Path-Traversal

Dockerfile

@@ -5,7 +5,7 @@ LABEL Description="Web Vulnerability Lab by Yavuzlar." \
 	Usage="docker run -d -p [HOST PORT NUMBER]:80 yavuzlar/vulnlab" \
 	Version="1.0"
 
-ENV TZ=Asia/Turkey
+ENV TZ=Asia/Dubai
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 
 RUN apt update

app/lab/api-hacking/api-hacking1/all_wallpapers.php

@@ -0,0 +1,52 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+
+$uploadDirectory = '../api-hacking1/api/uploads/';
+$images = scandir($uploadDirectory);
+
+$images = array_diff($images, array('..', '.'));
+
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>API Hacking</title>
+    <!-- Bootstrap CSS -->
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
+</head>
+<body>
+
+<div class="container mt-5">
+    <button type="button" class="btn btn-primary mt-2" onclick="backToLoginPage()"><?php echo $strings['backtologin']; ?></button>
+    <p></p>
+    <div class="row">
+        <?php foreach ($images as $image) : ?>
+            <div class="col-md-4 mb-4">
+                <div class="card h-100">
+                    <img src="<?= $uploadDirectory . $image ?>" class="card-img-top" alt="<?= $image ?>">
+                    <div class="card-body text-center">
+                        <h5 class="card-title"><?= $image ?></h5>
+                    </div>
+                </div>
+            </div>
+        <?php endforeach; ?>
+    </div>
+
+    <div class="mt-3">
+    </div>
+</div>
+
+<!-- Bootstrap JS and Popper.js (required for Bootstrap JavaScript plugins) -->
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
+<script id="VLBar" title="<?= $strings['title'] ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+<script>
+    function backToLoginPage() {
+        window.location.href = 'index.php'; 
+    }
+</script>
+</body>
+</html>

app/lab/api-hacking/api-hacking1/api/logout.php

@@ -0,0 +1,8 @@
+<?php
+session_start();
+
+session_unset();
+session_destroy();
+
+$response = array('success' => true);
+echo json_encode($response);

app/lab/api-hacking/api-hacking1/dashboard.php

@@ -45,6 +45,7 @@
         <h1 class="mb-4"><?php echo $strings['labtitle']; ?> </h1>
 
         <button type="button" class="btn btn-secondary mt-2" onclick="resetImages()"><?php echo $strings['resetlab'] ?></button>
+        <button type="button" class="btn btn-danger mt-2" onclick="logout()"><?php echo $strings['logout']; ?></button>
 
 
         <!-- Image Upload Form -->
@@ -166,6 +167,23 @@ function resetImages() {
                 .catch(error => console.error('Hata:', error));
         }
 
+        function logout() {
+        fetch('api/logout.php')
+            .then(response => {
+                if (response.ok) {
+                    return response.json();
+                }
+            })
+            .then(data => {
+                if (data.success) {
+                    window.location.href = 'index.php'; 
+                } else {
+                    alert('<?php echo $strings['logouterr'] ?>');
+                }
+            })
+            .catch(error => console.error('Error:', error));
+    }
+
 
         // Initial fetch to display uploaded images on page load
         fetchImages();

app/lab/api-hacking/api-hacking1/en.ini

@@ -22,4 +22,7 @@ requestmethod = "Invalid request method."
 reset = "The images have been successfully reset."
 resetlab = "Reset Lab"
 allwallpapers = "All Wallpapers" 
-filename = "File Name: "
+filename = "File Name: "
+logouterr = "Çıkış yapılamadı. Tekrar deneyiniz."
+backtologin = "Back to Login Page"
+logout = "Log Out"

app/lab/api-hacking/api-hacking1/fr.ini

@@ -23,3 +23,6 @@ reset = "Les images ont été réinitialisées avec succès."
 resetlab = "Le aboratoire a été réinitialisé."
 allwallpapers = "Tous les fonds d'écran"
 filename = "Nom de fichier: "
+logouterr = "La déconnexion a échoué. Veuillez réessayer."
+backtologin = "Retour à la page de connexion."
+logout = "Se déconnecter" 

app/lab/api-hacking/api-hacking1/index.php

@@ -30,7 +30,6 @@
 }
 ?>
 
-
 <!DOCTYPE html>
 <html lang="<?= $strings['lang']; ?>">
 <head>
@@ -40,7 +39,6 @@
     <!-- Bootstrap CSS -->
     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
     <script src="https://code.jquery.com/jquery-3.6.4.min.js"></script>
-<!-- ... -->
 
 <script>
     $(document).ready(function() {
@@ -66,8 +64,6 @@
     });
 </script>
 
-<!-- ... -->
-
 </head>
 <body>
 

app/lab/api-hacking/api-hacking1/tr.ini

@@ -22,4 +22,7 @@ requestmethod = "Geçersiz istek yöntemi."
 reset = "Resimler başarıyla sıfırlandı."
 resetlab = "Laboratuvarı sıfırla"
 allwallpapers = "Tüm Duvar Kağıtları"
-filename = "Dosya Adı: "
+filename = "Dosya Adı: "
+logouterr = "Çıkış yapılamadı. Tekrar deneyiniz."
+backtologin = "Giriş Yap Sayfasına Dön"
+logout = "Çıkış Yap"

app/lab/pathtraversal/pathtraversal-1/header.html

@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title></title>
+    <style>
+
+    </style>
+</head>
+<body>
+
+<header>
+    <h1 id="page-title">En Popüler Hacker Grupları</h1>
+
+</header>
+
+<script>
+    function changeLanguage() {
+        var languageSelect = document.getElementById('language');
+        var selectedLanguage = languageSelect.options[languageSelect.selectedIndex].value;
+
+        if (selectedLanguage === 'tr') {
+            document.getElementById('page-title').innerText = 'En Popüler Hacker Grupları';
+        } else {
+            document.getElementById('page-title').innerText = 'Most Popular Hacker Groups';
+        }
+    }
+
+</script>
+
+</body>
+</html>

