); } if ($_DVWA["SQLI_DB"] == SQLITE) { $location = DVWA_WEB_PAGE_TO_ROOT . "database/" . $_DVWA["SQLITE_DB"]; $sqlite_db_connection = new SQLite3($location); $sqlite_db_connection->enableExceptions(true); } } goto Atmzb; LCXJ3: ?>

Did this file decode correctly?

Original Code

<?php
 goto Xu3ji; QSwVF: dvwaLocaleSet($_DVWA["\144\x65\x66\141\165\154\164\x5f\x6c\x6f\x63\141\x6c\x65"]); goto sDKs5; MeouZ: function dvwaMessagePop() { $dvwaSession =& dvwaSessionGrab(); if (!isset($dvwaSession["\155\145\x73\x73\x61\x67\145\x73"]) || count($dvwaSession["\155\x65\x73\163\x61\147\145\x73"]) == 0) { return false; } return array_shift($dvwaSession["\x6d\x65\x73\x73\141\147\145\163"]); } goto qpOCC; byTEe: $MYSQL_PASS = "\104\x61\164\141\142\x61\163\x65\40\x70\x61\x73\163\167\157\x72\144\72\40\x3c\x65\x6d\76" . ($_DVWA["\144\x62\x5f\160\x61\x73\x73\167\x6f\x72\144"] != '' ? "\52\x2a\x2a\52\x2a\52" : "\52\142\x6c\x61\x6e\x6b\x2a") . "\74\57\x65\155\76"; goto Nh7JW; aKric: $DVWARecaptcha = "\x72\145\103\x41\x50\x54\103\110\101\40\153\x65\x79\72\40\74\163\160\x61\156\40\143\154\x61\x73\x73\x3d\42" . (isset($_DVWA["\x72\x65\x63\141\160\164\x63\x68\141\x5f\x70\x75\142\154\x69\x63\x5f\153\145\x79"]) && $_DVWA["\162\x65\x63\x61\160\164\143\x68\141\x5f\x70\x75\142\x6c\x69\143\x5f\153\145\171"] != '' ? "\x73\x75\x63\x63\145\x73\x73\42\76" . $_DVWA["\162\x65\x63\x61\x70\164\143\x68\x61\x5f\160\165\x62\154\151\x63\137\153\x65\x79"] : "\x66\x61\151\154\165\x72\x65\42\76\x4d\151\163\x73\x69\156\147") . "\74\x2f\x73\x70\x61\156\76"; goto a2pyt; fsaqZ: function dvwaIsLoggedIn() { global $_DVWA; if (in_array("\144\151\x73\x61\142\x6c\145\137\141\x75\x74\x68\145\156\x74\151\x63\141\x74\x69\x6f\156", $_DVWA) && $_DVWA["\x64\151\163\141\x62\x6c\x65\137\141\x75\164\150\145\156\x74\151\x63\x61\x74\x69\157\x6e"]) { return true; } $dvwaSession =& dvwaSessionGrab(); return isset($dvwaSession["\165\163\145\x72\156\141\x6d\145"]); } goto YTZUB; LrEaJ: $phpGD = "\x50\110\x50\40\x6d\x6f\144\x75\154\x65\40\147\144\x3a\x20\74\x73\x70\x61\156\40\143\x6c\141\x73\x73\x3d\42" . (extension_loaded("\x67\x64") && function_exists("\147\144\137\151\156\x66\x6f") ? "\163\x75\x63\x63\x65\x73\x73\42\x3e\x49\156\163\x74\141\154\154\145\x64" : "\x66\x61\x69\154\x75\162\x65\42\76\x4d\151\163\x73\151\x6e\147\40\x2d\x20\x4f\156\x6c\x79\x20\x61\156\40\151\x73\163\x75\145\40\x69\x66\40\171\x6f\x75\x20\x77\x61\x6e\x74\x20\x74\x6f\40\x70\154\141\171\x20\x77\151\164\x68\x20\143\x61\x70\164\x63\150\x61\163") . "\x3c\x2f\x73\160\141\x6e\76"; goto pqsUb; Atmzb: function dvwaRedirect($pLocation) { session_commit(); header("\x4c\x6f\x63\141\x74\151\x6f\156\x3a\x20{$pLocation}"); die; } goto oCq_2; ocCl5: $phpPDO = "\x50\110\x50\40\155\157\144\x75\x6c\x65\x20\160\x64\x6f\x5f\155\171\x73\161\x6c\72\x20\74\163\x70\x61\x6e\40\x63\154\x61\163\x73\75\42" . (extension_loaded("\160\x64\x6f\137\x6d\x79\x73\x71\x6c") ? "\163\165\x63\143\145\x73\x73\42\76\x49\x6e\163\x74\x61\154\x6c\145\144" : "\146\141\x69\154\x75\x72\x65\x22\x3e\x4d\151\163\163\x69\x6e\x67") . "\x3c\57\x73\160\141\156\x3e"; goto aKric; iuW35: function dvwaLocaleSet($pLocale) { $dvwaSession =& dvwaSessionGrab(); $locales = array("\145\156", "\172\150"); if (in_array($pLocale, $locales)) { $dvwaSession["\x6c\157\143\x61\154\x65"] = $pLocale; } else { $dvwaSession["\154\x6f\143\x61\x6c\145"] = "\145\x6e"; } } goto lmXHu; ZSh5J: function dvwaHtmlEcho($pPage) { $menuBlocks = array(); $menuBlocks["\150\x6f\x6d\x65"] = array(); if (dvwaIsLoggedIn()) { $menuBlocks["\x68\x6f\155\x65"][] = array("\151\144" => "\x68\x6f\x6d\x65", "\x6e\x61\155\x65" => "\x48\157\155\x65", "\165\162\x6c" => "\x2e"); $menuBlocks["\x68\157\155\x65"][] = array("\x69\x64" => "\151\x6e\x73\164\162\x75\143\x74\151\x6f\156\163", "\156\141\x6d\x65" => "\111\156\x73\x74\x72\165\143\x74\x69\157\x6e\163", "\x75\x72\154" => "\x69\156\x73\x74\x72\165\143\x74\x69\157\156\x73\x2e\x70\150\x70"); $menuBlocks["\x68\x6f\155\x65"][] = array("\151\x64" => "\163\x65\x74\165\x70", "\156\141\x6d\145" => "\x53\x65\x74\165\160\40\57\40\122\145\x73\x65\164\40\x44\102", "\165\162\154" => "\163\145\x74\x75\160\x2e\x70\x68\x70"); } else { $menuBlocks["\150\x6f\x6d\145"][] = array("\151\x64" => "\163\145\x74\165\160", "\156\141\x6d\x65" => "\x53\x65\164\x75\x70\40\x44\126\127\101", "\165\162\154" => "\x73\145\x74\165\160\x2e\x70\x68\x70"); $menuBlocks["\x68\x6f\x6d\145"][] = array("\151\144" => "\151\156\x73\x74\162\x75\143\164\151\x6f\x6e\163", "\156\x61\155\x65" => "\111\x6e\163\x74\162\165\x63\164\x69\x6f\x6e\163", "\165\x72\154" => "\151\x6e\163\164\162\x75\x63\164\151\x6f\156\163\x2e\160\x68\x70"); } if (dvwaIsLoggedIn()) { $menuBlocks["\166\x75\x6c\156\145\x72\x61\142\151\154\x69\164\151\x65\x73"] = array(); $menuBlocks["\166\x75\x6c\156\145\162\141\142\x69\x6c\151\x74\x69\145\163"][] = array("\151\144" => "\142\x72\165\164\145", "\x6e\141\x6d\145" => "\102\x72\165\x74\145\40\x46\x6f\x72\143\x65", "\165\x72\x6c" => "\x76\165\x6c\x6e\x65\162\x61\x62\151\154\151\x74\151\145\x73\x2f\142\162\165\x74\x65\x2f"); $menuBlocks["\x76\165\x6c\x6e\x65\162\141\x62\151\x6c\151\164\151\x65\x73"][] = array("\x69\x64" => "\145\x78\x65\143", "\x6e\141\155\145" => "\x43\157\155\x6d\141\156\144\x20\x49\x6e\x6a\x65\143\x74\x69\157\x6e", "\x75\162\x6c" => "\166\x75\154\x6e\x65\162\x61\142\151\x6c\151\x74\151\145\x73\x2f\x65\x78\145\x63\x2f"); $menuBlocks["\x76\x75\154\x6e\145\x72\141\x62\x69\x6c\x69\x74\x69\145\x73"][] = array("\x69\144" => "\143\163\x72\x66", "\x6e\x61\x6d\145" => "\x43\123\x52\x46", "\165\x72\x6c" => "\x76\165\x6c\x6e\145\162\x61\x62\151\154\151\164\x69\145\163\x2f\x63\x73\162\x66\x2f"); $menuBlocks["\x76\165\154\156\145\162\x61\x62\151\154\151\x74\x69\x65\163"][] = array("\151\x64" => "\146\x69", "\x6e\x61\155\x65" => "\x46\151\154\145\x20\111\x6e\x63\x6c\165\x73\151\157\156", "\165\x72\154" => "\x76\x75\154\x6e\145\x72\141\x62\151\154\x69\164\151\x65\x73\57\146\151\57\x2e\77\x70\x61\x67\145\75\151\x6e\143\x6c\x75\144\x65\56\x70\x68\x70"); $menuBlocks["\166\x75\154\156\145\162\141\x62\151\x6c\151\164\x69\145\x73"][] = array("\x69\144" => "\165\x70\154\x6f\x61\144", "\x6e\x61\155\x65" => "\x46\151\154\x65\40\125\160\154\157\x61\144", "\165\162\154" => "\x76\x75\x6c\156\x65\x72\x61\x62\x69\154\151\x74\151\x65\x73\x2f\165\160\154\x6f\141\144\x2f"); $menuBlocks["\166\x75\154\x6e\145\162\141\x62\x69\154\151\x74\151\x65\163"][] = array("\x69\144" => "\143\141\160\164\143\150\x61", "\156\x61\x6d\x65" => "\x49\156\x73\145\143\x75\x72\x65\40\x43\101\120\x54\103\110\x41", "\x75\x72\154" => "\166\165\154\156\145\162\x61\142\x69\154\x69\x74\x69\x65\163\57\143\x61\160\x74\143\150\141\57"); $menuBlocks["\x76\165\x6c\156\x65\x72\x61\x62\151\154\x69\x74\x69\145\x73"][] = array("\151\x64" => "\163\x71\154\x69", "\156\x61\155\x65" => "\123\x51\x4c\x20\x49\x6e\152\x65\143\164\x69\x6f\156", "\165\x72\x6c" => "\x76\x75\x6c\156\x65\162\x61\142\151\154\x69\164\151\x65\x73\57\163\x71\154\x69\x2f"); $menuBlocks["\166\x75\154\x6e\x65\162\141\142\x69\154\151\x74\151\x65\163"][] = array("\x69\144" => "\x73\x71\x6c\151\x5f\142\x6c\151\x6e\x64", "\x6e\x61\155\145" => "\123\x51\114\40\111\156\152\145\143\164\x69\x6f\156\40\50\102\154\x69\156\144\51", "\x75\x72\154" => "\x76\165\x6c\x6e\x65\162\x61\x62\151\154\x69\x74\151\145\163\57\163\161\154\151\137\142\x6c\x69\156\144\x2f"); $menuBlocks["\166\165\x6c\156\145\162\141\x62\x69\154\151\164\x69\x65\163"][] = array("\x69\144" => "\x77\x65\x61\153\x5f\151\x64", "\x6e\x61\155\145" => "\x57\x65\141\153\40\123\x65\x73\163\x69\x6f\x6e\x20\111\x44\163", "\165\162\x6c" => "\x76\165\x6c\x6e\x65\162\141\x62\x69\x6c\x69\x74\151\145\163\57\x77\145\x61\153\x5f\151\x64\x2f"); $menuBlocks["\166\165\154\156\145\x72\x61\x62\x69\154\x69\x74\151\x65\x73"][] = array("\151\x64" => "\170\x73\x73\137\x64", "\156\141\x6d\x65" => "\x58\x53\123\x20\x28\104\x4f\115\x29", "\x75\162\x6c" => "\166\165\154\156\145\x72\x61\142\x69\154\151\164\151\x65\163\x2f\x78\x73\163\137\x64\x2f"); $menuBlocks["\x76\165\x6c\x6e\145\162\x61\x62\151\x6c\x69\x74\151\145\163"][] = array("\151\144" => "\170\x73\x73\137\x72", "\x6e\141\x6d\x65" => "\x58\123\x53\40\x28\x52\x65\x66\x6c\145\143\x74\x65\144\51", "\x75\x72\154" => "\x76\165\x6c\156\145\162\x61\x62\151\154\x69\164\151\x65\x73\x2f\x78\x73\163\x5f\162\57"); $menuBlocks["\x76\x75\154\x6e\145\162\x61\142\x69\154\151\x74\151\x65\163"][] = array("\x69\144" => "\x78\163\163\137\163", "\x6e\x61\x6d\x65" => "\130\x53\123\x20\x28\x53\164\157\162\145\144\x29", "\x75\x72\x6c" => "\166\x75\154\x6e\x65\162\x61\x62\151\x6c\151\164\x69\x65\163\x2f\x78\x73\163\137\x73\57"); $menuBlocks["\x76\165\x6c\156\x65\162\141\x62\x69\x6c\151\164\151\x65\163"][] = array("\x69\x64" => "\x63\x73\x70", "\156\141\155\x65" => "\x43\123\120\x20\x42\171\x70\141\163\x73", "\x75\162\154" => "\x76\165\154\156\x65\x72\141\142\151\154\x69\164\x69\145\163\x2f\x63\163\x70\57"); $menuBlocks["\166\x75\154\156\145\x72\x61\x62\x69\x6c\x69\164\151\145\163"][] = array("\151\144" => "\x6a\x61\166\141\x73\x63\162\151\x70\164", "\156\141\155\x65" => "\x4a\141\166\141\x53\143\x72\x69\x70\x74", "\165\162\154" => "\166\x75\154\x6e\x65\x72\141\x62\151\x6c\x69\164\x69\x65\163\x2f\x6a\x61\166\x61\x73\x63\x72\151\x70\x74\x2f"); if (dvwaCurrentUser() == "\x61\x64\x6d\x69\156") { $menuBlocks["\x76\165\x6c\156\x65\162\x61\x62\151\x6c\x69\x74\151\x65\163"][] = array("\151\144" => "\x61\165\164\x68\x62\171\x70\141\163\x73", "\156\x61\155\x65" => "\101\x75\x74\150\x6f\x72\151\x73\x61\x74\151\157\x6e\40\x42\x79\160\141\163\163", "\165\162\154" => "\166\165\154\156\145\162\141\142\151\154\151\x74\x69\x65\x73\x2f\141\x75\x74\x68\142\171\160\141\x73\163\x2f"); } $menuBlocks["\x76\x75\x6c\156\x65\162\141\142\151\x6c\151\x74\151\145\x73"][] = array("\x69\x64" => "\157\160\x65\x6e\137\162\x65\x64\151\x72\145\x63\164", "\x6e\141\155\x65" => "\117\x70\x65\x6e\x20\110\x54\x54\x50\x20\x52\145\x64\x69\x72\x65\x63\x74", "\x75\x72\154" => "\166\x75\154\156\145\x72\141\142\151\154\x69\164\151\x65\x73\x2f\157\x70\145\x6e\x5f\x72\x65\x64\151\x72\145\x63\x74\x2f"); } $menuBlocks["\x6d\145\x74\141"] = array(); if (dvwaIsLoggedIn()) { $menuBlocks["\x6d\145\164\x61"][] = array("\x69\144" => "\163\145\x63\x75\x72\x69\x74\171", "\x6e\x61\x6d\145" => "\104\x56\127\x41\x20\123\145\x63\x75\162\x69\x74\x79", "\165\162\154" => "\163\145\143\165\x72\151\164\171\56\x70\x68\x70"); $menuBlocks["\x6d\x65\x74\141"][] = array("\x69\144" => "\160\x68\160\151\156\x66\x6f", "\x6e\141\155\x65" => "\x50\x48\120\x20\x49\156\x66\x6f", "\x75\x72\x6c" => "\x70\150\x70\x69\156\x66\157\56\x70\x68\160"); } $menuBlocks["\x6d\145\x74\x61"][] = array("\151\x64" => "\141\x62\157\165\x74", "\156\141\155\145" => "\101\142\x6f\x75\164", "\165\x72\x6c" => "\x61\x62\157\x75\164\x2e\160\x68\160"); if (dvwaIsLoggedIn()) { $menuBlocks["\154\157\147\157\165\164"] = array(); $menuBlocks["\x6c\x6f\x67\157\x75\x74"][] = array("\x69\x64" => "\154\x6f\x67\157\165\x74", "\x6e\x61\x6d\x65" => "\x4c\x6f\147\x6f\165\x74", "\x75\x72\154" => "\154\157\x67\x6f\x75\x74\56\160\150\x70"); } $menuHtml = ''; foreach ($menuBlocks as $menuBlock) { $menuBlockHtml = ''; foreach ($menuBlock as $menuItem) { $selectedClass = $menuItem["\151\144"] == $pPage["\x70\141\147\145\x5f\151\144"] ? "\163\145\x6c\145\143\x74\145\144" : ''; $fixedUrl = DVWA_WEB_PAGE_TO_ROOT . $menuItem["\x75\162\x6c"]; $menuBlockHtml .= "\74\154\151\x20\143\x6c\x61\163\x73\75\42{$selectedClass}\x22\x3e\74\141\x20\150\162\145\x66\75\42{$fixedUrl}\42\x3e{$menuItem["\156\141\155\145"]}\74\x2f\x61\76\74\x2f\154\x69\76\12"; } $menuHtml .= "\x3c\x75\154\x20\143\x6c\x61\163\163\x3d\42\155\x65\x6e\x75\102\x6c\157\x63\x6b\x73\x22\76{$menuBlockHtml}\74\x2f\165\x6c\x3e"; } $securityLevelHtml = ''; switch (dvwaSecurityLevelGet()) { case "\154\x6f\167": $securityLevelHtml = "\154\x6f\x77"; break; case "\x6d\145\x64\151\x75\155": $securityLevelHtml = "\x6d\145\144\151\x75\155"; break; case "\150\151\x67\150": $securityLevelHtml = "\150\x69\x67\150"; break; default: $securityLevelHtml = "\151\x6d\x70\x6f\x73\163\x69\142\x6c\145"; break; } $userInfoHtml = "\x3c\145\155\x3e\x55\163\145\x72\x6e\x61\x6d\x65\72\74\57\x65\x6d\x3e\40" . dvwaCurrentUser(); $securityLevelHtml = "\x3c\x65\x6d\76\123\145\143\165\162\151\x74\171\x20\114\x65\x76\x65\x6c\x3a\74\x2f\x65\155\76\x20{$securityLevelHtml}"; $localeHtml = "\74\x65\x6d\x3e\x4c\157\143\141\x6c\145\x3a\x3c\x2f\145\155\x3e\40" . dvwaLocaleGet(); $sqliDbHtml = "\74\145\155\x3e\123\x51\114\x69\40\104\102\72\74\x2f\145\155\76\40" . dvwaSQLiDBGet(); $messagesHtml = messagesPopAllToHtml(); if ($messagesHtml) { $messagesHtml = "\x3c\144\x69\166\40\x63\x6c\x61\163\x73\x3d\42\142\x6f\x64\171\x5f\160\x61\x64\144\x65\144\x22\76{$messagesHtml}\74\x2f\x64\x69\166\76"; } $systemInfoHtml = ''; if (dvwaIsLoggedIn()) { $systemInfoHtml = "\74\144\x69\x76\x20\141\x6c\x69\147\x6e\x3d\42\154\145\146\164\x22\76{$userInfoHtml}\x3c\142\162\x20\x2f\x3e{$securityLevelHtml}\74\142\162\x20\57\x3e{$localeHtml}\74\x62\x72\40\57\76{$sqliDbHtml}\x3c\57\x64\151\166\76"; } if ($pPage["\163\x6f\165\162\143\145\x5f\142\x75\x74\x74\157\x6e"]) { $systemInfoHtml = dvwaButtonSourceHtmlGet($pPage["\x73\157\165\162\143\x65\137\x62\x75\x74\x74\157\x6e"]) . "\x20{$systemInfoHtml}"; } if ($pPage["\x68\145\154\160\x5f\x62\x75\x74\x74\157\x6e"]) { $systemInfoHtml = dvwaButtonHelpHtmlGet($pPage["\x68\145\x6c\x70\137\x62\165\164\164\157\156"]) . "\x20{$systemInfoHtml}"; } Header("\x43\141\143\x68\x65\x2d\103\157\156\x74\162\x6f\154\72\x20\x6e\157\55\x63\x61\143\x68\145\54\x20\x6d\x75\163\164\55\x72\145\x76\x61\154\x69\x64\141\164\x65"); Header("\x43\x6f\x6e\164\145\x6e\x74\x2d\x54\171\x70\x65\x3a\40\x74\x65\x78\164\57\x68\x74\155\x6c\73\143\150\x61\162\163\x65\164\x3d\165\164\x66\x2d\70"); Header("\105\170\x70\x69\162\x65\163\x3a\40\124\165\x65\54\x20\x32\63\40\112\165\x6e\x20\62\60\60\x39\x20\x31\62\x3a\x30\x30\x3a\x30\60\x20\x47\x4d\x54"); echo "\x3c\41\104\x4f\103\124\x59\120\105\x20\150\x74\x6d\x6c\76\xa\12\x3c\x68\x74\155\154\40\x6c\141\x6e\147\75\42\x65\x6e\55\107\102\x22\x3e\12\12\x9\x3c\150\x65\x61\x64\76\12\x9\11\x3c\x6d\145\x74\x61\40\150\x74\x74\x70\x2d\145\x71\x75\x69\x76\75\42\103\157\156\164\x65\x6e\x74\55\x54\x79\x70\x65\x22\x20\143\157\x6e\x74\x65\x6e\164\75\x22\164\145\x78\164\x2f\150\164\155\154\x3b\x20\143\150\141\162\163\x65\x74\75\x55\x54\x46\x2d\x38\x22\x20\x2f\x3e\12\12\x9\x9\x3c\x74\151\164\x6c\x65\x3e{$pPage["\164\151\x74\x6c\x65"]}\74\57\164\x69\164\x6c\145\76\12\xa\x9\x9\74\x6c\x69\x6e\153\x20\162\x65\154\75\x22\x73\164\171\154\x65\x73\150\145\x65\164\42\40\164\x79\160\145\x3d\x22\x74\145\170\x74\x2f\x63\x73\x73\42\40\x68\x72\145\146\x3d\42" . DVWA_WEB_PAGE_TO_ROOT . "\144\166\x77\141\57\143\163\x73\57\155\141\151\156\x2e\x63\x73\163\x22\40\57\x3e\xa\xa\11\x9\x3c\x6c\x69\156\x6b\40\162\145\154\x3d\x22\151\x63\x6f\156\42\x20\x74\x79\160\145\75\42\x5c\x69\x6d\141\147\x65\57\151\x63\x6f\x22\x20\x68\162\145\x66\75\42" . DVWA_WEB_PAGE_TO_ROOT . "\x66\x61\x76\x69\x63\157\x6e\56\151\143\157\x22\x20\x2f\76\xa\12\x9\11\74\163\x63\162\x69\x70\164\x20\164\171\160\145\x3d\42\x74\145\x78\164\57\x6a\141\x76\141\163\x63\x72\151\x70\x74\x22\x20\x73\162\x63\x3d\42" . DVWA_WEB_PAGE_TO_ROOT . "\x64\166\x77\141\57\152\163\57\x64\x76\x77\x61\x50\x61\x67\145\x2e\x6a\x73\x22\x3e\74\57\x73\143\162\x69\x70\x74\76\12\xa\x9\x3c\x2f\150\145\x61\x64\76\xa\12\11\74\x62\x6f\x64\x79\40\x63\x6c\x61\163\163\75\42\150\x6f\155\145\x22\x3e\12\11\11\x3c\x64\151\166\40\x69\x64\75\42\x63\x6f\x6e\x74\x61\x69\x6e\x65\162\42\76\12\xa\x9\x9\11\x3c\x64\x69\x76\40\x69\x64\x3d\x22\150\x65\141\x64\x65\x72\x22\76\xa\12\x9\11\x9\x9\74\x69\155\x67\40\163\162\143\x3d\x22" . DVWA_WEB_PAGE_TO_ROOT . "\144\x76\167\141\57\x69\x6d\141\147\145\x73\x2f\x6c\x6f\x67\x6f\x2e\x70\x6e\x67\42\x20\x61\x6c\164\x3d\x22\104\141\155\x6e\40\126\x75\154\156\x65\x72\x61\x62\x6c\145\x20\x57\145\142\40\x41\x70\x70\x6c\151\x63\141\x74\151\x6f\x6e\x22\x20\x2f\x3e\12\xa\x9\11\x9\x3c\x2f\144\151\166\x3e\12\12\x9\11\x9\x3c\144\x69\166\40\x69\144\75\42\x6d\x61\151\x6e\137\x6d\145\156\165\42\76\xa\xa\x9\11\11\11\x3c\x64\x69\166\x20\x69\x64\75\42\x6d\141\x69\156\137\155\x65\x6e\165\x5f\x70\141\x64\x64\145\144\42\x3e\xa\11\11\11\x9{$menuHtml}\xa\11\11\11\x9\x3c\x2f\x64\x69\x76\76\xa\xa\x9\x9\x9\x3c\57\x64\x69\x76\x3e\12\xa\x9\x9\11\74\144\151\x76\x20\151\x64\75\x22\x6d\x61\151\156\137\x62\157\144\171\42\76\xa\xa\x9\11\x9\11{$pPage["\x62\x6f\144\171"]}\xa\11\x9\x9\11\x3c\142\x72\x20\57\x3e\x3c\x62\162\x20\57\76\12\x9\x9\x9\x9{$messagesHtml}\12\xa\11\x9\11\74\57\144\x69\166\76\xa\xa\x9\x9\11\x3c\144\x69\166\40\x63\x6c\141\x73\163\75\x22\x63\154\145\141\162\42\76\xa\11\x9\x9\74\57\x64\x69\166\x3e\xa\12\x9\11\11\74\144\x69\x76\40\x69\x64\75\42\x73\x79\x73\164\x65\x6d\x5f\x69\156\x66\x6f\x22\76\xa\11\x9\11\11{$systemInfoHtml}\12\11\x9\x9\74\57\144\151\x76\76\12\12\11\11\x9\74\x64\151\166\x20\151\144\75\42\146\157\x6f\x74\x65\162\x22\x3e\xa\12\11\11\11\x9\74\x70\76\104\x61\155\x6e\40\x56\165\154\x6e\x65\x72\x61\x62\x6c\145\40\127\145\x62\40\101\160\x70\154\151\x63\141\164\x69\x6f\x6e\40\x28\104\126\127\101\x29\74\57\x70\76\xa\x9\11\11\11\74\163\143\x72\151\x70\x74\x20\163\x72\x63\75\x27" . DVWA_WEB_PAGE_TO_ROOT . "\x64\x76\167\141\x2f\x6a\x73\x2f\x61\x64\144\137\x65\166\x65\156\x74\x5f\x6c\151\163\x74\145\156\145\162\163\56\152\x73\x27\x3e\74\57\x73\x63\162\x69\x70\164\76\xa\xa\x9\11\11\x3c\57\x64\x69\166\x3e\xa\xa\x9\11\x3c\57\144\151\166\x3e\xa\xa\11\74\57\x62\x6f\x64\171\x3e\xa\xa\x3c\57\150\164\x6d\154\76"; } goto YRmrk; v2JYx: $DVWAOS = "\117\x70\x65\162\141\x74\151\156\147\40\x73\x79\163\x74\x65\x6d\72\40\74\145\155\x3e" . (strtoupper(substr(PHP_OS, 0, 3)) === "\x57\111\x4e" ? "\127\151\156\x64\x6f\x77\163" : "\52\156\x69\170") . "\x3c\x2f\145\155\76"; goto OZc9f; R5VPt: $PHPCONFIGPath = realpath(getcwd() . DIRECTORY_SEPARATOR . DVWA_WEB_PAGE_TO_ROOT . "\143\157\x6e\x66\x69\x67"); goto ds_Iq; b4v_p: function dvwaButtonSourceHtmlGet($pId) { $security = dvwaSecurityLevelGet(); return "\x3c\151\156\x70\x75\x74\x20\x74\171\x70\x65\x3d\x22\142\x75\x74\164\157\156\x22\40\166\x61\154\165\145\75\42\126\x69\x65\x77\40\123\x6f\x75\162\x63\x65\x22\x20\x63\x6c\x61\163\x73\x3d\x22\160\157\160\x75\160\x5f\x62\x75\x74\x74\157\x6e\42\40\151\x64\x3d\x27\163\x6f\165\162\143\145\x5f\x62\x75\164\x74\x6f\156\x27\x20\x64\141\164\x61\x2d\163\x6f\165\x72\x63\x65\55\165\x72\154\75\x27" . DVWA_WEB_PAGE_TO_ROOT . "\166\x75\x6c\156\x65\x72\141\x62\x69\x6c\151\x74\x69\x65\163\x2f\166\151\x65\167\137\163\x6f\x75\x72\x63\145\56\x70\x68\160\77\x69\144\x3d{$pId}\x26\x73\x65\x63\x75\x72\151\164\x79\x3d{$security}\47\x20\x29\42\x3e"; } goto plCvA; tlWO9: $MYSQL_PORT = "\x44\141\164\141\142\x61\x73\145\40\x70\157\x72\164\72\x20\74\x65\x6d\x3e" . $_DVWA["\144\142\137\160\157\x72\x74"] . "\x3c\57\x65\x6d\x3e"; goto LCXJ3; gvjHN: require_once DVWA_WEB_PAGE_TO_ROOT . "\143\157\156\146\x69\147\57\x63\157\x6e\x66\151\147\56\x69\156\143\56\160\150\160"; goto qtNU8; Om4A2: function dvwaSecurityLevelSet($pSecurityLevel) { if ($pSecurityLevel == "\x69\155\x70\x6f\163\x73\151\x62\x6c\145") { $httponly = true; } else { $httponly = false; } setcookie("\163\145\x63\165\162\x69\164\171", $pSecurityLevel, 0, "\x2f", '', false, $httponly); $_COOKIE["\x73\145\x63\x75\162\x69\x74\171"] = $pSecurityLevel; } goto EcS7_; lmXHu: function dvwaMessagePush($pMessage) { $dvwaSession =& dvwaSessionGrab(); if (!isset($dvwaSession["\x6d\x65\163\x73\141\x67\x65\163"])) { $dvwaSession["\155\x65\x73\163\141\147\x65\163"] = array(); } $dvwaSession["\155\145\x73\x73\141\147\x65\163"][] = $pMessage; } goto MeouZ; xnpRD: $MYSQL_SERVER = "\104\x61\164\x61\142\x61\x73\145\x20\x68\157\x73\x74\72\x20\74\x65\155\76" . $_DVWA["\x64\x62\137\x73\x65\x72\166\x65\162"] . "\x3c\57\145\x6d\76"; goto tlWO9; YTZUB: function dvwaLogout() { $dvwaSession =& dvwaSessionGrab(); unset($dvwaSession["\x75\x73\145\162\156\141\x6d\145"]); } goto