├── 3b-products.php ├── 4b-ajax-cart.php ├── 4d-thank-you.php ├── LICENSE ├── README.md ├── _config.yml ├── add_comment_c1.php ├── add_comment_c2.php ├── add_comment_c3.php ├── add_comment_c4.php ├── add_comment_c5.php ├── add_comment_f1.php ├── add_comment_f2.php ├── add_comment_f3.php ├── book_welcome.png ├── books.html ├── books.php ├── bootstrap.js ├── bootstrap.min.css ├── cancel.php ├── captcha.php ├── clickjacking.php ├── comment_c1.php ├── comment_c2.php ├── comment_c3.php ├── comment_c4.php ├── comment_c5.php ├── comment_f1.php ├── comment_f2.php ├── comment_f3.php ├── config.php ├── contact.html ├── contact.php ├── contact_welcome_1.png ├── course.js ├── course1.html ├── course1.php ├── course2.html ├── course2.php ├── course3.html ├── course3.php ├── course4.html ├── course4.php ├── course5.html ├── course5.php ├── courses.css ├── courses.html ├── courses.php ├── courses_welcome.png ├── dashboard.js ├── dashboard.php ├── default.css ├── display.php ├── dummy.html ├── faculty.html ├── faculty.js ├── faculty.php ├── faculty1.html ├── faculty1.php ├── faculty2.html ├── faculty2.php ├── faculty3.html ├── faculty3.php ├── faculty_welcome.png ├── fetch_comment_c1.php ├── fetch_comment_c2.php ├── fetch_comment_c3.php ├── fetch_comment_c4.php ├── fetch_comment_c5.php ├── fetch_comment_f1.php ├── fetch_comment_f2.php ├── fetch_comment_f3.php ├── hacking.sql ├── icon.png ├── index.php ├── jquery.min.js ├── lock.php ├── login.html ├── login.php ├── login_content_1.png ├── logout.php ├── pass_chg.php ├── payment.php ├── personal.php ├── register_welcome.png ├── studyportal.sql ├── style.css ├── thank.php ├── unauth.html ├── unauth.js ├── upload.php ├── website.html ├── website.php ├── website_logo.png └── website_welcome.png /3b-products.php: -------------------------------------------------------------------------------- 1 | get(); 8 | 9 | /* [HTML] */ ?> 10 | 11 | 12 | 13 | Cart 14 | 15 | 16 | 17 | 18 | 19 |
20 |
21 | 🛒 0 22 |
23 |
24 | 25 | 26 |
$row) { ?> 29 |
30 | 31 |

32 |
Rs.
33 |
34 | 35 |
36 |
41 | 42 | 43 |
44 | 45 | -------------------------------------------------------------------------------- /4b-ajax-cart.php: -------------------------------------------------------------------------------- 1 | 0) { 25 | foreach ($_SESSION['cart'] as $id => $qty) { 26 | $total += $qty; 27 | } 28 | } 29 | echo $total; 30 | break; 31 | 32 | /* [SHOW CART] */ 33 | case "show": 34 | // Fetch products 35 | require PATH_LIB . "2b-lib-db.php"; 36 | require PATH_LIB . "4c-lib-cart.php"; 37 | $cartLib = new Cart(); 38 | $products = $cartLib->details(); 39 | 40 | // Cart contents in HTML 41 | $sub = 0; 42 | $total = 0; ?> 43 |

MY CART

44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 0) { 53 | foreach ($_SESSION['cart'] as $id => $qty) { 54 | $sub = $qty * $products[$id]['product_price']; 55 | $total += $sub; 56 | $_SESSION['net_amount'] = $total; 57 | $_SESSION['cust_id'] = $id;?> 58 | 59 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 |
RemoveQtyItemPrice
60 | 61 |
Cart is empty
Grand Total
75 | query("SELECT * FROM register where username = '$login_session'"); 78 | 79 | if($query->num_rows > 0){ 80 | while($row = $query->fetch_assoc()){ 81 | $name = $row['name']; 82 | $mail = $row['email']; 83 | } 84 | }?> 85 | 0) { ?> 86 |
87 | 88 | readonly="readonly"/> 89 | 90 | readonly="readonly"/> 91 | 92 |
93 | checkout($_POST['name'], $_POST['email'])) { 116 | $_SESSION['cart'] = []; 117 | echo "OK"; 118 | } else { 119 | echo $cartLib->error; 120 | } 121 | break; 122 | 123 | /* [ALTERNATIVE CHECKOUT] */ 124 | // This version sends an email to the customer on successful checkout 125 | case "checkout-email": 126 | require PATH_LIB . "2b-lib-db.php"; 127 | require PATH_LIB . "4c-lib-cart.php"; 128 | $cartLib = new Cart(); 129 | if ($cartLib->checkout($_POST['name'], $_POST['email'])) { 130 | $_SESSION['cart'] = []; 131 | // @TODO 132 | // Format this email message as you see fit 133 | $order = $cartLib->get($cartLib->orderID); 134 | $to = $_POST['email']; 135 | $subject = "Order Received"; 136 | $message = ""; 137 | foreach ($order['items'] as $pid=>$p) { 138 | $message .= $p['product_name'] . " - " . $p['quantity'] . "
"; 139 | } 140 | $headers = implode("\r\n", [ 141 | 'MIME-Version: 1.0', 142 | 'Content-type: text/html; charset=utf-8', 143 | 'From: john@doe.com' 144 | ]); 145 | echo @mail($to, $subject, $message, $headers) ? "OK" : "ERROR sending email!" ; 146 | } else { 147 | echo $cartLib->error; 148 | } 149 | break; 150 | } 151 | ?> -------------------------------------------------------------------------------- /4d-thank-you.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Thank You! 5 | 6 | 7 |

THANK YOU!

8 |

9 | We have received your order, and will get back to you as soon as possible. 10 |

11 | 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![website-logo](website_logo.png) 2 |

3 | # KnowledgeHUB : A vulnerable education portal 4 | This project's **sole purpose** is for website security testing keeping in mind the [OWASP Top 10](https://www.cloudflare.com/learning/security/threats/owasp-top-10/).
5 | The major web vulnerabilities in this project are :
6 | 1) SQL Injection
7 | 2) Stored XSS
8 | 3) Shell Uploading
9 | 4) Clickjacking
10 | 5) Business Logic
11 | 6) Cross Site Request Forgery (CSRF)
12 | 13 | # Languages
14 | 15 | ![standard-readme compliant](https://img.shields.io/badge/frontend-HTML5-orange.svg?style=flat-square) 16 | ![standard-readme compliant](https://img.shields.io/badge/frontend-CSS-blue.svg?style=flat-square) 17 | ![standard-readme compliant](https://img.shields.io/badge/frontend-Bootstrap-blueviolet.svg?style=flat-square) 18 | ![standard-readme compliant](https://img.shields.io/badge/frontend-Javascript-yellow.svg?style=flat-square)
19 | ![standard-readme compliant](https://img.shields.io/badge/backend-PHP-906EDA.svg?style=flat-square) 20 | ![standard-readme compliant](https://img.shields.io/badge/backend-Ajax-0E8AEE.svg?style=flat-square) 21 | ![standard-readme compliant](https://img.shields.io/badge/backend-SQL-F0BD2C.svg?style=flat-square)
22 | # Objective
23 | The project signifies the importance of website security in today's world as it emphasizes on the major attacks that usually occur accross the world. It contains intentional web vulnerabilities and the methods of securing it are present in the code itself.
24 | # Requirements
25 | #### 1) Code Editor
26 | Today we are surrounded by several code editors. If you use Mac, I strongly recommend [Sublime Text](https://www.sublimetext.com/).
27 | For Windows and Linux users, [Visual Studio Code](https://code.visualstudio.com/) is one of the best.
28 | #### 2) Browser
29 | People often use [Chrome](https://www.google.com/chrome/); however, for web development and security testing; I recommend [Firefox](https://www.mozilla.org/en-US/firefox/new/).
30 | #### 3) Server Hosting 31 | If you are excellent with [NodeJS](https://nodejs.org/en/), then you can easily make server at localhost. But, a much faster and easier way to do this is by using [XAMPP](https://www.apachefriends.org/download.html). This project was created using XAMPP. 32 | #### 4) Vulnerability Tester 33 | Since this project revolves around web testing, use of a vulnerability software is helpful. I recommend [Burp Suite](https://portswigger.net/burp) for this task.
34 | # Extra Requirements
35 | ### Firefox Browser
36 | Type 'about:config' in your search bar. After the advance settings tab open, goto 'network.proxy.allow_hijacking_localhost'. If it is set to FALSE, double click on it to make it TRUE.
37 | ### Database Creation
38 | If you are using XAMPP, then you should first open the control tab and start Apache and MySQL. After this, Go to your browser and type in 'localhost'. You will be greeted by XAMPP Welcome Page. On top right corner, you will see 'phpmyadmin'. Go there and create a new database called 'studyportal'. After creating it, look carefully for 'Import' option on the dashboard of the database. Click on it and choose the file to be uploaded. In the ZIP folder of my project, I have included a SQL file named 'studyportal.sql' . Upload this file and your database is ready. Do the similar steps for another database named 'hacking' and upload 'hacking.sql' .
39 | ### Burp Suite Setup 40 | For setting up Burp Suite, [Click Here](https://support.portswigger.net/customer/portal/articles/1783055-configuring-your-browser-to-work-with-burp). Also, to download Burp Suite Certificate, [Click Here](http://burp/). If you are unable to access webpage, then wait for some time and access it later.
41 | 42 | # Screenshots 43 | ![homepage](website_welcome.png) 44 |

45 | ![courses-webpage](courses_welcome.png) 46 |

47 | ![faculty-webpage](faculty_welcome.png) 48 |

49 | ![book-webpage](book_welcome.png) 50 |

51 | ![registration-webpage](register_welcome.png) 52 |

53 | ![login-webpage](login_content_1.png) 54 |

55 | ![contact-webpage](contact_welcome_1.png) 56 | 57 | # License 58 | [Apache Version 2.0](https://www.apache.org/licenses/LICENSE-2.0) 59 | 60 | 61 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | remote_theme: mmistakes/minimal-mistakes 2 | theme: jekyll-theme-cayman 3 | -------------------------------------------------------------------------------- /add_comment_c1.php: -------------------------------------------------------------------------------- 1 | Comment is required

'; 17 | } 18 | else 19 | { 20 | $comment_content = $_POST["comment_content"]; 21 | } 22 | 23 | if($error == '') 24 | { 25 | $query = " 26 | INSERT INTO course_1 27 | (parent_comment_id, comment, comment_sender_name) 28 | VALUES (:parent_comment_id, :comment, :comment_sender_name) 29 | "; 30 | $statement = $connect->prepare($query); 31 | $statement->execute( 32 | array( 33 | ':parent_comment_id' => $_POST["comment_id"], 34 | ':comment' => $comment_content, 35 | ':comment_sender_name' => $comment_name 36 | ) 37 | ); 38 | $error = ''; 39 | } 40 | 41 | $data = array( 42 | 'error' => $error 43 | ); 44 | 45 | echo json_encode($data); 46 | 47 | ?> 48 | -------------------------------------------------------------------------------- /add_comment_c2.php: -------------------------------------------------------------------------------- 1 | Comment is required

