Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Setting up a vulnerable Guestbook


ghost's Avatar
0 0

okay so im not good with php at all and i have this open source script i got so i can practice javascript injections and XSS. so, can someone look at this and show me how to make this vulnerable sorry…im just not good with php here is the index file

<!-- This  is  a free tool provided by hioxidia.com -->
<!-- Please get in touch with us for using          -->
<!-- this product in a commercial site.             -->

<html>
<head>
</head>
<?php

$file = "gb.php";
$open = fopen($file, "r");
$size = filesize($file);
$count = fread($open, $size);

include 'col.php';

include 'header.php';
?>

<script language=javascript>

function checkMailId(mailids)
{
var arr = new Array('.com','.net','.org','.biz','.coop','.info','.museum','.name','.pro'
,'.edu','.gov','.int','.mil','.ac','.ad','.ae','.af','.ag','.ai','.al',
'.am','.an','.ao','.aq','.ar','.as','.at','.au','.aw','.az','.ba','.bb',
'.bd','.be','.bf','.bg','.bh','.bi','.bj','.bm','.bn','.bo','.br','.bs',
'.bt','.bv','.bw','.by','.bz','.ca','.cc','.cd','.cf','.cg','.ch','.ci',
'.ck','.cl','.cm','.cn','.co','.cr','.cu','.cv','.cx','.cy','.cz','.de',
'.dj','.dk','.dm','.do','.dz','.ec','.ee','.eg','.eh','.er','.es','.et',
'.fi','.fj','.fk','.fm','.fo','.fr','.ga','.gd','.ge','.gf','.gg','.gh',
'.gi','.gl','.gm','.gn','.gp','.gq','.gr','.gs','.gt','.gu','.gv','.gy',
'.hk','.hm','.hn','.hr','.ht','.hu','.id','.ie','.il','.im','.in','.io',
'.iq','.ir','.is','.it','.je','.jm','.jo','.jp','.ke','.kg','.kh','.ki',
'.km','.kn','.kp','.kr','.kw','.ky','.kz','.la','.lb','.lc','.li','.lk',
'.lr','.ls','.lt','.lu','.lv','.ly','.ma','.mc','.md','.mg','.mh','.mk',
'.ml','.mm','.mn','.mo','.mp','.mq','.mr','.ms','.mt','.mu','.mv','.mw',
'.mx','.my','.mz','.na','.nc','.ne','.nf','.ng','.ni','.nl','.no','.np',
'.nr','.nu','.nz','.om','.pa','.pe','.pf','.pg','.ph','.pk','.pl','.pm',
'.pn','.pr','.ps','.pt','.pw','.py','.qa','.re','.ro','.rw','.ru','.sa',
'.sb','.sc','.sd','.se','.sg','.sh','.si','.sj','.sk','.sl','.sm','.sn',
'.so','.sr','.st','.sv','.sy','.sz','.tc','.td','.tf','.tg','.th','.tj',
'.tk','.tm','.tn','.to','.tp','.tr','.tt','.tv','.tw','.tz','.ua','.ug',
'.uk','.um','.us','.uy','.uz','.va','.vc','.ve','.vg','.vi','.vn','.vu',
'.ws','.wf','.ye','.yt','.yu','.za','.zm','.zw');
var mai = mailids;
var val = true;

var dot = mai.lastIndexOf(".");
var ext = mai.substring(dot,mai.length);
var at = mai.indexOf("@");

if(dot > 5 && at >1){
for(var i=0; i<arr.length; i++){
if(ext == arr[i]){val = true;break;}else{val = false;}}if(val == false){
alert("Your maild "+mai+" is not corrrrect");
return false;}}else{alert("Your maild "+mai+" is not correct");
return false;}return true;}

function check()
{
var tex = document.ssa.comment.value;
var len = tex.length;
var rem = 300-len;

if(len >= 300)
{
	tex = tex.substring(0,300);
	document.ssa.comment.value =tex;
	return false;
}

if(rem<0)
rem=0;

document.ssa.rem.value =rem;
}

</script>

    <table cellpadding=4 cellspacing=0 border=0 align=center>
    <tr><td><br>Name *:</td><td><br>
    <form name=ssa action="added.php" METHOD="POST" onSubmit="return checkMailId(ssa.from.value)">
    <input type="text" name="name" size=20 maxlength="20"> [20]</td></tr>
    <tr><td>Email *:</td><td><input type="text" name="from" size=27 maxlength="50"> [50]</td></tr>
    <tr><td>WebSite:</td><td><input type="text" name="webs" size=27 maxlength="50"> [50]</td></tr>
     <tr><td colspan=2><br>Please add your comments/suggestions *: [300]<br>
        <textarea name="comment" rows=11 cols=55 wrap=physical onkeyup="check()"></textarea><br>
	  Words left - <input type="text" name="rem" size=3 readonly value=300> 
  </td></tr>
    <tr><td colspan=2 align=right><input type="submit" value="   Add   "></td></tr>
    </form>
  </table>