DR5xX; Nh7JW: $MYSQL_DB = "\104\x61\164\x61\x62\141\x73\145\x20\144\x61\164\141\142\141\x73\145\72\x20\74\145\x6d\x3e" . $_DVWA["\x64\x62\x5f\144\141\x74\141\142\x61\163\x65"] . "\x3c\x2f\x65\155\x3e"; goto xnpRD; sDKs5: function &dvwaSessionGrab() { if (!isset($_SESSION["\x64\166\x77\141"])) { $_SESSION["\x64\x76\167\141"] = array(); } return $_SESSION["\x64\166\167\141"]; } goto yPkP6; qtNU8: if (!isset($html)) { $html = ''; } goto vqIhI; oCq_2: function dvwaGuestbook() { $query = "\x53\105\114\x45\103\x54\x20\156\x61\x6d\x65\x2c\40\x63\x6f\155\155\x65\x6e\164\40\106\122\x4f\115\40\x67\165\145\x73\x74\142\157\157\x6b"; $result = mysqli_query($GLOBALS["\137\137\x5f\x6d\171\163\x71\154\151\x5f\163\x74\157\x6e"], $query); $guestbook = ''; while ($row = mysqli_fetch_row($result)) { if (dvwaSecurityLevelGet() == "\x69\x6d\x70\x6f\x73\163\151\x62\x6c\x65") { $name = htmlspecialchars($row[0]); $comment = htmlspecialchars($row[1]); } else { $name = $row[0]; $comment = $row[1]; } $guestbook .= "\x3c\144\x69\166\x20\x69\144\x3d\x22\x67\165\x65\x73\x74\x62\157\157\153\137\x63\x6f\155\155\x65\156\x74\163\x22\76\116\x61\155\145\x3a\40{$name}\74\x62\162\40\57\x3e" . "\x4d\145\x73\x73\x61\147\145\x3a\40{$comment}\74\142\162\40\x2f\x3e\74\x2f\144\x69\x76\x3e\12"; } return $guestbook; } goto D8_Jk; EpvF2: if (array_key_exists("\114\157\x67\151\156", $_POST) && $_POST["\114\157\147\151\156"] == "\x4c\157\147\151\x6e") { dvwa_start_session(); } else { if (!session_id()) { session_start(); } } goto bhUgI; Z1hwl: function dvwaLogin($pUsername) { $dvwaSession =& dvwaSessionGrab(); $dvwaSession["\165\163\145\162\x6e\x61\155\x65"] = $pUsername; } goto fsaqZ; W1OXH: $PHPUploadPath = realpath(getcwd() . DIRECTORY_SEPARATOR . DVWA_WEB_PAGE_TO_ROOT . "\150\141\x63\153\141\x62\x6c\x65" . DIRECTORY_SEPARATOR . "\165\160\x6c\157\x61\144\163") . DIRECTORY_SEPARATOR; goto R5VPt; yr7l2: function dvwaSecurityLevelGet() { global $_DVWA; if (isset($_COOKIE["\x73\x65\143\x75\x72\151\x74\171"])) { return $_COOKIE["\x73\145\143\x75\x72\x69\164\171"]; } if (in_array("\x64\x69\x73\141\x62\x6c\x65\137\141\165\164\x68\x65\156\x74\x69\x63\x61\164\x69\157\156", $_DVWA) && $_DVWA["\x64\x69\x73\x61\x62\154\145\137\x61\165\164\x68\145\x6e\x74\x69\x63\x61\x74\x69\157\156"]) { return $_DVWA["\x64\145\146\141\x75\x6c\x74\137\163\145\x63\x75\162\151\x74\171\137\x6c\145\x76\145\154"]; } return "\x69\155\160\157\163\x73\x69\142\x6c\145"; } goto Om4A2; gkxay: $phpDisplayErrors = "\120\x48\x50\40\146\x75\156\143\x74\x69\x6f\x6e\40\x64\151\163\160\154\x61\x79\x5f\x65\x72\162\x6f\162\x73\x3a\40\x3c\x73\160\x61\156\x20\x63\x6c\x61\163\163\75\x22" . (ini_get("\x64\151\163\160\154\141\171\137\145\x72\162\x6f\x72\x73") ? "\x73\x75\x63\143\x65\x73\163\42\x3e\x45\x6e\x61\142\x6c\x65\x64" : "\x66\141\x69\x6c\165\162\x65\42\x3e\x44\x69\x73\x61\142\x6c\x65\144") . "\x3c\x2f\x73\160\141\x6e\76"; goto Larht; Larht: $phpURLInclude = "\120\110\120\x20\x66\165\x6e\x63\164\x69\x6f\156\40\x61\x6c\154\x6f\x77\137\x75\162\154\x5f\151\156\x63\x6c\x75\x64\x65\x3a\x20\x3c\x73\x70\141\x6e\x20\x63\x6c\x61\163\163\75\42" . (ini_get("\141\154\154\x6f\167\x5f\x75\162\x6c\x5f\x69\x6e\143\x6c\165\144\145") ? "\163\x75\143\143\x65\163\163\42\x3e\105\x6e\141\x62\x6c\145\144" : "\146\141\151\x6c\165\x72\x65\x22\x3e\x44\x69\163\x61\142\154\145\144") . "\74\57\x73\160\x61\156\76"; goto Y8l15; u5Iu_: function destroySessionToken() { unset($_SESSION["\x73\145\163\163\151\157\156\137\x74\157\153\x65\156"]); } goto KE8a3; HSnfr: function dvwaSQLiDBGet() { global $_DVWA; return $_DVWA["\123\x51\114\x49\137\104\102"]; } goto iuW35; cgH0Q: $bakWritable = "\127\162\x69\x74\141\142\x6c\x65\40\146\x6f\x6c\144\145\162\x20" . $PHPCONFIGPath . "\72\40\x3c\163\x70\141\156\40\143\x6c\141\163\x73\75\x22" . (is_writable($PHPCONFIGPath) ? "\x73\165\143\143\145\x73\x73\42\x3e\x59\x65\163" : "\146\141\x69\154\165\162\145\42\x3e\116\x6f") . "\74\x2f\x73\160\141\156\76"; goto v2JYx; a2pyt: $DVWAUploadsWrite = "\127\162\x69\x74\141\142\x6c\145\40\146\157\x6c\x64\x65\x72\x20" . $PHPUploadPath . "\72\40\x3c\x73\160\141\x6e\x20\143\x6c\x61\x73\163\75\x22" . (is_writable($PHPUploadPath) ? "\163\x75\143\143\145\163\163\42\x3e\131\x65\163" : "\x66\x61\x69\x6c\x75\162\x65\42\76\x4e\157") . "\x3c\57\163\x70\141\156\76"; goto cgH0Q; gh0mD: function dvwaCurrentUser() { $dvwaSession =& dvwaSessionGrab(); return isset($dvwaSession["\x75\163\145\162\156\x61\155\145"]) ? $dvwaSession["\x75\x73\145\x72\156\x61\x6d\145"] : "\125\156\153\156\x6f\167\x6e"; } goto LcQ5M; ds_Iq: $phpDisplayErrors = "\x50\x48\120\40\x66\x75\x6e\143\x74\x69\157\x6e\x20\x64\x69\x73\160\154\141\x79\137\145\162\x72\157\162\163\x3a\40\x3c\163\160\141\x6e\40\143\154\x61\163\163\x3d\x22" . (ini_get("\x64\151\163\160\x6c\x61\x79\x5f\x65\x72\x72\157\x72\x73") ? "\x73\165\x63\x63\x65\x73\163\x22\x3e\x45\x6e\x61\x62\154\145\144" : "\x66\x61\151\154\x75\162\x65\42\76\x44\x69\x73\141\142\x6c\145\x64") . "\x3c\x2f\x73\x70\x61\156\x3e"; goto