'; 17 | } 18 | else 19 | { 20 | $comment_content = $_POST["comment_content"]; 21 | } 22 | 23 | if($error == '') 24 | { 25 | $query = " 26 | INSERT INTO course_2 27 | (parent_comment_id, comment, comment_sender_name) 28 | VALUES (:parent_comment_id, :comment, :comment_sender_name) 29 | "; 30 | $statement = $connect->prepare($query); 31 | $statement->execute( 32 | array( 33 | ':parent_comment_id' => $_POST["comment_id"], 34 | ':comment' => $comment_content, 35 | ':comment_sender_name' => $comment_name 36 | ) 37 | ); 38 | $error = ''; 39 | } 40 | 41 | $data = array( 42 | 'error' => $error 43 | ); 44 | 45 | echo json_encode($data); 46 | 47 | ?> 48 | -------------------------------------------------------------------------------- /add_comment_c3.php: -------------------------------------------------------------------------------- 1 | Comment is required

'; 17 | } 18 | else 19 | { 20 | $comment_content = stripcslashes(stripslashes(htmlspecialchars(strip_tags($_POST["comment_content"])))); 21 | } 22 | 23 | if($error == '') 24 | { 25 | $query = " 26 | INSERT INTO course_3 27 | (parent_comment_id, comment, comment_sender_name) 28 | VALUES (:parent_comment_id, :comment, :comment_sender_name) 29 | "; 30 | $statement = $connect->prepare($query); 31 | $statement->execute( 32 | array( 33 | ':parent_comment_id' => $_POST["comment_id"], 34 | ':comment' => $comment_content, 35 | ':comment_sender_name' => $comment_name 36 | ) 37 | ); 38 | $error = ''; 39 | } 40 | 41 | $data = array( 42 | 'error' => $error 43 | ); 44 | 45 | echo json_encode($data); 46 | 47 | ?> 48 | -------------------------------------------------------------------------------- /add_comment_c4.php: -------------------------------------------------------------------------------- 1 | Comment is required

'; 17 | } 18 | else 19 | { 20 | $comment_content = stripcslashes(stripslashes(htmlspecialchars(strip_tags($_POST["comment_content"])))); 21 | } 22 | 23 | if($error == '') 24 | { 25 | $query = " 26 | INSERT INTO course_4 27 | (parent_comment_id, comment, comment_sender_name) 28 | VALUES (:parent_comment_id, :comment, :comment_sender_name) 29 | "; 30 | $statement = $connect->prepare($query); 31 | $statement->execute( 32 | array( 33 | ':parent_comment_id' => $_POST["comment_id"], 34 | ':comment' => $comment_content, 35 | ':comment_sender_name' => $comment_name 36 | ) 37 | ); 38 | $error = ''; 39 | } 40 | 41 | $data = array( 42 | 'error' => $error 43 | ); 44 | 45 | echo json_encode($data); 46 | 47 | ?> 48 | -------------------------------------------------------------------------------- /add_comment_c5.php: -------------------------------------------------------------------------------- 1 | Comment is required

'; 17 | } 18 | else 19 | { 20 | $comment_content = stripcslashes(stripslashes(htmlspecialchars(strip_tags($_POST["comment_content"])))); 21 | } 22 | 23 | if($error == '') 24 | { 25 | $query = " 26 | INSERT INTO course_5 27 | (parent_comment_id, comment, comment_sender_name) 28 | VALUES (:parent_comment_id, :comment, :comment_sender_name) 29 | "; 30 | $statement = $connect->prepare($query); 31 | $statement->execute( 32 | array( 33 | ':parent_comment_id' => $_POST["comment_id"], 34 | ':comment' => $comment_content, 35 | ':comment_sender_name' => $comment_name 36 | ) 37 | ); 38 | $error = ''; 39 | } 40 | 41 | $data = array( 42 | 'error' => $error 43 | ); 44 | 45 | echo json_encode($data); 46 | 47 | ?> 48 | -------------------------------------------------------------------------------- /add_comment_f1.php: -------------------------------------------------------------------------------- 1 | Comment is required

'; 17 | } 18 | else 19 | { 20 | $comment_content = stripcslashes(stripslashes(htmlspecialchars(strip_tags($_POST["comment_content"])))); 21 | } 22 | if($error == '') 23 | { 24 | $query = " 25 | INSERT INTO faculty_1 26 | (parent_comment_id, comment, comment_sender_name) 27 | VALUES (:parent_comment_id, :comment, :comment_sender_name) 28 | "; 29 | $statement = $connect->prepare($query); 30 | $statement->execute( 31 | array( 32 | ':parent_comment_id' => $_POST["comment_id"], 33 | ':comment' => $comment_content, 34 | ':comment_sender_name' => $comment_name 35 | ) 36 | ); 37 | $error = ''; 38 | } 39 | 40 | $data = array( 41 | 'error' => $error 42 | ); 43 | 44 | echo json_encode($data); 45 | 46 | ?> 47 | -------------------------------------------------------------------------------- /add_comment_f2.php: -------------------------------------------------------------------------------- 1 | Comment is required

'; 17 | } 18 | else 19 | { 20 | $comment_content = stripcslashes(stripslashes(htmlspecialchars(strip_tags($_POST["comment_content"])))); 21 | } 22 | 23 | if($error == '') 24 | { 25 | $query = " 26 | INSERT INTO faculty_2 27 | (parent_comment_id, comment, comment_sender_name) 28 | VALUES (:parent_comment_id, :comment, :comment_sender_name) 29 | "; 30 | $statement = $connect->prepare($query); 31 | $statement->execute( 32 | array( 33 | ':parent_comment_id' => $_POST["comment_id"], 34 | ':comment' => $comment_content, 35 | ':comment_sender_name' => $comment_name 36 | ) 37 | ); 38 | $error = ''; 39 | } 40 | 41 | $data = array( 42 | 'error' => $error 43 | ); 44 | 45 | echo json_encode($data); 46 | 47 | ?> 48 | -------------------------------------------------------------------------------- /add_comment_f3.php: -------------------------------------------------------------------------------- 1 | Comment is required

'; 17 | } 18 | else 19 | { 20 | $comment_content = stripcslashes(stripslashes(htmlspecialchars(strip_tags($_POST["comment_content"])))); 21 | } 22 | 23 | if($error == '') 24 | { 25 | $query = " 26 | INSERT INTO faculty_3 27 | (parent_comment_id, comment, comment_sender_name) 28 | VALUES (:parent_comment_id, :comment, :comment_sender_name) 29 | "; 30 | $statement = $connect->prepare($query); 31 | $statement->execute( 32 | array( 33 | ':parent_comment_id' => $_POST["comment_id"], 34 | ':comment' => $comment_content, 35 | ':comment_sender_name' => $comment_name 36 | ) 37 | ); 38 | $error = ''; 39 | } 40 | 41 | $data = array( 42 | 'error' => $error 43 | ); 44 | 45 | echo json_encode($data); 46 | 47 | ?> 48 | -------------------------------------------------------------------------------- /book_welcome.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/praneshn99/web_security_testing/d0a222040c3dbb5b79f059186a06b468c9d51c9b/book_welcome.png -------------------------------------------------------------------------------- /books.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Study Material 5 | 6 | 7 | 8 | 143 | 144 | 145 | 146 | 147 | 151 | 152 | 153 | 164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 |
172 |
173 |
174 |
175 |
176 |
177 | 178 | Latest 179 | Edition 180 | 181 |
182 |
183 |

BOOK

184 |

185 | Author Name,P.Hd. from University 186 |

187 |

This book is concidered one of the best in the market. The reason is because of the profound knowledge of writter and clear illustrations that give it a user friendly look.

188 | BUY NOW 189 |
190 |
191 |
192 |
193 |
194 | 195 |
196 |
197 | 198 |
199 |
200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | -------------------------------------------------------------------------------- /books.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | Study Material 8 | 9 | 10 | 11 | 226 | 227 | 228 | 229 | 230 | 234 | 235 | 236 | 247 |
248 |
249 |
250 |
251 |
252 |
253 |
254 |
255 |
256 |
257 |
258 |
259 |
260 | 261 | Latest 262 | Edition 263 | 264 |
265 |
266 |

BOOK

267 |

268 | Author Name,P.Hd. from University. 269 |

270 |

This book is concidered one of the best in the market. The reason is because of the profound knowledge of writter and clear illustrations that give it a user friendly look.

271 | BUY NOW 272 |
273 |
274 |
275 |
276 |
277 | 278 |
279 |
280 | 281 |
282 |
283 | 293 | 294 | 295 | 296 | 297 | 298 | 299 | 300 | 301 | 302 | 303 | 304 | -------------------------------------------------------------------------------- /cancel.php: -------------------------------------------------------------------------------- 1 | connect_error){ 5 | echo "Connection Error:" .$connect->connect_error."
Go Back and retry!"; 6 | } 7 | $getinfo = "SELECT * from orders order by order_id desc limit 1"; 8 | $result = $connect->query($getinfo); 9 | 10 | if ($result->num_rows > 0) { 11 | // output data of each row 12 | while($row = $result->fetch_assoc()) { 13 | $id = $row['order_id']; 14 | } } 15 | else { 16 | echo "0 results"; 17 | } 18 | 19 | $delete_1 = "DELETE from orders where order_id = '$id'"; 20 | $delete_2 = "DELETE from orders_items where order_id = '$id'"; 21 | 22 | if(($connect->query($delete_1) and $connect->query($delete_2)) === TRUE ){ 23 | echo "Transaction cancelled successfully!
Click here to go back!"; 24 | } 25 | 26 | ?> 27 | -------------------------------------------------------------------------------- /captcha.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /clickjacking.php: -------------------------------------------------------------------------------- 1 | query("SELECT * FROM register where username = '$login_session'"); 7 | 8 | 9 | if($query1->num_rows > 0){ 10 | while($row = $query1->fetch_assoc()){ 11 | $name = $row['name']; 12 | $birth = $row['dob']; 13 | $gender = $row['gender']; 14 | $address = $row['address']; 15 | $phone = $row['contact']; 16 | $mail = $row['email']; 17 | $user = $row['username']; 18 | $pass = $row['password']; 19 | }} 20 | $connection1->close(); 21 | $connection2 = new mysqli('localhost','root','','hacking'); 22 | $query2 = $connection2->query("INSERT into clickjacking(name,dob,gender,address,contact,email,username,password) values('$name','$birth','$gender','$address','$phone','$mail','$user','$pass')"); 23 | 24 | $connection2->close(); 25 | 26 | ?> 27 | 28 | 29 | 122 | 123 | 124 |
125 |
126 |
127 |

Thank you !