<br>
</td>
</tr>

<tr height=15% align=center><td align=center background="images/bg2.gif" style="font-size: 13px;">
<br>
<b><a href="lookgb.php"><font color=blue>Look in to My Guest Book</font></a></b> || 
<a href="admin.php"><font color=red>Admin Login</font></a><br>
<br>
<br>
<div align=right><font style="font-size: 12px;" > © copyright 
<a href="http://www.hscripts.com" style="text-decoration: none; color: #dadada;">hscripts.com</a></font></div>

</td>
</tr>
</table>

</body>
</html>```

many thanks

ghost's Avatar
0 0

give the source of ALL the files, all the php files, etc.


ghost's Avatar
0 0

col.pho


$bxcolor = "#f5f7f6";
$bdcolor = "0648c";
$fontcol = "04400";
$oddmess = "#f8f9fb";
$evenmess = "#f8f9fc";
$html_enable = "true";

?>

<!-- (c) copyright 2004, HIOX INDIA                 -->
<!-- This  is  a free tool provided by hioxidia.com -->
<!-- Please get in touch with us for using          -->
<!-- this product in a commercial site.             -->```

ghost's Avatar
0 0

header.php

<!-- This  is  a free tool provided by hioxidia.com -->
<!-- Please get in touch with us for using          -->
<!-- this product in a commercial site.             -->

<body style="font-family: Arial,Verdana,san-serif;  margin: 0px;" bgcolor="<?php echo($bdcolor);?>">
<table align=center width=80% height=100% cellpadding=0 cellspacing=0 border=1 bgcolor="<?php echo($bxcolor);?>">
<tr height=10% align=center>
<td height=80 align=center background="images/bg2.gif">
<br>
<font color=#223356><b>Welcome Guest</b></font><br>
<br>
</td>
</tr>

<tr  height=70% align=center>
<td align=left valign=top style="font-size: 14px; border: dashed 0px;">
<br>

<style>
a#tl{color: blue; text-decoration: none; font-size: 13px;}
a#tl:hover{color: aaaaff;}
</style>

<?php
if($block === false){
?>
<div align=center>
<a id=tl href="./admin.php">Admin HOME</a> ||
<a id=tl href="filter.php">Spam Filter</a> ||
<a id=tl href="ipblock.php">IP Blocker</a> ||
<a id=tl href="url.php">Properties</a>     
<a id=t1 href="logout.php">Logout</a>

</div>
<?php
}
?>```

ghost's Avatar
0 0

url.php

include "authheader.php";

if($block == false){

include 'col.php';
include 'header.php';
echo "<br><br><br>";
?>

<?php
  $iswrite = $_POST['what'];

  if($iswrite == "write")
  {
    $bx = $_POST['Box'];
       
    $bd = $_POST['Body'];
    $fc = $_POST['Font'];
    $omc = $_POST['Odd'];
    $emc = $_POST['Even'];
    $htmle = $_POST['var'];
    $file = fopen('col.php',w);
    
    fwrite($file,"<?php\n\n");
    fwrite($file,"$"."bxcolor = \"$bx\";\n");
    fwrite($file,"$"."bdcolor = \"$bd\";\n");
    fwrite($file,"$"."fontcol = \"$fc\";\n");
    fwrite($file,"$"."oddmess = \"$omc\";\n");
    fwrite($file,"$"."evenmess = \"$emc\";\n");
    fwrite($file,"$"."html_enable = \"$htmle\";\n\n");
    fwrite($file,"?>\n\n");
    fwrite($file, "<!-- (c) copyright 2004, HIOX INDIA                 -->\n");
    fwrite($file, "<!-- This  is  a free tool provided by hioxidia.com -->\n");
    fwrite($file, "<!-- Please get in touch with us for using          -->\n");
    fwrite($file, "<!-- this product in a commercial site.             -->\n");

    fclose($file);
}

include 'col.php';
?>


<table bgcolor=dfdff0 align=center style="padding: 10px; border:2px red groove;
        font-family: arial, verdana, san-serif; font-size: 14px;">