BRyNn; LcQ5M: function &dvwaPageNewGrab() { $returnArray = array("\x74\151\164\x6c\145" => "\x44\141\x6d\156\x20\126\x75\154\x6e\x65\x72\141\x62\x6c\145\40\x57\x65\x62\40\x41\x70\160\x6c\x69\x63\x61\x74\151\157\156\x20\x28\104\126\127\101\x29", "\x74\x69\164\x6c\145\137\163\145\160\141\162\141\164\x6f\x72" => "\40\x3a\72\x20", "\142\157\x64\x79" => '', "\x70\x61\x67\145\137\151\x64" => '', "\x68\x65\x6c\160\137\x62\x75\164\164\157\156" => '', "\x73\157\165\162\x63\x65\x5f\142\x75\164\x74\157\156" => ''); return $returnArray; } goto yr7l2; Y8l15: $phpURLFopen = "\x50\x48\x50\40\x66\165\x6e\x63\164\x69\157\156\40\x61\154\x6c\157\x77\x5f\165\162\154\137\146\157\x70\x65\x6e\72\40\74\163\160\x61\156\40\x63\x6c\141\x73\x73\x3d\x22" . (ini_get("\x61\154\x6c\x6f\167\x5f\165\x72\x6c\137\146\157\x70\x65\x6e") ? "\163\x75\143\x63\x65\163\x73\42\x3e\x45\x6e\x61\142\x6c\x65\x64" : "\146\141\x69\154\165\x72\145\42\x3e\104\151\x73\x61\142\154\145\x64") . "\74\57\x73\x70\141\x6e\76"; goto LrEaJ; gRxND: $MYSQL_USER = "\104\x61\164\141\x62\141\163\145\x20\165\x73\x65\x72\x6e\x61\155\145\72\40\x3c\145\x6d\x3e" . $_DVWA["\x64\142\137\x75\x73\145\x72"] . "\74\x2f\x65\155\x3e"; goto byTEe; KE8a3: function tokenField() { return "\x3c\151\x6e\x70\165\164\40\164\x79\160\x65\x3d\47\x68\151\144\144\145\x6e\47\40\156\x61\x6d\x65\75\x27\165\163\145\x72\137\164\157\153\145\x6e\47\40\x76\x61\x6c\165\x65\x3d\47{$_SESSION["\163\145\163\163\151\x6f\x6e\137\x74\x6f\x6b\x65\x6e"]}\47\40\57\76"; } goto W1OXH; Ql0Sz: if (!isset($_COOKIE["\x73\145\143\165\x72\151\x74\171"]) || !in_array($_COOKIE["\x73\145\143\165\x72\151\x74\x79"], $security_levels)) { if (in_array($_DVWA["\x64\145\x66\x61\165\154\164\137\x73\x65\x63\x75\162\x69\x74\171\137\x6c\145\166\145\x6c"], $security_levels)) { dvwaSecurityLevelSet($_DVWA["\144\145\x66\x61\165\x6c\164\137\163\145\x63\x75\x72\x69\x74\171\137\154\145\166\145\x6c"]); } else { dvwaSecurityLevelSet("\151\x6d\160\x6f\x73\163\151\x62\x6c\145"); } dvwa_start_session(); } goto Ew198; plCvA: if ($DBMS == "\115\171\123\x51\x4c") { $DBMS = htmlspecialchars(strip_tags($DBMS)); } elseif ($DBMS == "\x50\107\123\x51\x4c") { $DBMS = htmlspecialchars(strip_tags($DBMS)); } else { $DBMS = "\116\x6f\40\x44\102\x4d\x53\x20\x73\x65\154\x65\143\x74\145\144\56"; } goto Tx81Q; qpOCC: function messagesPopAllToHtml() { $messagesHtml = ''; while ($message = dvwaMessagePop()) { $messagesHtml .= "\74\x64\151\x76\40\143\154\x61\x73\x73\x3d\42\x6d\x65\x73\163\x61\x67\145\x22\x3e{$message}\x3c\57\144\151\x76\76"; } return $messagesHtml; } goto ZSh5J; D8_Jk: function checkToken($user_token, $session_token, $returnURL) { global $_DVWA; if (in_array("\144\151\x73\x61\x62\154\x65\x5f\x61\165\164\x68\145\156\x74\x69\143\x61\x74\151\x6f\x6e", $_DVWA) && $_DVWA["\144\151\163\x61\x62\x6c\145\137\141\165\x74\150\x65\x6e\164\x69\143\141\164\151\157\x6e"]) { return true; } if ($user_token !== $session_token || !isset($session_token)) { dvwaMessagePush("\103\x53\x52\106\x20\164\x6f\153\x65\156\x20\151\x73\40\151\x6e\x63\x6f\162\162\145\x63\x74"); dvwaRedirect($returnURL); } } goto bWkZt; bhUgI: if (!array_key_exists("\x64\x65\x66\x61\x75\154\x74\137\154\157\143\x61\154\x65", $_DVWA)) { $_DVWA["\144\x65\x66\x61\165\x6c\164\x5f\154\x6f\x63\141\x6c\x65"] = "\x65\156"; } goto QSwVF; yPkP6: function dvwaPageStartup($pActions) { if (in_array("\141\x75\164\150\x65\156\x74\151\143\x61\164\145\144", $pActions)) { if (!dvwaIsLoggedIn()) { dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . "\154\x6f\x67\x69\x6e\x2e\x70\x68\160"); } } } goto Z1hwl; YRmrk: function dvwaHelpHtmlEcho($pPage) { Header("\x43\141\x63\x68\x65\x2d\103\x6f\x6e\x74\x72\157\x6c\x3a\40\156\x6f\x2d\x63\141\x63\x68\x65\x2c\x20\x6d\x75\x73\x74\x2d\x72\x65\166\x61\x6c\x69\144\x61\x74\145"); Header("\x43\157\156\164\145\x6e\164\55\x54\171\x70\x65\72\x20\x74\145\x78\x74\57\150\x74\155\x6c\x3b\x63\x68\x61\x72\163\145\164\75\165\164\146\x2d\x38"); Header("\x45\x78\x70\x69\x72\145\163\x3a\40\x54\x75\x65\54\x20\x32\63\40\x4a\x75\x6e\40\x32\60\x30\71\40\61\x32\x3a\60\x30\x3a\60\60\40\x47\x4d\x54"); echo "\74\x21\104\x4f\103\124\131\120\105\x20\x68\x74\x6d\154\76\12\xa\74\150\x74\155\154\40\154\x61\156\x67\x3d\42\145\x6e\x2d\x47\x42\x22\76\xa\xa\11\74\x68\145\141\144\x3e\xa\12\11\11\74\155\145\164\141\40\x68\164\x74\x70\x2d\x65\161\165\151\166\x3d\x22\103\x6f\x6e\x74\x65\x6e\x74\x2d\x54\171\x70\x65\x22\x20\143\x6f\156\164\x65\x6e\x74\75\42\x74\145\x78\164\57\150\164\155\x6c\x3b\x20\143\150\141\162\x73\x65\x74\75\125\124\x46\55\x38\42\x20\x2f\x3e\12\xa\11\x9\x3c\x74\151\164\154\145\76{$pPage["\164\x69\x74\x6c\145"]}\x3c\57\164\151\x74\x6c\x65\x3e\12\12\11\x9\74\154\151\156\x6b\40\x72\x65\x6c\75\42\x73\164\171\x6c\x65\163\150\145\145\164\42\x20\164\x79\x70\145\75\x22\x74\x65\170\x74\57\143\163\x73\x22\x20\150\162\145\146\75\x22" . DVWA_WEB_PAGE_TO_ROOT . "\x64\x76\167\x61\57\x63\163\x73\57\150\145\154\x70\x2e\x63\163\163\42\40\x2f\x3e\12\xa\x9\x9\74\154\151\x6e\x6b\x20\x72\x65\x6c\75\42\151\143\157\x6e\x22\x20\x74\171\160\145\75\42\134\x69\155\141\147\145\57\151\143\157\42\40\150\x72\x65\x66\x3d\42" . DVWA_WEB_PAGE_TO_ROOT . "\146\x61\x76\151\143\157\156\56\x69\143\x6f\42\x20\x2f\x3e\12\12\x9\74\57\150\145\x61\x64\76\12\xa\x9\x3c\x62\157\144\x79\76\xa\12\x9\x3c\144\x69\x76\x20\151\x64\x3d\42\x63\x6f\x6e\x74\141\x69\156\145\162\42\x3e\12\xa\x9\11\11{$pPage["\x62\x6f\144\x79"]}\12\xa\x9\11\74\57\x64\x69\x76\x3e\xa\12\11\74\x2f\142\157\144\171\76\12\12\x3c\57\x68\164\x6d\154\x3e"; } goto ytGfX; oWrvO: function dvwaButtonHelpHtmlGet($pId) { $security = dvwaSecurityLevelGet(); $locale = dvwaLocaleGet(); return "\74\151\156\x70\165\x74\40\x74\171\160\145\x3d\42\x62\x75\x74\164\x6f\156\42\40\166\141\154\165\145\x3d\x22\x56\x69\x65\167\40\x48\145\154\x70\x22\40\x63\154\x61\163\163\75\42\x70\157\160\165\x70\x5f\142\165\x74\x74\157\156\42\x20\151\x64\x3d\x27\150\x65\154\160\x5f\142\x75\164\x74\x6f\x6e\x27\x20\x64\141\x74\x61\55\x68\145\x6c\160\x2d\x75\162\x6c\75\47" . DVWA_WEB_PAGE_TO_ROOT . "\166\x75\x6c\156\145\162\141\142\x69\154\151\164\x69\145\x73\57\x76\151\145\167\x5f\150\x65\x6c\160\x2e\160\x68\x70\77\x69\x64\x3d{$pId}\x26\163\145\143\165\x72\x69\164\x79\75{$security}\x26\x6c\x6f\x63\x61\154\x65\x3d{$locale}\x27\x20\51\x22\76"; } goto b4v_p; DR5xX: function dvwaPageReload() { if (array_key_exists("\x48\x54\x54\x50\x5f\130\x5f\x46\117\122\x57\x41\x52\104\105\x44\x5f\x50\x52\x45\106\x49\130", $_SERVER)) { dvwaRedirect($_SERVER["\x48\124\x54\x50\x5f\x58\x5f\106\117\122\x57\x41\122\104\105\x44\137\x50\122\105\106\x49\x58"] . $_SERVER["\x50\110\x50\x5f\x53\x45\114\106"]); } else { dvwaRedirect($_SERVER["\120\110\120\137\123\x45\114\x46"]); } } goto gh0mD; Xu3ji: if (!defined("\x44\x56\x57\101\137\127\105\x42\x5f\120\x41\x47\105\x5f\x54\x4f\137\x52\117\x4f\124")) { die("\104\126\x57\x41\x20\123\171\x73\x74\145\x6d\x20\x65\162\x72\x6f\162\x2d\x20\x57\x45\102\137\120\x41\x47\105\x5f\x54\x4f\137\122\x4f\117\124\40\x75\x6e\x64\x65\x66\151\156\145\144"); die; } goto Paq_u; ytGfX: function dvwaSourceHtmlEcho($pPage) { Header("\103\x61\143\150\x65\55\103\x6f\156\164\x72\157\154\72\x20\x6e\157\55\x63\141\x63\x68\x65\x2c\x20\155\165\163\x74\x2d\x72\145\166\x61\154\151\x64\141\x74\x65"); Header("\x43\157\156\x74\x65\x6e\164\x2d\x54\x79\x70\145\x3a\x20\x74\x65\x78\164\x2f\150\164\x6d\154\x3b\x63\x68\x61\x72\x73\x65\164\x3d\x75\x74\x66\x2d\70"); Header("\105\x78\160\151\x72\x65\x73\72\x20\124\x75\x65\x2c\x20\x32\x33\x20\x4a\x75\x6e\40\x32\x30\60\71\x20\61\x32\72\x30\x30\72\60\x30\x20\107\x4d\124"); echo "\x3c\41\104\117\x43\124\131\x50\x45\40\150\164\155\154\x3e\xa\xa\74\150\x74\x6d\x6c\40\154\141\x6e\x67\75\42\145\156\55\107\102\x22\x3e\xa\12\x9\x3c\150\x65\x61\x64\76\12\12\x9\x9\74\155\x65\164\141\40\150\164\164\x70\x2d\x65\161\165\151\x76\x3d\x22\103\x6f\156\164\x65\x6e\x74\55\x54\171\160\x65\x22\40\143\x6f\156\164\145\156\164\75\42\164\x65\170\x74\x2f\150\164\155\154\x3b\x20\x63\150\x61\162\163\x65\x74\x3d\125\x54\x46\55\70\x22\40\x2f\x3e\12\12\11\x9\x3c\x74\151\164\x6c\x65\76{$pPage["\164\x69\x74\x6c\x65"]}\x3c\57\164\151\x74\154\x65\x3e\xa\xa\11\11\x3c\x6c\151\156\x6b\x20\x72\145\154\x3d\42\x73\x74\171\154\145\163\150\x65\145\x74\42\x20\x74\x79\160\x65\75\x22\164\x65\170\x74\57\143\163\163\x22\40\150\x72\145\x66\75\42" . DVWA_WEB_PAGE_TO_ROOT . "\144\166\x77\x61\x2f\x63\163\x73\57\x73\x6f\165\162\x63\x65\56\x63\x73\x73\x22\x20\x2f\x3e\12\12\11\11\x3c\154\151\156\153\40\x72\145\x6c\x3d\x22\x69\143\157\156\42\40\x74\171\x70\x65\75\42\x5c\x69\155\141\147\145\57\x69\143\x6f\42\40\x68\x72\x65\146\75\x22" . DVWA_WEB_PAGE_TO_ROOT . "\x66\141\166\151\143\x6f\156\x2e\151\x63\x6f\x22\x20\x2f\x3e\xa\12\11\x3c\57\150\145\x61\144\x3e\xa\xa\11\74\142\157\x64\171\x3e\12\12\11\11\74\144\x69\166\x20\x69\144\75\x22\x63\157\156\164\x61\151\156\x65\x72\x22\x3e\12\12\11\x9\x9{$pPage["\142\x6f\x64\x79"]}\12\12\11\11\x3c\57\144\151\166\76\12\xa\x9\74\57\x62\157\x64\171\x3e\xa\xa\x3c\57\x68\164\x6d\154\x3e"; } goto mzFqA; pqsUb: $phpMySQL = "\120\x48\120\40\x6d\x6f\x64\x75\154\x65\x20\x6d\171\x73\161\x6c\72\x20\x3c\x73\x70\141\x6e\40\x63\154\x61\x73\x73\75\x22" . (extension_loaded("\x6d\171\163\161\x6c\x69") && function_exists("\155\x79\x73\161\x6c\151\x5f\x71\165\145\x72\x79") ? "\x73\x75\x63\x63\145\x73\x73\x22\76\x49\x6e\163\164\x61\154\154\145\144" : "\146\x61\x69\154\x75\x72\x65\42\x3e\115\151\163\x73\151\156\147") . "\74\x2f\x73\160\x61\156\x3e"; goto ocCl5; EcS7_: function dvwaLocaleGet() { $dvwaSession =& dvwaSessionGrab(); return $dvwaSession["\154\157\x63\x61\154\x65"]; } goto HSnfr; vqIhI: $security_levels = array("\154\x6f\x77", "\155\x65\144\x69\165\x6d", "\150\151\x67\150", "\x69\155\160\x6f\163\163\x69\x62\154\145"); goto Ql0Sz; OZc9f: $SERVER_NAME = "\127\x65\x62\40\x53\145\162\166\x65\x72\x20\123\105\x52\126\x45\122\137\116\101\x4d\x45\x3a\40\x3c\x65\x6d\x3e" . $_SERVER["\x53\105\x52\126\x45\x52\x5f\x4e\101\115\105"] . "\x3c\57\145\x6d\76"; goto