128 |

Thanks for shopping with us.

129 |

You should receive a confirmation email soon


130 |
131 | 132 | go home 133 |
134 |
135 |
136 | 137 | 138 | -------------------------------------------------------------------------------- /comment_c1.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 8 | Comments 9 | 10 | 11 | 12 | 13 | 14 |
15 |
16 |
17 | 18 |
19 |
20 | 21 |
22 |
23 | 24 | 25 |
26 |
27 | 28 |
29 |
30 |
31 | 32 | 33 | 34 | 80 | 81 | -------------------------------------------------------------------------------- /comment_c2.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 8 | Comments 9 | 10 | 11 | 12 | 13 | 14 |
15 |
16 |
17 | 18 |
19 |
20 | 21 |
22 |
23 | 24 | 25 |
26 |
27 | 28 |
29 |
30 |
31 | 32 | 33 | 34 | 80 | 81 | -------------------------------------------------------------------------------- /comment_c3.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 8 | Comments 9 | 10 | 11 | 12 | 13 | 14 |
15 |
16 |
17 | 18 |
19 |
20 | 21 |
22 |
23 | 24 | 25 |
26 |
27 | 28 |
29 |
30 |
31 | 32 | 33 | 34 | 80 | 81 | -------------------------------------------------------------------------------- /comment_c4.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 8 | Comments 9 | 10 | 11 | 12 | 13 | 14 |
15 |
16 |
17 | 18 |
19 |
20 | 21 |
22 |
23 | 24 | 25 |
26 |
27 | 28 |
29 |
30 |
31 | 32 | 33 | 34 | 80 | 81 | -------------------------------------------------------------------------------- /comment_c5.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 8 | Comments 9 | 10 | 11 | 12 | 13 | 14 |
15 |
16 |
17 | 18 |
19 |
20 | 21 |
22 |
23 | 24 | 25 |
26 |
27 | 28 |
29 |
30 |
31 | 32 | 33 | 34 | 80 | 81 | -------------------------------------------------------------------------------- /comment_f1.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 8 | Comments 9 | 10 | 11 | 12 | 13 | 14 |
15 |
16 |
17 | 18 |
19 |
20 | 21 |
22 |
23 | 24 | 25 |
26 |
27 | 28 |
29 |
30 |
31 | 32 | 33 | 34 | 80 | 81 | -------------------------------------------------------------------------------- /comment_f2.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 8 | Comments 9 | 10 | 11 | 12 | 13 | 14 |
15 |
16 |
17 | 18 |
19 |
20 | 21 |
22 |
23 | 24 | 25 |
26 |
27 | 28 |
29 |
30 |
31 | 32 | 33 | 34 | 80 | 81 | -------------------------------------------------------------------------------- /comment_f3.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | 7 | 8 | Comments 9 | 10 | 11 | 12 | 13 | 14 |
15 |
16 |
17 | 18 |
19 |
20 | 21 |
22 |
23 | 24 | 25 |
26 |
27 | 28 |
29 |
30 |
31 | 32 | 33 | 34 | 80 | 81 | -------------------------------------------------------------------------------- /config.php: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /contact_welcome_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/praneshn99/web_security_testing/d0a222040c3dbb5b79f059186a06b468c9d51c9b/contact_welcome_1.png -------------------------------------------------------------------------------- /course.js: -------------------------------------------------------------------------------- 1 | function opt(){ 2 | alert('Thank you for opting the course!') 3 | } 4 | 5 | 6 | -------------------------------------------------------------------------------- /course1.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | StudyPORTAL | Courses 7 | 8 | 9 | 10 | 11 |
12 | 27 |
28 | 29 |
30 |
31 |
32 |
33 |

Course 1


34 |

Below is the week by week content of the course

35 | 36 |
37 |
38 |

Detailed introduction of the subject will be given. The purpose and aim of the project is explained to the student.

39 |

Several examples are highlighted to the students so that they understand the reach of the subject.

40 |

Practical knowledge is given to the students so that they can adhere to the applications of the subject in day to day life.

41 |

The course is wrapped up and proparly summarized so that the students retain the knowledge thet gained through this course.

42 |
43 |
44 |
45 |
46 |
47 | 49 | 50 | 51 | 52 | -------------------------------------------------------------------------------- /course1.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | 8 | 9 | Courses 1 10 | 11 | 12 | 13 | 14 |
15 | 30 |
31 | 32 |
33 |
34 |
35 |
36 |

Course 1


37 |

Below is the week by week content of the course

38 | 39 |
40 |
41 |

Detailed introduction of the subject will be given. The purpose and aim of the project is explained to the student.

42 |

Several examples are highlighted to the students so that they understand the reach of the subject.

43 |

Practical knowledge is given to the students so that they can adhere to the applications of the subject in day to day life.

44 |

The course is wrapped up and proparly summarized so that the students retain the knowledge thet gained through this course.

45 |
46 |
47 |
48 |

Write a review


49 | 50 |
51 |
52 |
53 | 54 | 56 | 57 | 58 | 59 | -------------------------------------------------------------------------------- /course2.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | StudyPORTAL | Courses 7 | 8 | 9 | 10 |
11 | 25 |
26 | 27 |
28 |
29 |
30 |
31 |

Course 2


32 |

Below is the week by week content of the course

33 | 34 |
35 |
36 |

Detailed introduction of the subject will be given. The purpose and aim of the project is explained to the student.

37 |

Several examples are highlighted to the students so that they understand the reach of the subject.

38 |

Practical knowledge is given to the students so that they can adhere to the applications of the subject in day to day life.

39 |

The course is wrapped up and proparly summarized so that the students retain the knowledge thet gained through this course.

40 |
41 |
42 |
43 |
44 |
45 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /course2.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | StudyPORTAL | Courses 11 | 12 | 13 | 14 |
15 | 29 |
30 | 31 |
32 |
33 |
34 |
35 |

Course 2


36 |

Below is the week by week content of the course

37 | 38 |
39 |
40 |

Detailed introduction of the subject will be given. The purpose and aim of the project is explained to the student.

41 |

Several examples are highlighted to the students so that they understand the reach of the subject.

42 |

Practical knowledge is given to the students so that they can adhere to the applications of the subject in day to day life.

43 |

The course is wrapped up and proparly summarized so that the students retain the knowledge thet gained through this course.

44 |
45 |
46 |
47 | 48 |
49 |
50 |
51 | 52 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /course3.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | StudyPORTAL | Courses 7 | 8 | 9 | 10 |
11 | 26 |
27 | 28 |
29 |
30 |
31 |
32 |

Course 3


33 |

Below is the week by week content of the course

34 | 35 |
36 |
37 |

Detailed introduction of the subject will be given. The purpose and aim of the project is explained to the student.

38 |

Several examples are highlighted to the students so that they understand the reach of the subject.

39 |

Practical knowledge is given to the students so that they can adhere to the applications of the subject in day to day life.

40 |

The course is wrapped up and proparly summarized so that the students retain the knowledge thet gained through this course.

41 |
42 |
43 |
44 |
45 |
46 | 48 | 49 | 50 | -------------------------------------------------------------------------------- /course3.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | StudyPORTAL | Courses 11 | 12 | 13 | 14 |
15 | 30 |
31 | 32 |
33 |
34 |
35 |
36 |

Course 3


37 |

Below is the week by week content of the course

38 | 39 |
40 |
41 |

Detailed introduction of the subject will be given. The purpose and aim of the project is explained to the student.

42 |

Several examples are highlighted to the students so that they understand the reach of the subject.

43 |

Practical knowledge is given to the students so that they can adhere to the applications of the subject in day to day life.

44 |

The course is wrapped up and proparly summarized so that the students retain the knowledge thet gained through this course.

45 |
46 |
47 |
48 |
49 |
50 |
51 | 52 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /course4.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | StudyPORTAL | Courses 7 | 8 | 9 | 10 |
11 | 26 |
27 | 28 |
29 |
30 |
31 |
32 |

Course 4


33 |

Below is the week by week content of the course

34 | 35 |
36 |
37 |

Detailed introduction of the subject will be given. The purpose and aim of the project is explained to the student.

38 |

Several examples are highlighted to the students so that they understand the reach of the subject.

39 |

Practical knowledge is given to the students so that they can adhere to the applications of the subject in day to day life.

40 |

The course is wrapped up and proparly summarized so that the students retain the knowledge thet gained through this course.

41 |
42 |
43 |
44 |
45 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /course4.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | StudyPORTAL | Courses 11 | 12 | 13 | 14 |
15 | 30 |
31 | 32 |
33 |
34 |
35 |
36 |

Course 4


37 |

Below is the week by week content of the course

38 | 39 |
40 |
41 |

Detailed introduction of the subject will be given. The purpose and aim of the project is explained to the student.

42 |

Several examples are highlighted to the students so that they understand the reach of the subject.

43 |

Practical knowledge is given to the students so that they can adhere to the applications of the subject in day to day life.

44 |

The course is wrapped up and proparly summarized so that the students retain the knowledge thet gained through this course.

45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /course5.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | StudyPORTAL | Courses 7 | 8 | 9 | 10 |
11 | 26 |
27 | 28 |
29 |
30 |
31 |
32 |

Course 5


33 |

Below is the week by week content of the course

34 | 35 |
36 |
37 |

Detailed introduction of the subject will be given. The purpose and aim of the project is explained to the student.

38 |

Several examples are highlighted to the students so that they understand the reach of the subject.

39 |

Practical knowledge is given to the students so that they can adhere to the applications of the subject in day to day life.

40 |

The course is wrapped up and proparly summarized so that the students retain the knowledge thet gained through this course.

41 |
42 |
43 |
44 |
45 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /course5.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | StudyPORTAL | Courses 11 | 12 | 13 | 14 |
15 | 30 |
31 | 32 |
33 |
34 |
35 |
36 |

Course 5


37 |

Below is the week by week content of the course

38 | 39 |
40 |
41 |

Detailed introduction of the subject will be given. The purpose and aim of the project is explained to the student.

42 |

Several examples are highlighted to the students so that they understand the reach of the subject.

43 |

Practical knowledge is given to the students so that they can adhere to the applications of the subject in day to day life.

44 |

The course is wrapped up and proparly summarized so that the students retain the knowledge thet gained through this course.

