-
Notifications
You must be signed in to change notification settings - Fork 0
/
pages.php
130 lines (105 loc) · 3.57 KB
/
pages.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
/*******************************************
* WhiteHat Sentinel Vulnerability Tracker *
* Created by Josh Sokol 2010-11-09 *
* Requires a MySQL database specified in *
* the config.php file with a table named *
* "vulnerabilities" with the following *
* fields: *
* id - int(10) *
* class - varchar(100) *
* status - varchar(8) *
* severity - int(2) *
* threat - int(2) *
* score - int(2) *
* found - timestamp *
* opened - timestamp *
* closed - timestamp *
* url - varchar(100) *
* href - varchar(100) *
* site - varchar(100) *
* retest_state - varchar(50) *
*******************************************/
// Include required template file
require_once('includes/templates.php');
// Include required functions file
require_once('includes/functions.php');
// Include required sessions file
require_once('includes/Session.class.php');
// Start session
session_start('SentinelPlus', 0, '/', 'sentinelplus.net', true);
//SessionManager::sessionStart('SentinelPlus', 0, '/', 'sentinelplus.net', true);
// If we don't have a session key
if (!isset($_SESSION['key']))
{
// Redirect to the index
header( 'Location: index.php' );
}
// Decrypt the session key
$key = trim(decrypt($_SESSION['key']));
// Set the site value if we have one
if (isset($_POST['site']))
{
$selected_site = $_POST['site'];
}
// Set the class value if we have one
if (isset($_POST['class']))
{
$selected_class = $_POST['class'];
}
?>
<HTML>
<HEAD>
<TITLE>SentinelPlus: Advanced Reporting for WhiteHat Sentinel Vulnerabilities</TITLE>
<link rel="stylesheet" type="text/css" href="css/style.css" media="all" />
</HEAD>
<BODY>
<? display_header(); ?>
<form action="" method="POST">
Site:
<select name="site" onChange="this.form.submit();">
<option value="ALL SITES"<? if (!isset($_POST['site'])) echo " selected" ?>>ALL SITES</option>
<option value="PRODUCTION"<? if ($_POST['site'] == "PRODUCTION") echo " selected" ?>>PRODUCTION</option>
<option value="TEST"<? if ($_POST['site'] == "TEST") echo " selected" ?>>TEST</option>
<?
// If no site was posted, default is ALL SITES
if (!isset($_POST['site'])) $selected_site = "ALL SITES";
// Get the list of sites
$sites = get_sites($key);
// For each site in the list
foreach ($sites as $site)
{
echo "<option value=\"" . $site['siteid'] . "\"";
if ($_POST['site'] == $site['siteid']) echo " selected";
echo ">" . $site['sitelabel'] . "</option>\n";
}
?>
</select>
<br />
Class:
<select name="class" onChange="this.form.submit();">
<option value="ALL CLASSES"<? if (!isset($_POST['class'])) echo " selected" ?>>ALL CLASSES</option>
<?
// If no class was posted, default is ALL CLASSES
if (!isset($_POST['class'])) $selected_class = "ALL CLASSES";
// Get the unique list of all classes of vulnerabilities
$classes = get_classes($key);
// For each class in the list
foreach ($classes as $class)
{
echo "<option value=\"" . $class['class'] . "\"";
if ($_POST['class'] == $class['class']) echo " selected";
echo ">" . $class['class'] . "</option>\n";
}
?>
</select>
</form>
<!-- LIST URLS -->
<div id="urls">
<?
// Print the list of URLs with vulnerabilities
$vulnerable_urls = list_vulnerable_urls($key, $selected_site, $selected_class);
?>
</div>
</BODY>
</HTML>