<form name = col method = post action = "url.php">
<tr><td>Box Color: </td><td> <input type="text"  name="Box" value = "<?php echo"$bxcolor"; ?>" /></td></tr>
<tr><td>Body Color: </td><td> <input type="text" name="Body" value = "<?php echo"$bdcolor";?>"/></td></tr>
<tr><td>Font Color: </td><td> <input type="text"  name="Font" value = "<?php echo"$fontcol"; ?>" /></td></tr>
<tr><td>Odd Msg Color: </td><td> <input type="text" name="Odd" value = "<?php echo"$oddmess"; ?>" /></td></tr>
<tr><td>Even Msg Color: </td><td> <input type="text" name="Even" value = "<?php echo"$evenmess";  ?>"/></td></tr>

<tr><td>HTML Tags: </td><td> 
<select name="var">
<option>Please select</option>
<?php
 if ($html_enable == "true")
 {
    echo "<option value=true selected>Enable</option>
    <option value=false>Disable</option>";
 }else {
    echo "<option value=true>Enable</option>
    <option value=false selected>Disable</option>";
 }
?>
</select>
</td></tr>
<tr><td colspan=2 align=right>
<input type=hidden value="write" name=what>
<input type='submit' value="change">
</td></tr>
<td colspan=2>Note:Change may cause  effect in proprerties</td>
</form>
</table>


</body>
</html>

<?php
}
?>

<!-- (c) copyright 2004, HIOX INDIA 		    -->
<!-- This  is  a free tool provided by hscripts.com -->
<!-- Please get in touch with us for using          -->
<!-- this product in a commercial site.             -->```

ghost's Avatar
0 0

filter.php

include "authheader.php";

if($block == false){

include 'col.php';
include 'header.php';

echo "<br><br><br>";

$iswrite = $_POST['what'];
if($iswrite == "write")
{
    echo "<div align=center style='color: green;'><b>filters have been updated</div>";    
    $str = $_POST['filters'];
    $file = fopen('fil.php',w);
    $ara = explode("\n",$str);
    fwrite($file, "<?php \n\n");
    for($yy=0; $yy<count($ara);$yy++)
    {
	$xxa = $ara[$yy];
	$xxa = trim($xxa);
           if($xxa != "")
	    fwrite($file, "$"."asi[$yy] = \"$xxa\";");
    }
    
    fwrite($file, $ara[$yy]);
    fwrite($file, "\n?>");
    fclose($file);
}

include "fil.php";
?>

<table bgcolor=dfdff0 align=center style="padding: 10px; border:2px red groove;
        font-family: arial, verdana, san-serif; font-size: 14px;">
<form name=fil method=post action="<?php echo "$PHP_SELF"; ?>">
<tr><td></td><td>Add/Edit Filters .....<br>
 <textarea name=filters rows=15 cols=50><?php
  for($xx=0; $xx<count($asi); $xx++)
  {
    $word = $asi[$xx];
    echo "$word \n"; 
  }
 ?>
 </textarea>
</td></tr>

<tr><td colspan=2 align=right>
<input type=hidden value=write name=what>
<input type='submit' value="create"> </td></tr>
<td colspan=2>Note: You wont get the messages Containig these Words </td>
</form>
</table>
</body>
</html>

<?php
}
?>

<!-- (c) copyright 2004, HIOX INDIA 		    -->
<!-- This  is  a free tool provided by hscripts.com -->
<!-- Please get in touch with us for using          -->
<!-- this product in a commercial site.             -->```

ghost's Avatar
0 0

I dont see any type of filtering there, although i only looked over it once. And that is by far 10x more complicated that you need, if all you want to do is a little xss practice.

ill code you a basic php guestbook if you want. will only take me a few minutes.


ghost's Avatar
0 0

Instead of taking a prepared PHP guestbook, the best way to make a vulnerable guestbook is to write one yourself. Just make a simple form and have it echo the fields to the original page. It may not be pretty, but it will work for what you want. Continue to build / expand it as you learn more about PHP. Just as with any language, the best way to learn it is to start from the ground up.


ghost's Avatar
0 0

cool….digitalfire if you wanna make it you can if not i will try my hand at it. but thanks for the replays