app/lab/pathtraversal/pathtraversal-1/index.php

@@ -0,0 +1,151 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+
+?>
+
+
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title><?php echo "Path Traversal" ?></title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
+    <link rel="stylesheet" href="styles.css">
+    <style type="text/css">
+        body {
+            background-color: white;
+        }
+        header {
+            background-color: white;
+        }
+        h1 {
+            color: black;
+        }
+        .button-container {
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            margin-top: 10px;
+        }
+        .button-container2 {
+            display: flex;
+            justify-content: center;
+            align-items: center; 
+            margin-top: 10px;
+        }
+
+
+    </style>
+</head>
+<body>
+
+<header>
+    <h1 id="page-title"><?php echo $strings['information']; ?></h1>
+    <img src="../pathtraversal-1/images/yavuzlar.png" alt="Logo" width="100" height="100" class="d-inline-block align-text-top">
+</header>
+
+<div class="products-container">
+    <div class="product" onclick="goToProductPage(1)">
+        <img src="../pathtraversal-1/images/clop.jpg" alt="Ürün 1 Resmi" width="300" height="240">
+        <h2><?php echo $strings['information2']; ?></h2>
+        <br>
+        <br>
+        <div class="button-container">
+            <button type="button" class="btn btn-success"><?php echo $strings['click']; ?></button>
+        </div>
+    </div>
+
+    <div class="product" onclick="goToProductPage(2)">
+        <img src="../pathtraversal-1/images/Anonymous.jpeg" alt="Ürün 2 Resmi" width="300" height="240">
+        <h2><?php echo $strings['ex1']; ?></h2>
+        <br>
+        <br>
+        <div class="button-container">
+            <button type="button" class="btn btn-success"><?php echo $strings['click']; ?></button>
+        </div>
+    </div>
+    <div class="product" onclick="goToProductPage(3)">
+        <img src="../pathtraversal-1/images/LazarusGroup.jpg" alt="Ürün 2 Resmi" width="300" height="240">
+        <h2><?php echo $strings['ex2']; ?></h2>
+        <br>
+        <br>
+        <div class="button-container">
+            <button type="button" class="btn btn-success"><?php echo $strings['click']; ?></button>
+        </div>
+    </div>
+    <div class="product" onclick="goToProductPage(4)">
+        <img src="../pathtraversal-1/images/carbanak.jpg" alt="Ürün 2 Resmi" width="300" height="240">
+        <h2><?php echo $strings['ex3']; ?></h2>
+        <br>
+        <br>
+        <div class="button-container">
+            <button type="button" class="btn btn-success"><?php echo $strings['click']; ?></button>
+        </div>
+    </div>
+    <div class="product" onclick="goToProductPage(5)">
+        <img src="../pathtraversal-1/images/TheDarkOverlord.jpg" alt="Ürün 2 Resmi" width="300" height="240">
+        <h2><?php echo $strings['ex4']; ?></h2>
+        <br>
+        <br>
+        <div class="button-container">
+            <button type="button" class="btn btn-success"><?php echo $strings['click']; ?></button>
+        </div>
+    </div>
+    <div class="product" onclick="goToProductPage(6)">
+        <img src="../pathtraversal-1/images/TheEquationGroup.jpg" alt="Ürün 2 Resmi" width="300" height="240">
+        <h2><?php echo $strings['ex5']; ?></h2>
+        <br>
+        <div class="button-container2">
+            <button type="button" class="btn btn-success"><?php echo $strings['click']; ?></button>
+        </div>
+    </div>
+    <div class="product" onclick="goToProductPage(7)">
+        <img src="../pathtraversal-1/images/ta505.jpg" alt="Ürün 2 Resmi" width="300" height="240">
+        <h2><?php echo $strings['ex6']; ?></h2>
+        <br>
+        <div class="button-container2">
+            <button type="button" class="btn btn-success"><?php echo $strings['click']; ?></button>
+        </div>
+    </div>
+    <div class="product" onclick="goToProductPage(8)">
+        <img src="../pathtraversal-1/images/darkside.jpg" alt="Ürün 2 Resmi" width="300" height="240">
+        <h2><?php echo $strings['ex7']; ?></h2>
+        <br>
+        <div class="button-container2">
+            <button type="button" class="btn btn-success"><?php echo $strings['click']; ?></button>
+        </div>
+    </div>
+    <div class="product" onclick="goToProductPage(9)">
+
+        <img src="../pathtraversal-1/images/morpho1.jpg" alt="Ürün 2 Resmi" width="300" height="240">
+        <h2><?php echo $strings['ex8']; ?></h2>
+        <br>
+
+
+        <div class="button-container2">
+            <button type="button" class="btn btn-success"><?php echo $strings['click']; ?></button>
+        </div>
+    </div>
+    <div class="product" onclick="goToProductPage(10)">
+        <img src="../pathtraversal-1/images/Lapsus.jpg" alt="Ürün 2 Resmi" width="300" height="240">
+        <h2><?php echo $strings['ex9']; ?></h2>
+        <br>
+        <div class="button-container2">
+            <button type="button" class="btn btn-success"><?php echo $strings['click']; ?></button>
+        </div>
+    </div>
+
+</div>
+
+<script>
+    function goToProductPage(productId) {
+        window.location.href = "../pathtraversal-1/product.php?productId=" + productId;
+    }
+</script>
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js" integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL" crossorigin="anonymous"></script>
+
+<script id="VLBar" title="<?= $strings["title"]; ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</body>
+</html>