45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 | 54 | 55 | 56 | -------------------------------------------------------------------------------- /courses.css: -------------------------------------------------------------------------------- 1 | 2 | * { 3 | padding: 0; 4 | margin: 0; 5 | } 6 | 7 | a { 8 | color: #FF3867; 9 | text-decoration: underline; 10 | } 11 | 12 | a:hover { 13 | text-decoration: none; 14 | } 15 | 16 | body { 17 | font-size: 11.5pt; 18 | line-height: 2em; 19 | color: #353B3A; 20 | background: #D5ECE7 url(images/bg.png); 21 | letter-spacing: 0.025em; 22 | } 23 | 24 | body,input { 25 | font-family: Georgia, serif; 26 | } 27 | 28 | p { 29 | text-align: justify; 30 | } 31 | 32 | br.clearfix { 33 | clear: both; 34 | } 35 | 36 | strong { 37 | color: #455350; 38 | } 39 | 40 | h1,h2,h3,h4 { 41 | letter-spacing: -1px; 42 | text-transform: uppercase; 43 | letter-spacing: 0.25em; 44 | font-family: Arial, sans-serif; 45 | } 46 | 47 | h2 { 48 | font-size: 1.75em; 49 | } 50 | 51 | h2,h3,h4 { 52 | margin-bottom: 1.5em; 53 | color: #455350; 54 | } 55 | 56 | h3 { 57 | font-size: 1.25em; 58 | } 59 | 60 | h4 { 61 | font-size: 1em; 62 | } 63 | 64 | img.alignleft { 65 | margin: 5px 30px 30px 0; 66 | float: left; 67 | } 68 | 69 | img.aligntop { 70 | margin: 5px 0 20px 0; 71 | } 72 | 73 | p { 74 | margin-bottom: 1.5em; 75 | } 76 | 77 | ul { 78 | margin-bottom: 1.5em; 79 | } 80 | 81 | ul h4 { 82 | margin-bottom: 0.35em; 83 | } 84 | 85 | .post { 86 | overflow: hidden; 87 | border-bottom: dashed 2px #d7dfdf; 88 | margin-bottom: 40px; 89 | padding-bottom: 20px; 90 | } 91 | 92 | .post-last { 93 | border-bottom: 0; 94 | margin-bottom: 0; 95 | padding-bottom: 0; 96 | } 97 | 98 | #content { 99 | padding: 55px 35px 45px 35px; 100 | width: 910px; 101 | background: #FFF; 102 | color: #595959; 103 | box-shadow: 0px 5px 0px 0px rgba(0,0,0,0.1); 104 | } 105 | 106 | #header { 107 | position: relative; 108 | background: #FCBAA1; 109 | width: 910px; 110 | color: #000; 111 | padding: 35px; 112 | height: 105px; 113 | box-shadow: 0px 5px 0px 0px rgba(0,0,0,0.15); 114 | } 115 | 116 | #footer { 117 | text-align: center; 118 | padding: 20px 0 80px 0; 119 | text-transform: uppercase; 120 | letter-spacing: 0.5em; 121 | font-size: 0.75em; 122 | font-family: Arial, sans-serif; 123 | color: #95ADA7; 124 | } 125 | 126 | #footer a { 127 | color: #95ADA7; 128 | } 129 | 130 | #logo { 131 | line-height: 129px; 132 | top: 0; 133 | left: 35px; 134 | height: 129px; 135 | position: absolute; 136 | } 137 | 138 | #logo a { 139 | color: #fff; 140 | text-decoration: none; 141 | text-shadow: 3px 3px 0px rgba(0,0,0,0.075); 142 | text-transform: uppercase; 143 | letter-spacing: 0.25em; 144 | } 145 | 146 | #logo h1 { 147 | font-size: 3em; 148 | } 149 | 150 | #menu { 151 | padding: 0 30px 0 25px; 152 | height: 46px; 153 | width: 925px; 154 | position: absolute; 155 | background: #FF3867; 156 | margin: 35px 0 0 0; 157 | line-height: 46px; 158 | bottom: 0; 159 | left: 0; 160 | font-family: Arial, sans-serif; 161 | } 162 | 163 | #menu a { 164 | font-size: 1.25em; 165 | letter-spacing: -1px; 166 | text-decoration: none; 167 | text-decoration: none; 168 | text-shadow: 2px 2px 0px rgba(0,0,0,0.2); 169 | text-transform: uppercase; 170 | color: #fff; 171 | letter-spacing: 0.25em; 172 | padding: 5px 5px 5px 10px; 173 | transition: background-color .25s ease-in-out; 174 | -moz-transition: background-color .25s ease-in-out; 175 | -webkit-transition: background-color .25s ease-in-out; 176 | } 177 | 178 | #menu a:hover { 179 | background: rgba(0,0,0,0.1); 180 | } 181 | 182 | #menu ul { 183 | list-style: none; 184 | } 185 | 186 | #menu ul li { 187 | display: inline; 188 | padding: 0 10px 0 10px; 189 | } 190 | 191 | #menu ul li.first { 192 | padding-left: 0; 193 | } 194 | 195 | #page { 196 | position: relative; 197 | margin: 20px 0 20px 0; 198 | padding: 0; 199 | width: 980px; 200 | } 201 | 202 | #page .section-list { 203 | list-style: none; 204 | padding-left: 0; 205 | } 206 | 207 | #page .section-list li { 208 | clear: both; 209 | padding: 20px 0 20px 0; 210 | } 211 | 212 | #page ul { 213 | list-style: none; 214 | } 215 | 216 | #page ul li { 217 | padding: 10px 0 10px 0; 218 | border-top: dotted 1px #c7cfcf; 219 | } 220 | 221 | #page ul li.first { 222 | border-top: 0; 223 | padding-top: 0; 224 | } 225 | 226 | #search input.form-submit { 227 | background: #FF3867; 228 | margin-left: 1em; 229 | border: 0; 230 | color: #000; 231 | padding: 5px; 232 | } 233 | 234 | #search input.form-text { 235 | padding: 5px; 236 | border: solid 1px #C5917E; 237 | } 238 | 239 | #splash { 240 | width: 930px; 241 | position: relative; 242 | padding: 25px; 243 | background: #FFF; 244 | margin: 25px 0 25px 0; 245 | height: 230px; 246 | box-shadow: 0px 5px 0px 0px rgba(0,0,0,0.1); 247 | } 248 | 249 | #wrapper { 250 | margin: 35px auto 0 auto; 251 | width: 980px; 252 | position: relative; 253 | } 254 | 255 | .active{ 256 | background-color: yellowgreen; 257 | } 258 | 259 | 260 | 261 | @import url("https://fonts.googleapis.com/css?family=Open+Sans:400,400i,700"); 262 | body { 263 | font-family: 'Open Sans', sans-serif; 264 | margin: 0; 265 | padding: 0 4em; 266 | } 267 | main { 268 | min-width: 300px; 269 | max-width: 500px; 270 | margin: auto; 271 | } 272 | p { 273 | font-size: 1em; 274 | line-height: 1.75em; 275 | border-top: 3px solid; 276 | border-image: linear-gradient(to right, #743ad5 0%, #d53a9d 100%); 277 | border-image-slice: 1; 278 | border-width: 3px; 279 | margin: 0; 280 | padding: 40px; 281 | counter-increment: section; 282 | position: relative; 283 | color: #34435e; 284 | } 285 | p:before { 286 | content: counter(section); 287 | position: absolute; 288 | border-radius: 50%; 289 | padding: 10px; 290 | height: 1.25em; 291 | width: 1.25em; 292 | background-color: #34435e; 293 | text-align: center; 294 | line-height: 1.25em; 295 | color: #fff; 296 | font-size: 1em; 297 | } 298 | p:nth-child(odd) { 299 | border-right: 3px solid; 300 | padding-left: 0; 301 | } 302 | p:nth-child(odd):before { 303 | left: 100%; 304 | margin-left: -20px; 305 | } 306 | p:nth-child(even) { 307 | border-left: 3px solid; 308 | padding-right: 0; 309 | } 310 | p:nth-child(even):before { 311 | right: 100%; 312 | margin-right: -20px; 313 | } 314 | p:first-child { 315 | border-top: 0; 316 | border-top-right-radius: 0; 317 | border-top-left-radius: 0; 318 | } 319 | p:last-child { 320 | border-bottom-right-radius: 0; 321 | border-bottom-left-radius: 0; 322 | } 323 | 324 | 325 | .box { 326 | background: linear-gradient(to right, gold, darkorange); 327 | color: white; 328 | --width: 100px; 329 | --height: calc(var(--width) / 3); 330 | width: var(--width); 331 | height: var(--height); 332 | text-align: center; 333 | line-height: var(--height); 334 | font-size: calc(var(--height) / 2.5); 335 | font-family: sans-serif; 336 | letter-spacing: 0.2em; 337 | border: 1px solid darkgoldenrod; 338 | border-radius: 2em; 339 | transform: perspective(500px) rotateY(-15deg); 340 | text-shadow: 6px 3px 2px rgba(0, 0, 0, 0.2); 341 | box-shadow: 2px 0 0 5px rgba(0, 0, 0, 0.2); 342 | transition: 0.5s; 343 | position: relative; 344 | overflow: hidden; 345 | } 346 | 347 | .box:hover { 348 | transform: perspective(500px) rotateY(15deg); 349 | text-shadow: -6px 3px 2px rgba(0, 0, 0, 0.2); 350 | box-shadow: -2px 0 0 5px rgba(0, 0, 0, 0.2); 351 | } 352 | 353 | .box::before { 354 | content: ''; 355 | position: absolute; 356 | width: 100%; 357 | height: 100%; 358 | background: linear-gradient(to right, transparent, white, transparent); 359 | left: -100%; 360 | transition: 0.5s; 361 | } 362 | 363 | .box:hover::before { 364 | left: 100%; 365 | } 366 | 367 | -------------------------------------------------------------------------------- /courses.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Courses 6 | 7 | 8 | 9 | 222 | 223 | 224 | 225 |
226 |
227 |
228 | 229 | 230 | 231 | 235 | 236 | 237 | 247 | 248 | 249 |
250 | 251 | 252 |
253 |
254 |
255 |

Courses

256 |
257 |
258 |
259 |
260 |
261 |

Course 1

262 |
263 |

C1

264 |
265 |
266 |
267 |

Course 2

268 |
269 |

C2

270 |
271 |
272 | 273 |
274 |

Course 3

275 |
276 |

C3

277 |
278 |
279 | 280 |
281 |

Course 4

282 |
283 |

C4

284 |
285 |

286 | 287 |
288 |

Course 5

289 |
290 |

C5

291 |
292 |

293 |
294 |
295 | 296 |
297 |
298 |
299 | 300 | 301 | 302 | 303 | 304 | 305 | 306 | 307 | 308 | 309 | 310 | -------------------------------------------------------------------------------- /courses.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | 8 | 9 | Courses 10 | 11 | 12 | 13 | 226 | 227 | 228 | 229 |
230 |
231 |
232 | 233 | 234 | 235 | 239 | 240 | 241 | 251 | 252 | 253 |
254 | 255 | 256 |
257 |
258 |
259 |

Courses

260 |
261 |
262 |
263 |
264 |
265 |

Course 1

266 |
267 |

C1

268 |
269 |
270 |
271 |

Course 2

272 |
273 |

C2

274 |
275 |
276 | 277 |
278 |

Course 3

279 |
280 |

C3

281 |
282 |
283 | 284 |
285 |

Course 4

286 |
287 |

C4

288 |
289 |

290 | 291 |
292 |

Course 5

293 |
294 |

C5

295 |
296 |

297 |
298 |
299 | 300 |
301 |
302 |
303 | 304 | 305 | 306 | 307 | 308 | 309 | 310 | 311 | 312 | 313 | 314 | -------------------------------------------------------------------------------- /courses_welcome.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/praneshn99/web_security_testing/d0a222040c3dbb5b79f059186a06b468c9d51c9b/courses_welcome.png -------------------------------------------------------------------------------- /dashboard.js: -------------------------------------------------------------------------------- 1 | // Some code thanks to @chrisgannon 2 | 3 | var select = function(s) { 4 | return document.querySelector(s); 5 | } 6 | 7 | function randomBetween(min,max) 8 | { 9 | var number = Math.floor(Math.random()*(max-min+1)+min); 10 | 11 | if ( number !== 0 ){ 12 | return number; 13 | }else { 14 | return 0.5; 15 | } 16 | } 17 | 18 | var tl = new TimelineMax(); 19 | 20 | for(var i = 0; i < 20; i++){ 21 | 22 | var t = TweenMax.to(select('.bubble' + i), randomBetween(1, 1.5), { 23 | x: randomBetween(12, 15) * (randomBetween(-1, 1)), 24 | y: randomBetween(12, 15) * (randomBetween(-1, 1)), 25 | repeat:-1, 26 | repeatDelay:randomBetween(0.2, 0.5), 27 | yoyo:true, 28 | ease:Elastic.easeOut.config(1, 0.5) 29 | }) 30 | 31 | tl.add(t, (i+1)/0.6) 32 | } 33 | 34 | tl.seek(50); -------------------------------------------------------------------------------- /dashboard.php: -------------------------------------------------------------------------------- 1 | query("SELECT * FROM images where username = '$login_session' ORDER BY uploaded_on DESC limit 1"); 4 | 5 | if($query->num_rows > 0){ 6 | while($row = $query->fetch_assoc()){ 7 | $imageURL = 'upload/'.$row["file_name"]; 8 | } 9 | } 10 | elseif($query->num_rows === 0){ 11 | $imageURL = "icon.png"; 12 | } 13 | ?> 14 | 15 | 16 | 17 | Dashboard 18 | 19 | 20 | 21 | 22 | 222 | 223 | 227 | 228 | 229 | 239 | 240 | 251 | 252 |
253 | 254 |
255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | 263 | 264 | -------------------------------------------------------------------------------- /default.css: -------------------------------------------------------------------------------- 1 | 2 | html, body 3 | { 4 | height: 100%; 5 | } 6 | 7 | body 8 | { 9 | margin-top: 50px; 10 | padding: 0px; 11 | background: #AC0045 url(images/img01.jpg) repeat; 12 | font-family: 'Open Sans', sans-serif; 13 | font-size: 10pt; 14 | color: #737373; 15 | } 16 | 17 | h1, h2, h3 18 | { 19 | margin: 0; 20 | padding: 0; 21 | font-family: 'Englebert', sans-serif; 22 | color: #74C5F2; 23 | } 24 | 25 | h2 26 | { 27 | font-weight: 400; 28 | font-size: 2.00em; 29 | color: #8B2287; 30 | } 31 | 32 | p, ol, ul 33 | { 34 | margin-top: 0px; 35 | } 36 | 37 | p 38 | { 39 | line-height: 180%; 40 | } 41 | 42 | strong 43 | { 44 | } 45 | 46 | a 47 | { 48 | color: #8C2287; 49 | } 50 | 51 | a:hover 52 | { 53 | text-decoration: none; 54 | } 55 | 56 | a img 57 | { 58 | border: none; 59 | } 60 | 61 | img.border 62 | { 63 | } 64 | 65 | img.alignleft 66 | { 67 | float: left; 68 | } 69 | 70 | img.alignright 71 | { 72 | float: right; 73 | } 74 | 75 | img.aligncenter 76 | { 77 | margin: 0px auto; 78 | } 79 | 80 | hr 81 | { 82 | display: none; 83 | } 84 | 85 | /** WRAPPER */ 86 | 87 | #wrapper 88 | { 89 | overflow: hidden; 90 | background: #FFFFFF; 91 | box-shadow: 0px 0px 20px 5px rgba(0,0,0,.10); 92 | border-radius: 40px; 93 | } 94 | 95 | .container 96 | { 97 | width: 1000px; 98 | margin: 0px auto; 99 | } 100 | 101 | .clearfix 102 | { 103 | clear: both; 104 | } 105 | 106 | /** HEADER */ 107 | 108 | #header 109 | { 110 | overflow: hidden; 111 | width: 920px; 112 | padding: 0px 40px; 113 | } 114 | 115 | /** LOGO */ 116 | 117 | #logo 118 | { 119 | float: left; 120 | width: 200px; 121 | height: 100px; 122 | } 123 | 124 | #logo h1, #logo p 125 | { 126 | } 127 | 128 | #logo h1 a 129 | { 130 | line-height: 100px; 131 | text-decoration: none; 132 | font-size: 2em; 133 | font-weight: 400; 134 | color: #FFFFFF; 135 | } 136 | 137 | /** MENU */ 138 | 139 | #menu 140 | { 141 | float: right; 142 | width: 650px; 143 | height: 80px; 144 | margin-top: 20px; 145 | background: #8C2287; 146 | box-shadow: 0px 0px 10px 1px rgba(0,0,0,.10); 147 | border-radius: 20px 20px 0px 0px; 148 | } 149 | 150 | #menu ul 151 | { 152 | margin: 0px; 153 | padding: 0px; 154 | list-style: none; 155 | line-height: normal; 156 | text-align: center; 157 | } 158 | 159 | #menu li 160 | { 161 | display: inline-block; 162 | padding: 0px 20px; 163 | } 164 | 165 | #menu a 166 | { 167 | display: block; 168 | line-height: 80px; 169 | text-decoration: none; 170 | font-family: 'Englebert', sans-serif; 171 | font-size: 1.50em; 172 | color: #FFFFFF; 173 | } 174 | 175 | #menu a:hover 176 | { 177 | text-decoration: underline; 178 | } 179 | 180 | /** PAGE */ 181 | 182 | #page 183 | { 184 | overflow: hidden; 185 | padding: 50px 40px; 186 | } 187 | 188 | #page h2 189 | { 190 | padding-bottom: 20px; 191 | } 192 | 193 | /** CONTENT */ 194 | 195 | #content 196 | { 197 | float: left; 198 | width: 600px; 199 | } 200 | 201 | /** SIDEBAR */ 202 | 203 | #sidebar 204 | { 205 | float: right; 206 | width: 280px; 207 | } 208 | 209 | #sidebar #sbox1 210 | { 211 | margin-bottom: 30px; 212 | } 213 | 214 | /* Footer */ 215 | 216 | #footer 217 | { 218 | overflow: hidden; 219 | padding: 30px 0px; 220 | color: #C54F7F; 221 | } 222 | 223 | #footer p 224 | { 225 | text-align: center; 226 | } 227 | 228 | #footer a 229 | { 230 | color: #CE6790; 231 | } 232 | 233 | .image-style img 234 | { 235 | margin-bottom: 2em; 236 | border-radius: 30px; 237 | } 238 | 239 | /** LIST STYLE 1 */ 240 | 241 | .list-style1 242 | { 243 | margin: 0px; 244 | padding: 0px; 245 | list-style: none; 246 | font-family: 'Open Sans', sans-serif; 247 | color: #777777; 248 | } 249 | 250 | .list-style1 li 251 | { 252 | padding: 10px 0px 10px 0px; 253 | border-top: 1px solid #D6D6D6; 254 | } 255 | 256 | .list-style1 a 257 | { 258 | color: #777777; 259 | } 260 | 261 | .list-style1 h3 262 | { 263 | padding: 10px 0px 5px 0px; 264 | font-weight: 500; 265 | color: #444444; 266 | } 267 | 268 | .list-style1 .posted 269 | { 270 | padding: 0px 0px 0px 0px; 271 | } 272 | 273 | .list-style1 .first 274 | { 275 | border-top: 0px; 276 | padding-top: 0px; 277 | } 278 | 279 | /** LIST STYLE 2 */ 280 | 281 | .list-style2 282 | { 283 | margin: 0px; 284 | padding: 0px; 285 | list-style: none; 286 | } 287 | 288 | .list-style2 li 289 | { 290 | padding: 10px 0px 20px 0px; 291 | border-top: 1px solid #C9C9C9; 292 | } 293 | 294 | .list-style2 a 295 | { 296 | color: #777777; 297 | } 298 | 299 | .list-style2 .first 300 | { 301 | padding-top: 0px; 302 | border-top: 0px; 303 | } 304 | 305 | .link-style1 306 | { 307 | display: inline-block; 308 | margin-top: 20px; 309 | background: #8C2287; 310 | border-radius: 10px; 311 | padding: 10px 30px; 312 | text-decoration: none; 313 | font-family: 'Englebert', sans-serif; 314 | font-size: 1.50em; 315 | color: #FFFFFF; 316 | } 317 | -------------------------------------------------------------------------------- /display.php: -------------------------------------------------------------------------------- 1 | query("SELECT * FROM images ORDER BY uploaded_on DESC limit 1"); 7 | 8 | if($query->num_rows > 0){ 9 | while($row = $query->fetch_assoc()){ 10 | $imageURL = 'upload/'.$row["file_name"]; 11 | } 12 | } 13 | ?> -------------------------------------------------------------------------------- /dummy.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Register 5 | 6 | 7 | 8 | 38 | 39 | 40 |
41 | 42 | 43 | 47 | 48 | 49 | 60 |

Registration Form

61 | 62 |
63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 |
Full Name
Date Of Birth
Gender
Address
Contact Details
Email
Username
Password
Captcha
105 |
106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | -------------------------------------------------------------------------------- /faculty.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Faculty 5 | 6 | 7 | 8 | 278 | 279 | 280 | 281 | 282 | 286 | 287 | 288 | 299 | 300 | 301 |
302 | 303 | 304 |
305 |
306 |
307 |
308 | F 309 | A 310 | C 311 | U 312 | T 313 | Y 314 |
315 |
316 |
317 |
318 |
319 |
    320 |
  • For Course 1 and Course 2
    • 321 |
322 |
323 |
324 |

Faculty 1

325 |

Vast experience inthe field of education with high honors. One of the best in the country with great knowledge.

326 |

327 | Read More 328 |

329 |
330 |
331 |
332 |
333 |
334 |
    335 |
  • For Course 3
    • 336 |
337 |
338 |
339 |

Faculty 2

340 |

Vast experience inthe field of education with high honors. One of the best in the country with great knowledge.

341 |

342 | Read More 343 |

344 |
345 |
346 |
347 |
348 |
349 |
    350 |
  • For Course 4 and Course 5
    • 351 |
352 |
353 |
354 |

Faculty 3

355 |

Vast experience inthe field of education with high honors. One of the best in the country with great knowledge.

356 |

357 | Read More 358 |

359 |
360 |
361 |
362 |
363 |
364 |
367 |
368 | 369 | 370 | 371 | 372 | 373 | 374 | 375 | 376 | 377 | 378 | 379 | 380 | -------------------------------------------------------------------------------- /faculty.js: -------------------------------------------------------------------------------- 1 | function randBetween(min,max) { 2 | return Math.floor(Math.random()*(max-min+1)+min); 3 | } 4 | 5 | $('.skeleton .card').each(function() { 6 | var text = ''; 7 | var title = ''; 8 | var numHigh = randBetween(3,4); 9 | var numLow = randBetween(1,2); 10 | var container = $(this).find('.card__text'); 11 | 12 | for( var i = 0; i < numLow; i++ ) { 13 | container.append(title); 14 | } 15 | 16 | container.find('.card__title:last-child').css('width', ((numHigh + 2) * 10) + '%'); 17 | 18 | for( var i = 0; i < numHigh; i++ ) { 19 | container.append(text); 20 | } 21 | 22 | container.find('.card__desc:last-child').css('width', (numHigh * 10) + '%'); 23 | }) -------------------------------------------------------------------------------- /faculty.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | Faculty 8 | 9 | 10 | 11 | 282 | 283 | 284 | 285 | 286 | 290 | 291 | 292 | 303 | 304 | 305 |
306 | 307 | 308 |
309 |
310 |
311 |
312 | F 313 | A 314 | C 315 | U 316 | T 317 | Y 318 |
319 |
320 |
321 |
322 |
323 |
    324 |
  • For Course 1 and Course 2
    • 325 |
326 |
327 |
328 |

Faculty 1

329 |

Vast experience inthe field of education with high honors. One of the best in the country with great knowledge.

330 |

331 | Read More 332 |

333 |
334 |
335 |
336 |
337 |
338 |
    339 |
  • For Course 3
    • 340 |
341 |
342 |
343 |

Faculty 2

344 |

Vast experience inthe field of education with high honors. One of the best in the country with great knowledge.

345 | 346 |

347 | Read More 348 |

349 |
350 |
351 |
352 |
353 |
354 |
    355 |
  • For Course 4 and Course 5
    • 356 |
357 |
358 |
359 |

Faculty 3

360 |

Vast experience inthe field of education with high honors. One of the best in the country with great knowledge.

361 | Read More 362 |

363 |
364 |
365 |
366 |
367 | 368 | 369 | 370 | 371 | 372 | 373 | 374 | 375 | 376 | 377 | 378 | 379 | 380 | 381 | 382 | -------------------------------------------------------------------------------- /faculty1.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Faculty 1 5 | 6 | 7 | 14 | 15 | 16 | 28 |
29 |
30 |
31 |

32 |

Overview

33 |

With wide knowledge of subject and extreme teaching experience, he is one of the best tutors in the country. With his humrous attitute, he will surely make you fall in love with the subject.

34 | 35 |
36 | 65 |
66 |
67 | 68 | 69 | -------------------------------------------------------------------------------- /faculty1.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | Faculty 1 8 | 9 | 10 | 17 | 18 | 19 | 31 |
32 |
33 |
34 |

35 |

Overview

36 |

With wide knowledge of subject and extreme teaching experience, he is one of the best tutors in the country. With his humrous attitute, he will surely make you fall in love with the subject.

37 |

Write a review


38 | 39 |
40 | 70 |
71 |
72 | 73 | 74 | -------------------------------------------------------------------------------- /faculty2.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Faculty 2 5 | 6 | 7 | 13 | 14 | 15 | 27 |
28 |
29 |


30 |

Overview

31 |

With wide knowledge of subject and extreme teaching experience, he is one of the best tutors in the country. With his humrous attitute, he will surely make you fall in love with the subject.

32 | 60 |
61 |
62 | 63 | 64 | -------------------------------------------------------------------------------- /faculty2.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | 8 | Faculty 2 9 | 10 | 11 | 17 | 18 | 19 | 31 |
32 |
33 |


34 |

Overview

35 |

With wide knowledge of subject and extreme teaching experience, he is one of the best tutors in the country. With his humrous attitute, he will surely make you fall in love with the subject.

36 |

Write a review


37 | 38 |
39 | 67 |
68 |
69 | 70 | 71 | -------------------------------------------------------------------------------- /faculty3.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Faculty 3 5 | 6 | 7 | 13 | 14 | 15 | 27 |
28 |
29 |
30 |

31 |

Overview

32 |

With wide knowledge of subject and extreme teaching experience, he is one of the best tutors in the country. With his humrous attitute, he will surely make you fall in love with the subject.

33 | 61 |
62 |
63 | 64 | 65 | -------------------------------------------------------------------------------- /faculty3.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | Faculty 3 8 | 9 | 10 | 16 | 17 | 18 | 30 |
31 |
32 |
33 |

34 |

Overview

35 |

With wide knowledge of subject and extreme teaching experience, he is one of the best tutors in the country. With his humrous attitute, he will surely make you fall in love with the subject.

36 |

Write a review


37 | 38 |
39 | 67 |
68 |
69 | 70 | 71 | -------------------------------------------------------------------------------- /faculty_welcome.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/praneshn99/web_security_testing/d0a222040c3dbb5b79f059186a06b468c9d51c9b/faculty_welcome.png -------------------------------------------------------------------------------- /fetch_comment_c1.php: -------------------------------------------------------------------------------- 1 | prepare($query); 14 | 15 | $statement->execute(); 16 | 17 | $result = $statement->fetchAll(); 18 | $output = ''; 19 | foreach($result as $row) 20 | { 21 | $output .= ' 22 |
23 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
24 |
'.$row["comment"].'
25 |
26 |
27 | '; 28 | $output .= get_reply_comment($connect, $row["comment_id"]); 29 | } 30 | 31 | echo $output; 32 | 33 | function get_reply_comment($connect, $parent_id = 0, $marginleft = 0) 34 | { 35 | $query = " 36 | SELECT * FROM course_1 WHERE parent_comment_id = '".$parent_id."' 37 | "; 38 | $output = ''; 39 | $statement = $connect->prepare($query); 40 | $statement->execute(); 41 | $result = $statement->fetchAll(); 42 | $count = $statement->rowCount(); 43 | if($parent_id == 0) 44 | { 45 | $marginleft = 0; 46 | } 47 | else 48 | { 49 | $marginleft = $marginleft + 48; 50 | } 51 | if($count > 0) 52 | { 53 | foreach($result as $row) 54 | { 55 | $output .= ' 56 |
57 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
58 |
'.$row["comment"].'
59 |
60 |
61 | '; 62 | $output .= get_reply_comment($connect, $row["comment_id"], $marginleft); 63 | } 64 | } 65 | return $output; 66 | } 67 | 68 | ?> 69 | -------------------------------------------------------------------------------- /fetch_comment_c2.php: -------------------------------------------------------------------------------- 1 | prepare($query); 14 | 15 | $statement->execute(); 16 | 17 | $result = $statement->fetchAll(); 18 | $output = ''; 19 | foreach($result as $row) 20 | { 21 | $output .= ' 22 |
23 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
24 |
'.$row["comment"].'
25 |
26 |
27 | '; 28 | $output .= get_reply_comment($connect, $row["comment_id"]); 29 | } 30 | 31 | echo $output; 32 | 33 | function get_reply_comment($connect, $parent_id = 0, $marginleft = 0) 34 | { 35 | $query = " 36 | SELECT * FROM course_2 WHERE parent_comment_id = '".$parent_id."' 37 | "; 38 | $output = ''; 39 | $statement = $connect->prepare($query); 40 | $statement->execute(); 41 | $result = $statement->fetchAll(); 42 | $count = $statement->rowCount(); 43 | if($parent_id == 0) 44 | { 45 | $marginleft = 0; 46 | } 47 | else 48 | { 49 | $marginleft = $marginleft + 48; 50 | } 51 | if($count > 0) 52 | { 53 | foreach($result as $row) 54 | { 55 | $output .= ' 56 |
57 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
58 |
'.$row["comment"].'
59 |
60 |
61 | '; 62 | $output .= get_reply_comment($connect, $row["comment_id"], $marginleft); 63 | } 64 | } 65 | return $output; 66 | } 67 | 68 | ?> 69 | -------------------------------------------------------------------------------- /fetch_comment_c3.php: -------------------------------------------------------------------------------- 1 | prepare($query); 14 | 15 | $statement->execute(); 16 | 17 | $result = $statement->fetchAll(); 18 | $output = ''; 19 | foreach($result as $row) 20 | { 21 | $output .= ' 22 |
23 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
24 |
'.$row["comment"].'
25 |
26 |
27 | '; 28 | $output .= get_reply_comment($connect, $row["comment_id"]); 29 | } 30 | 31 | echo $output; 32 | 33 | function get_reply_comment($connect, $parent_id = 0, $marginleft = 0) 34 | { 35 | $query = " 36 | SELECT * FROM course_3 WHERE parent_comment_id = '".$parent_id."' 37 | "; 38 | $output = ''; 39 | $statement = $connect->prepare($query); 40 | $statement->execute(); 41 | $result = $statement->fetchAll(); 42 | $count = $statement->rowCount(); 43 | if($parent_id == 0) 44 | { 45 | $marginleft = 0; 46 | } 47 | else 48 | { 49 | $marginleft = $marginleft + 48; 50 | } 51 | if($count > 0) 52 | { 53 | foreach($result as $row) 54 | { 55 | $output .= ' 56 |
57 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
58 |
'.$row["comment"].'
59 |
60 |
61 | '; 62 | $output .= get_reply_comment($connect, $row["comment_id"], $marginleft); 63 | } 64 | } 65 | return $output; 66 | } 67 | 68 | ?> 69 | -------------------------------------------------------------------------------- /fetch_comment_c4.php: -------------------------------------------------------------------------------- 1 | prepare($query); 14 | 15 | $statement->execute(); 16 | 17 | $result = $statement->fetchAll(); 18 | $output = ''; 19 | foreach($result as $row) 20 | { 21 | $output .= ' 22 |
23 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
24 |
'.$row["comment"].'
25 |
26 |
27 | '; 28 | $output .= get_reply_comment($connect, $row["comment_id"]); 29 | } 30 | 31 | echo $output; 32 | 33 | function get_reply_comment($connect, $parent_id = 0, $marginleft = 0) 34 | { 35 | $query = " 36 | SELECT * FROM course_4 WHERE parent_comment_id = '".$parent_id."' 37 | "; 38 | $output = ''; 39 | $statement = $connect->prepare($query); 40 | $statement->execute(); 41 | $result = $statement->fetchAll(); 42 | $count = $statement->rowCount(); 43 | if($parent_id == 0) 44 | { 45 | $marginleft = 0; 46 | } 47 | else 48 | { 49 | $marginleft = $marginleft + 48; 50 | } 51 | if($count > 0) 52 | { 53 | foreach($result as $row) 54 | { 55 | $output .= ' 56 |
57 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
58 |
'.$row["comment"].'
59 |
60 |
61 | '; 62 | $output .= get_reply_comment($connect, $row["comment_id"], $marginleft); 63 | } 64 | } 65 | return $output; 66 | } 67 | 68 | ?> 69 | -------------------------------------------------------------------------------- /fetch_comment_c5.php: -------------------------------------------------------------------------------- 1 | prepare($query); 14 | 15 | $statement->execute(); 16 | 17 | $result = $statement->fetchAll(); 18 | $output = ''; 19 | foreach($result as $row) 20 | { 21 | $output .= ' 22 |
23 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
24 |
'.$row["comment"].'
25 |
26 |
27 | '; 28 | $output .= get_reply_comment($connect, $row["comment_id"]); 29 | } 30 | 31 | echo $output; 32 | 33 | function get_reply_comment($connect, $parent_id = 0, $marginleft = 0) 34 | { 35 | $query = " 36 | SELECT * FROM course_5 WHERE parent_comment_id = '".$parent_id."' 37 | "; 38 | $output = ''; 39 | $statement = $connect->prepare($query); 40 | $statement->execute(); 41 | $result = $statement->fetchAll(); 42 | $count = $statement->rowCount(); 43 | if($parent_id == 0) 44 | { 45 | $marginleft = 0; 46 | } 47 | else 48 | { 49 | $marginleft = $marginleft + 48; 50 | } 51 | if($count > 0) 52 | { 53 | foreach($result as $row) 54 | { 55 | $output .= ' 56 |
57 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
58 |
'.$row["comment"].'
59 |
60 |
61 | '; 62 | $output .= get_reply_comment($connect, $row["comment_id"], $marginleft); 63 | } 64 | } 65 | return $output; 66 | } 67 | 68 | ?> 69 | -------------------------------------------------------------------------------- /fetch_comment_f1.php: -------------------------------------------------------------------------------- 1 | prepare($query); 14 | 15 | $statement->execute(); 16 | 17 | $result = $statement->fetchAll(); 18 | $output = ''; 19 | foreach($result as $row) 20 | { 21 | $output .= ' 22 |
23 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
24 |
'.$row["comment"].'
25 |
26 |
27 | '; 28 | $output .= get_reply_comment($connect, $row["comment_id"]); 29 | } 30 | 31 | echo $output; 32 | 33 | function get_reply_comment($connect, $parent_id = 0, $marginleft = 0) 34 | { 35 | $query = " 36 | SELECT * FROM faculty_1 WHERE parent_comment_id = '".$parent_id."' 37 | "; 38 | $output = ''; 39 | $statement = $connect->prepare($query); 40 | $statement->execute(); 41 | $result = $statement->fetchAll(); 42 | $count = $statement->rowCount(); 43 | if($parent_id == 0) 44 | { 45 | $marginleft = 0; 46 | } 47 | else 48 | { 49 | $marginleft = $marginleft + 48; 50 | } 51 | if($count > 0) 52 | { 53 | foreach($result as $row) 54 | { 55 | $output .= ' 56 |
57 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
58 |
'.$row["comment"].'
59 |
60 |
61 | '; 62 | $output .= get_reply_comment($connect, $row["comment_id"], $marginleft); 63 | } 64 | } 65 | return $output; 66 | } 67 | 68 | ?> 69 | -------------------------------------------------------------------------------- /fetch_comment_f2.php: -------------------------------------------------------------------------------- 1 | prepare($query); 14 | 15 | $statement->execute(); 16 | 17 | $result = $statement->fetchAll(); 18 | $output = ''; 19 | foreach($result as $row) 20 | { 21 | $output .= ' 22 |
23 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
24 |
'.$row["comment"].'
25 |
26 |
27 | '; 28 | $output .= get_reply_comment($connect, $row["comment_id"]); 29 | } 30 | 31 | echo $output; 32 | 33 | function get_reply_comment($connect, $parent_id = 0, $marginleft = 0) 34 | { 35 | $query = " 36 | SELECT * FROM faculty_2 WHERE parent_comment_id = '".$parent_id."' 37 | "; 38 | $output = ''; 39 | $statement = $connect->prepare($query); 40 | $statement->execute(); 41 | $result = $statement->fetchAll(); 42 | $count = $statement->rowCount(); 43 | if($parent_id == 0) 44 | { 45 | $marginleft = 0; 46 | } 47 | else 48 | { 49 | $marginleft = $marginleft + 48; 50 | } 51 | if($count > 0) 52 | { 53 | foreach($result as $row) 54 | { 55 | $output .= ' 56 |
57 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
58 |
'.$row["comment"].'
59 |
60 |
61 | '; 62 | $output .= get_reply_comment($connect, $row["comment_id"], $marginleft); 63 | } 64 | } 65 | return $output; 66 | } 67 | 68 | ?> 69 | -------------------------------------------------------------------------------- /fetch_comment_f3.php: -------------------------------------------------------------------------------- 1 | prepare($query); 14 | 15 | $statement->execute(); 16 | 17 | $result = $statement->fetchAll(); 18 | $output = ''; 19 | foreach($result as $row) 20 | { 21 | $output .= ' 22 |
23 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
24 |
'.$row["comment"].'
25 |
26 |
27 | '; 28 | $output .= get_reply_comment($connect, $row["comment_id"]); 29 | } 30 | 31 | echo $output; 32 | 33 | function get_reply_comment($connect, $parent_id = 0, $marginleft = 0) 34 | { 35 | $query = " 36 | SELECT * FROM faculty_3 WHERE parent_comment_id = '".$parent_id."' 37 | "; 38 | $output = ''; 39 | $statement = $connect->prepare($query); 40 | $statement->execute(); 41 | $result = $statement->fetchAll(); 42 | $count = $statement->rowCount(); 43 | if($parent_id == 0) 44 | { 45 | $marginleft = 0; 46 | } 47 | else 48 | { 49 | $marginleft = $marginleft + 48; 50 | } 51 | if($count > 0) 52 | { 53 | foreach($result as $row) 54 | { 55 | $output .= ' 56 |
57 |
By '.$row["comment_sender_name"].' on '.$row["date"].'
58 |
'.$row["comment"].'
59 |
60 |
61 | '; 62 | $output .= get_reply_comment($connect, $row["comment_id"], $marginleft); 63 | } 64 | } 65 | return $output; 66 | } 67 | 68 | ?> 69 | -------------------------------------------------------------------------------- /hacking.sql: -------------------------------------------------------------------------------- 1 | -- phpMyAdmin SQL Dump 2 | -- version 4.8.4 3 | -- https://www.phpmyadmin.net/ 4 | -- 5 | -- Host: 127.0.0.1 6 | -- Generation Time: Aug 30, 2019 at 07:23 PM 7 | -- Server version: 10.1.37-MariaDB 8 | -- PHP Version: 5.6.39 9 | 10 | SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; 11 | SET AUTOCOMMIT = 0; 12 | START TRANSACTION; 13 | SET time_zone = "+00:00"; 14 | 15 | 16 | /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; 17 | /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; 18 | /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; 19 | /*!40101 SET NAMES utf8mb4 */; 20 | 21 | -- 22 | -- Database: `hacking` 23 | -- 24 | 25 | -- -------------------------------------------------------- 26 | 27 | -- 28 | -- Table structure for table `clickjacking` 29 | -- 30 | 31 | CREATE TABLE `clickjacking` ( 32 | `name` char(50) NOT NULL, 33 | `id` int(100) NOT NULL, 34 | `dob` date NOT NULL, 35 | `gender` char(10) NOT NULL, 36 | `address` varchar(300) NOT NULL, 37 | `contact` int(15) NOT NULL, 38 | `email` varchar(50) NOT NULL, 39 | `username` varchar(25) NOT NULL, 40 | `password` varchar(25) NOT NULL 41 | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; 42 | 43 | -- 44 | -- Indexes for dumped tables 45 | -- 46 | 47 | -- 48 | -- Indexes for table `clickjacking` 49 | -- 50 | ALTER TABLE `clickjacking` 51 | ADD PRIMARY KEY (`email`), 52 | ADD UNIQUE KEY `username` (`username`), 53 | ADD UNIQUE KEY `contact` (`contact`), 54 | ADD KEY `id` (`id`); 55 | 56 | -- 57 | -- AUTO_INCREMENT for dumped tables 58 | -- 59 | 60 | -- 61 | -- AUTO_INCREMENT for table `clickjacking` 62 | -- 63 | ALTER TABLE `clickjacking` 64 | MODIFY `id` int(100) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=4; 65 | COMMIT; 66 | 67 | /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; 68 | /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; 69 | /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; 70 | -------------------------------------------------------------------------------- /icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/praneshn99/web_security_testing/d0a222040c3dbb5b79f059186a06b468c9d51c9b/icon.png -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | Upload 7 | 8 | 9 |
10 | Select Image File to Upload: 11 | 12 | 13 |
14 | 15 | -------------------------------------------------------------------------------- /lock.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /login.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Login 5 | 6 | 7 | 8 | 9 | 106 | 107 | 108 | 109 | 110 |

114 |
115 | L 116 | O 117 | G 118 | I 119 | N 120 |
121 |
122 |
123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 |
Username
Password
137 |
138 | 139 | 150 | 151 |
152 |
153 |
154 |
155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | -------------------------------------------------------------------------------- /login.php: -------------------------------------------------------------------------------- 1 | Go back and retry!"; 21 | } 22 | } 23 | //The below code is secured from sql injection as it counts and tags its entries, overcoming the boolean disadvantage 24 | /* 25 | 26 | $sql = "SELECT * from register where username = '$user'" ; 27 | $result=mysqli_query($db,$sql); 28 | $row=mysqli_fetch_array($result,MYSQLI_ASSOC); 29 | $active=$row['active']; 30 | if(!$active){ 31 | echo "Invalid Entry"; 32 | } 33 | 34 | $count=mysqli_num_rows($result); 35 | 36 | if(($count === 1)){ 37 | header("Location:website.php"); 38 | $_SESSION['login_user'] = $user; 39 | } 40 | else{ 41 | echo "Go back and retry!"; 42 | } 43 | } 44 | */ 45 | ?> -------------------------------------------------------------------------------- /login_content_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/praneshn99/web_security_testing/d0a222040c3dbb5b79f059186a06b468c9d51c9b/login_content_1.png -------------------------------------------------------------------------------- /logout.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /pass_chg.php: -------------------------------------------------------------------------------- 1 | 6 | 7 | 8 | Password Change 9 | 10 | 11 |

Change Password


12 |
13 | Enter New Password:

14 | Confirm Password:

15 | 16 |
17 | 18 | 19 | connect_error){ 22 | echo "Connection Error: ".$link->connect_error; 23 | } 24 | if(isset($_GET['submit'])){ 25 | $newp = $_GET['new_password']; 26 | $confirmp = $_GET['confirm_password']; 27 | if($newp === $confirmp){ 28 | $change = $link->query("UPDATE register set password='hacked' where username='$login_session'"); 29 | if($change){ 30 | echo ""; 31 | echo "Click Here to go to dashboard"; 32 | 33 | } 34 | 35 | } 36 | else{ 37 | echo ""; 38 | echo "Click Here to Retry!"; 39 | 40 | 41 | } 42 | 43 | } 44 | ?> -------------------------------------------------------------------------------- /payment.php: -------------------------------------------------------------------------------- 1 | connect_error){ 8 | echo "Connection Error:" .$connection->connect_error."
Go Back and retry!"; 9 | } 10 | ?> 11 | 12 | 13 | Wait... 14 | 16 | 17 | 18 |
19 |

Payment Confirmation

20 |
21 | Amount to be paid:
22 | /> 23 | 24 | 25 | 26 |
27 |

OR


28 | Cancel Order 29 | 30 | 31 | query($get); 38 | 39 | if ($result->num_rows > 0) { 40 | // output data of each row 41 | while($row = $result->fetch_assoc()) { 42 | $id = $row['order_id']; 43 | } } 44 | else { 45 | echo "0 results"; 46 | } 47 | $sql = "INSERT into payment(order_id,total_amount,customer) values ('$id','$actual_amt','$login_session')"; 48 | 49 | if($connection->query($sql)=== TRUE){ 50 | header("Location:thank.php"); 51 | } 52 | else{ 53 | echo "ERROR!Click here to go back and retry!"; 54 | } 55 | } 56 | 57 | ?> -------------------------------------------------------------------------------- /personal.php: -------------------------------------------------------------------------------- 1 | query("SELECT * FROM register where username = '$login_session'"); 4 | 5 | if($query->num_rows > 0){ 6 | while($row = $query->fetch_assoc()){ 7 | $name = $row['name']; 8 | $birth = $row['dob']; 9 | $gender = $row['gender']; 10 | $home = $row['address']; 11 | $contact = $row['contact']; 12 | $mail = $row['email']; 13 | $password = $row['password']; 14 | } 15 | } 16 | ?> 17 | 18 | 19 | 129 | 130 | 131 |
132 |

Personal Information

133 | 134 |
    135 |
  • 136 |

    137 |
    • 138 |
  • 139 |

    140 |
    • 141 |
  • 142 |

    143 | 144 |
    • 145 |
  • 146 |

    147 |
    • 148 |
  • 149 |

    150 |
    • 151 |
  • 152 |

    153 |
    • 154 |
155 |
156 | 157 | -------------------------------------------------------------------------------- /register_welcome.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/praneshn99/web_security_testing/d0a222040c3dbb5b79f059186a06b468c9d51c9b/register_welcome.png -------------------------------------------------------------------------------- /style.css: -------------------------------------------------------------------------------- 1 | body { 2 | font-family: Arial; 3 | font-size: 14px; 4 | } 5 | .bgColor { 6 | max-width: 440px; 7 | height:150px; 8 | background-color: #fff4be; 9 | border-radius: 4px; 10 | } 11 | .bgColor label{ 12 | font-weight: bold; 13 | color: #A0A0A0; 14 | } 15 | #targetLayer{ 16 | float:left; 17 | width:150px; 18 | height:150px; 19 | text-align:center; 20 | line-height:150px; 21 | font-weight: bold; 22 | color: #C0C0C0; 23 | background-color: #F0E8E0; 24 | border-bottom-left-radius: 4px; 25 | border-top-left-radius: 4px; 26 | } 27 | #uploadFormLayer{ 28 | float:left; 29 | padding: 20px; 30 | } 31 | .btnSubmit { 32 | background-color: #696969; 33 | padding: 5px 30px; 34 | border: #696969 1px solid; 35 | border-radius: 4px; 36 | color: #FFFFFF; 37 | margin-top: 10px; 38 | } 39 | .inputFile { 40 | padding: 5px; 41 | background-color: #FFFFFF; 42 | border:#F0E8E0 1px solid; 43 | border-radius: 4px; 44 | } 45 | .image-preview { 46 | width:150px; 47 | height:150px; 48 | border-bottom-left-radius: 4px; 49 | border-top-left-radius: 4px; 50 | } 51 | -------------------------------------------------------------------------------- /thank.php: -------------------------------------------------------------------------------- 1 | 2 | 3 | Thank You! 4 | 107 | 108 | 109 |
110 |
111 | 114 | 122 | 123 |
124 |
125 | 128 | 132 | 133 |
134 |
135 |
136 |
137 |
138 | 141 | 149 | 150 |
151 |
152 | 155 | 159 | 160 |
161 |
162 | 163 |
164 | 167 | 168 | 169 | 170 | 171 |
172 | 173 | 174 | 177 | 178 | 179 | 180 | -------------------------------------------------------------------------------- /unauth.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 403 : Not Allowed! 4 | 71 | 72 | 73 |

403

74 |

> ERROR CODE: "HTTP 403 Forbidden"

75 |

> ERROR DESCRIPTION: "Access Denied. You Do Not Have The Permission To Access This Page On This Server"

76 | 77 |

> ERROR POSSIBLY CAUSED BY: [execute access forbidden, read access forbidden, write access forbidden, ssl required, ssl 128 required, ip address rejected, client certificate required, site access denied, too many users, invalid configuration, password change, mapper denied access, client certificate revoked, directory listing denied, client access licenses exceeded, client certificate is untrusted or invalid, client certificate has expired or is not yet valid, passport logon failed, source access denied, infinite depth is denied, too many requests from the same client ip...]

78 |

> TO REGAIN ACCESS GO BACK 79 |

80 | 81 | 82 | 83 | -------------------------------------------------------------------------------- /unauth.js: -------------------------------------------------------------------------------- 1 | var str = document.getElementsByTagName('div')[0].innerHTML.toString(); 2 | var i = 0; 3 | document.getElementsByTagName('div')[0].innerHTML = ""; 4 | 5 | setTimeout(function() { 6 | var se = setInterval(function() { 7 | i++; 8 | document.getElementsByTagName('div')[0].innerHTML = str.slice(0, i) + "|"; 9 | if (i == str.length) { 10 | clearInterval(se); 11 | document.getElementsByTagName('div')[0].innerHTML = str; 12 | } 13 | }, 10); 14 | },0); 15 | -------------------------------------------------------------------------------- /upload.php: -------------------------------------------------------------------------------- 1 | query("INSERT into images (file_name, uploaded_on,username) VALUES ('".$fileName."', NOW(),'$login_session')"); 20 | if($insert){ 21 | $statusMsg = "The file ".$fileName. " has been uploaded successfully.
Click Here to go back to Dashboard"; 22 | }else{ 23 | $statusMsg = "File upload failed, please try again
Click Here to go back to Dashboard."; 24 | } 25 | }else{ 26 | $statusMsg = "Sorry, there was an error uploading your file.
Click Here to go back to Dashboard"; 27 | } 28 | }else{ 29 | $statusMsg = 'Invalid file format.
Click Here to go back to Dashboard'; 30 | } 31 | }else{ 32 | $statusMsg = 'Please select a file to upload.
Click Here to go back to Dashboard'; 33 | } 34 | 35 | // Display status message 36 | echo $statusMsg; 37 | ?> -------------------------------------------------------------------------------- /website.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | KnowledgeHUB 5 | 6 | 7 | 8 | 13 | 14 | 15 | 16 | 17 | 21 | 22 | 23 | 34 | 35 | 36 | 45 | 46 | 47 |
48 | 49 | 50 |
51 |
52 | 53 |
54 |
55 |
56 | 57 |
58 |
59 |
60 |

Great Courses

61 |

We keep in mind that our students get variety in options regarding the content they want to see, because in today's fast paced world just one or two courses are not enough.

62 |

Students often get confused over what they really want to do. Well, here you can giveup on this tension and enjoy studying because here we provide our users with courses that are on top priority in today's market.

63 |
64 |
65 |
66 |
67 | 68 | 69 |
70 |
71 |
72 |
73 |

Excellent Faculty

74 |

We understand that every child is special and that the learning rate of each one of you is different. Thus, we bring you top class faculty from each field of intrest with excellent track record and high teaching experience.

75 | 76 |
77 |
78 |
79 | 80 |
81 |
82 |
83 |
84 |
85 | 86 | 87 |
88 |
89 |
90 |

Benifits

91 |
92 |
93 |
94 |
95 | 96 |
97 |

Courses

98 |

Excellent and updated content.

99 | Learn More 100 |
101 |
102 |
103 | 104 |
105 |

Faculty

106 |

Best in each field.

107 | Learn More 108 |
109 |
110 |
111 | 112 |
113 |

Study Material

114 |

One book that clears all doubts.

115 | Learn More 116 |
117 |
118 |
119 |
120 | 121 |
122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | -------------------------------------------------------------------------------- /website.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | 6 | 7 | KnowledgeHUB 8 | 9 | 10 | 11 | 16 | 17 | 18 | 19 | 20 | 24 | 25 | 26 | 37 | 38 | 39 | 48 | 49 | 50 |
51 | 52 | 53 |
54 |
55 | 56 |
57 |
58 |
59 | 60 |
61 |
62 |
63 |

Great Courses

64 |

We keep in mind that our students get variety in options regarding the content they want to see, because in today's fast paced world just one or two courses are not enough.

65 |

Students often get confused over what they really want to do. Well, here you can giveup on this tension and enjoy studying because here we provide our users with courses that are on top priority in today's market.

66 | 67 |
68 |
69 |
70 |
71 | 72 | 73 |
74 |
75 |
76 |
77 |

Excellent Faculty

78 |

We understand that every child is special and that the learning rate of each one of you is different. Thus, we bring you top class faculty from each field of intrest with excellent track record and high teaching experience.

79 |
80 |
81 |
82 | 83 |
84 |
85 |
86 |
87 |
88 | 89 | 90 |
91 |
92 |
93 |

Benifits

94 |
95 |
96 |
97 |
98 | 99 |
100 |

Courses

101 |

Excellent and updated content.

102 | Learn More 103 |
104 |
105 |
106 | 107 |
108 |

Faculty

109 |

Best in every field.

110 | Learn More 111 |
112 |
113 |
114 | 115 |
116 |

Study Material

117 |

One book that clears all doubts.

118 | Learn More 119 |
120 |
121 |
122 |
123 | 124 |
125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | -------------------------------------------------------------------------------- /website_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/praneshn99/web_security_testing/d0a222040c3dbb5b79f059186a06b468c9d51c9b/website_logo.png -------------------------------------------------------------------------------- /website_welcome.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/praneshn99/web_security_testing/d0a222040c3dbb5b79f059186a06b468c9d51c9b/website_welcome.png --------------------------------------------------------------------------------