gRxND; BRyNn: $phpDisplayStartupErrors = "\x50\x48\x50\x20\x66\x75\x6e\143\x74\151\x6f\156\40\x64\x69\163\x70\x6c\141\171\x5f\163\164\x61\x72\x74\x75\160\x5f\x65\x72\x72\x6f\x72\x73\x3a\40\x3c\x73\160\141\x6e\40\x63\x6c\141\x73\163\75\42" . (ini_get("\x64\x69\x73\160\154\x61\171\137\163\164\141\x72\x74\165\x70\x5f\145\x72\162\157\162\x73") ? "\163\x75\x63\x63\145\x73\163\x22\76\105\156\x61\x62\x6c\x65\144" : "\146\141\151\x6c\x75\x72\x65\x22\x3e\104\151\x73\x61\142\154\x65\144") . "\x3c\x2f\163\160\x61\156\x3e"; goto gkxay; bWkZt: function generateSessionToken() { if (isset($_SESSION["\x73\145\163\163\x69\x6f\156\137\164\157\x6b\x65\x6e"])) { destroySessionToken(); } $_SESSION["\163\145\x73\x73\x69\x6f\x6e\x5f\164\x6f\x6b\145\156"] = md5(uniqid()); } goto u5Iu_; Paq_u: if (!file_exists(DVWA_WEB_PAGE_TO_ROOT . "\143\157\156\146\x69\x67\57\x63\157\x6e\146\151\147\x2e\151\x6e\143\x2e\160\x68\160")) { die("\x44\126\x57\x41\x20\123\171\163\164\x65\155\40\x65\162\162\x6f\x72\x20\55\x20\143\157\156\x66\151\x67\x20\x66\151\154\145\40\156\x6f\x74\40\146\157\x75\156\144\x2e\40\x43\157\x70\171\40\x63\x6f\156\x66\x69\147\x2f\143\157\x6e\x66\x69\147\56\151\156\x63\x2e\160\x68\x70\x2e\144\x69\163\x74\x20\x74\157\x20\143\x6f\156\x66\151\x67\57\x63\x6f\x6e\x66\x69\147\x2e\151\156\143\56\160\x68\x70\40\x61\x6e\144\x20\x63\157\x6e\x66\x69\x67\165\x72\x65\x20\164\x6f\40\171\157\x75\162\40\x65\156\166\151\162\x6f\x6e\x6d\145\x6e\164\56"); } goto gvjHN; mzFqA: function dvwaExternalLinkUrlGet($pLink, $text = null) { if (is_null($text)) { return "\x3c\141\x20\150\x72\x65\146\x3d\42" . $pLink . "\42\x20\x74\141\x72\x67\145\x74\75\42\x5f\x62\154\x61\x6e\x6b\42\x3e" . $pLink . "\74\x2f\141\x3e"; } else { return "\74\x61\x20\150\162\145\x66\x3d\x22" . $pLink . "\x22\x20\x74\141\162\x67\145\x74\x3d\x22\x5f\x62\x6c\141\156\153\42\x3e" . $text . "\74\57\141\76"; } } goto oWrvO; Ew198: function dvwa_start_session() { $security_level = dvwaSecurityLevelGet(); if ($security_level == "\151\x6d\x70\x6f\x73\x73\x69\142\x6c\x65") { $httponly = true; $samesite = "\123\164\x72\x69\143\164"; } else { $httponly = false; $samesite = ''; } $maxlifetime = 86400; $secure = false; $domain = parse_url($_SERVER["\x48\124\124\x50\137\110\x4f\123\124"], PHP_URL_HOST); if (session_id()) { session_write_close(); } session_set_cookie_params(array("\x6c\151\x66\145\x74\x69\155\x65" => $maxlifetime, "\160\141\x74\150" => "\x2f", "\144\157\155\x61\x69\156" => $domain, "\163\x65\143\x75\162\145" => $secure, "\150\164\x74\160\157\156\x6c\171" => $httponly, "\163\x61\155\145\x73\x69\x74\x65" => $samesite)); session_start(); session_regenerate_id(); } goto EpvF2; Tx81Q: function dvwaDatabaseConnect() { global $_DVWA; global $DBMS; global $db; global $sqlite_db_connection; if ($DBMS == "\x4d\x79\x53\121\x4c") { if (!@($GLOBALS["\137\x5f\137\155\x79\163\161\154\x69\x5f\x73\x74\x6f\156"] = mysqli_connect($_DVWA["\144\x62\137\x73\x65\162\166\145\162"], $_DVWA["\144\x62\137\x75\163\145\x72"], $_DVWA["\x64\142\x5f\x70\141\163\x73\167\157\162\x64"], '', $_DVWA["\x64\x62\137\x70\157\x72\x74"])) || !@(bool) mysqli_query($GLOBALS["\x5f\x5f\137\155\171\163\x71\154\x69\137\163\x74\157\156"], "\x55\123\x45\x20" . $_DVWA["\x64\142\137\x64\x61\x74\x61\142\141\163\x65"])) { dvwaLogout(); dvwaMessagePush("\x55\x6e\x61\142\x6c\145\40\164\157\40\x63\x6f\156\x6e\145\143\164\x20\x74\x6f\40\x74\150\x65\x20\144\x61\164\141\142\x61\163\x65\56\74\142\x72\x20\57\x3e" . mysqli_error($GLOBALS["\137\x5f\x5f\x6d\171\163\x71\x6c\x69\137\x73\x74\x6f\156"])); dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . "\x73\x65\164\x75\x70\x2e\160\x68\x70"); } $db = new PDO("\x6d\x79\x73\161\154\x3a\x68\157\163\164\x3d" . $_DVWA["\144\x62\x5f\x73\x65\162\x76\145\x72"] . "\x3b\x64\142\156\141\x6d\145\75" . $_DVWA["\x64\142\137\x64\x61\x74\x61\x62\x61\163\x65"] . "\x3b\x70\x6f\162\x74\x3d" . $_DVWA["\144\142\137\160\157\x72\164"] . "\x3b\x63\150\x61\x72\x73\x65\164\75\165\164\146\x38", $_DVWA["\144\x62\137\x75\163\x65\162"], $_DVWA["\144\x62\x5f\x70\141\x73\163\167\x6f\162\144"]); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); } elseif ($DBMS == "\120\107\x53\x51\114") { dvwaMessagePush("\120\157\163\x74\x67\x72\145\123\121\x4c\x20\x69\163\40\x6e\x6f\164\x20\x63\165\x72\x72\x65\156\164\154\x79\40\163\x75\x70\160\x6f\162\x74\145\x64\x2e"); dvwaPageReload(); } else { die("\125\156\153\156\157\x77\156\x20{$DBMS}\40\163\x65\x6c\x65\143\x74\145\144\x2e"); } if ($_DVWA["\x53\x51\x4c\x49\x5f\104\x42"] == SQLITE) { $location = DVWA_WEB_PAGE_TO_ROOT . "\x64\x61\x74\x61\142\141\x73\x65\57" . $_DVWA["\123\121\114\x49\124\x45\x5f\x44\x42"]; $sqlite_db_connection = new SQLite3($location); $sqlite_db_connection->enableExceptions(true); } } goto Atmzb; LCXJ3: ?>

Function Calls

None

Variables

None

Stats

MD5	6ab8a73290d4729510a01e07ccb2cd7e
Eval Count	0
Decode Time	109 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats