· 6 years ago · Aug 01, 2019, 01:58 PM
1Output
2$currency = "€";
3$multiplier = 1.25;
4?>
5$currency = "£";
6$multiplier = 1;
7?>
8Images used on "Seattle Sounds" were sourced through creativecommons.org and reasonable efforts were made to ensure images were free to share and adapt. This document is used to track the original source, author and license for each image.
9
10Banner Image - theme/header-banner.jpg - Unchanged
11Source - https://www.flickr.com/photos/alwaysshooting/21426094144/in/photolist-yDmkjh-pP4Nkr-peqbd2-6v4rsf-fDVD71-rAS2p7-5atcCv-sDBSH-6NagGT-8vu9X6-aaxmCh-nAM8Zi-cCFYTN-8f47Ko-pNXr9i-53a7oz-dcjvwZ-tMXTrq-cSXDUj-8L3dQ8-5L64HA-84s4zk-5jEoS-8p4eWz-asGvGj-9tmRPA-sffWQH-oJm94t-85nvpj-8jc834-az6hmW-dtawm7-499hCv-3zkJfJ-85LNHD-7bfxUV-4brfg1-5bDqy9-862xMB-4eKDRu-vCanHA-5BHDXR-8XUFm9-5kiXDh-7rP7o7-azLivw-dp7rdY-CL6At-8VSU2t-nLc2Tu
12https://creativecommons.org/licenses/by/2.0/
13License - SHARE, ADAPT under terms of ATTRIBUTION and "NO ADDITIONAL RESTRICTIONS"
14
15T-Shirt Template - images/products/1-1.jpg - Modified
16Source - https://www.flickr.com/photos/thepetwiki/4614585173/in/photolist-82LXpk-6BasnV-a242m1-4JZKco-9Y7bFg-9AR6PR-6iW1J2-2nm7gc-aq6rjj-dypGUs-72yTvt-566HxL-73K3hn-FGeKe-75gGcx-9jqVDy-8b4iCy-8Tbv1b-4L9LzV-EPuBab-aZbpbK-jDMCmg-akYGv7-4c5GQK-4LdXMW-frjrjP-72CQjd-dpy2rL-2nm7nH-72CN65-d7ayAu-gZJHp-9BESD-9WecV-75gGbt-5y5aSg-5FCRKL-7oi9Pm-73K3dg-9eARj3-Bj2or-cvp42Y-5y9xoJ-4q1R6Y-jDQ14j-rak4fn-5v16K2-anit3d-GqeUt-7hxNu
17https://creativecommons.org/licenses/by/2.0/
18License - SHARE, ADAPT under terms of ATTRIBUTION and "NO ADDITIONAL RESTRICTIONS"
19
20Vinyl Template - images/products/2-1.jpg - Modified
21Source - https://www.flickr.com/photos/cybertaur1/4898959898/
22https://creativecommons.org/licenses/by/2.0/
23License - SHARE, ADAPT under terms of ATTRIBUTION and "NO ADDITIONAL RESTRICTIONS"
24
25Brochure Image - theme/brochure.jpg
26Source - https://www.flickr.com/photos/jemimus/14244088734/in/photolist-nGGFjN-5Lqq1t-6yc2uh-9NKXM-5jkoxJ-cDqiJ-8E831P-fefSMx-dTRZvb-qCnC4h-67nNta-6CbdfG-pSuKPo-74RuAu-5XvHA5-fL6Rez-gMMuNW-8CCa3G-fD8wMP-off9je-nGJgwp-7ZWVcp-8wnkcJ-by6Hfc-5Lqpoz-and1KP-nyZDUe-6sC356-fZPktg-dRKEzG-nsvCk4-bAU3mN-ad1QV5-7BBWm-9jkwnc-6cW1P1-o1cWP8-ejZ29X-8N1tMx-fL4jtH-6eazsL-aTZcpa-dEataY-8Nbh9c-2H43MB-k839ta-6kgkqH-bpci1k-6eKEgG-7iLPV6
27https://creativecommons.org/licenses/by/2.0/
28License - SHARE, ADAPT under terms of ATTRIBUTION and "NO ADDITIONAL RESTRICTIONS"
29$currency = "$";
30$multiplier = 1.42;
31?>
32phpinfo()
33IDOR
34XSS
35SQL Injection
36Username Disclosure (IDOR)
37Username Enumeration (Login Box)
38Database running as Root
39No account lockout policy
40Weak password policy/Lack of password complexity
41Static session tokens
42Cross-site Request Forgery (Blog Post)
43Path Traversal (Brochure Download)
44include 'header.php';
45include 'aboutcontent.php';
46include 'footer.php';
47?>
48
49Seattle Sounds Vulnerable System by GracefulSecurity.com
50Version: 0.0.3
51
52
53The “Seattle Sounds” virtual machine and associated application are purposely vulnerable systems developed by Holly Grace of GracefulSecurity.com. The system is designed to allow up-and-coming Penetration Testers to practise their skills. The system is not designed to give lessons or even hints of any vulnerabilities to users, but simply simulate a real-world application and allow bug hunters to dig through the hay stack knowing that there are a few kneedles out there to find!
54
55
56include 'header.php';
57include 'user-details.php';
58include 'footer.php';
59?>
60body {
61margin: 0;
62padding: 0;
63font-size: 12pt;
64font-family: arial;
65background-color: #DDD;
66}
67.wrapper {
68width:100%;
69height:100%;
70}
71.header {
72background-image: url("theme/header-banner.jpg");
73background-size: cover;
74background-position: bottom;
75color: white;
76font-size: 72px;
77font-family: arial;
78width:100%;
79height:160px;
80margin: 0 auto;
81}
82.header-text {
83height: 90px;
84}
85.header-grad {
86text-align: center;
87height: 75px;
88background: -moz-linear-gradient(top, rgba(137,255,241,0) 0%, rgba(0,0,0,1) 100%); /* FF3.6+ */
89background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,rgba(137,255,241,0)), color-stop(100%,rgba(0,0,0,1))); /* Chrome,Safari4+ */
90background: -webkit-linear-gradient(top, rgba(137,255,241,0) 0%,rgba(0,0,0,1) 100%); /* Chrome10+,Safari5.1+ */
91background: -o-linear-gradient(top, rgba(137,255,241,0) 0%,rgba(0,0,0,1) 100%); /* Opera 11.10+ */
92background: -ms-linear-gradient(top, rgba(137,255,241,0) 0%,rgba(0,0,0,1) 100%); /* IE10+ */
93background: linear-gradient(to bottom, rgba(137,255,241,0) 0%,rgba(0,0,0,1) 100%); /* W3C */
94}
95.nav-wrapper {
96padding: 2px;
97width: 100%;
98height: 42px;
99border-top: 1px black solid;
100border-bottom: 1px black solid;
101}
102.nav-main {
103margin: 0 auto;
104max-width: 720px;
105height: 42px;
106overflow: hidden;
107}
108.nav-button {
109display: inline-block;
110height:42px;
111background-color:blue;
112width:140px;
113text-align: center;
114line-height: 40px;
115font-size: 20px;
116color: white;
117}
118.nav-button:hover {
119background-color:#3485FF;
120color: white;
121}
122a {
123text-decoration: none;
124color: inherit;
125}
126.content {
127background-color: white;
128width: 80%;
129min-height: 400px;
130margin: 0 auto;
131padding: 10px;
132#border-left: 1px solid;
133#border-right: 1px solid;
134#border-top: 1px solid;
135}
136.footer {
137border: 1px black solid;
138background-color:black;
139color: white;
140padding: 10px;
141width:80%;
142margin: 0 auto;
143text-align: center;
144}
145.highlights {
146margin: 0 auto;
147margin-bottom: 50px;
148border: 1px solid;
149width: 95%;
150min-height: 280px;
151}
152.highlights-image {
153text-align: right;
154margin: 0 auto;
155margin-bottom: 50px;
156border: 1px solid;
157width: 95%;
158height: 280px;
159display: block;
160background-image: url("theme/brochure.jpg");
161background-size: cover;
162background-position: bottom;
163color: white;
164font-size: 34px;
165padding: 10px;
166}
167.prod-box {
168margin: 0 auto;
169margin-bottom: 50px;
170border: 1px solid;
171width: 95%;
172min-height: 280px;
173}
174.bottom-text {
175border-top: 1px solid;
176width: 95%;
177background-color: #666666;
178margin: 0 auto;
179overflow: hidden;
180}
181
182.bottom-wrapper {
183width: 400px;
184margin: 0 auto;
185min-height: 180px;
186overflow: hidden;
187}
188
189@media (min-width: 870px) {
190.bottom-wrapper {
191width: 680px;
192}
193}
194
195.bottom-cell {
196background-color: #333333;
197padding: 10px;
198color: white;
199min-height: 120px;
200width: 140px;
201display: inline-block;
202margin: 0 auto;
203}
204.user-details {
205padding: 20px;
206}
207.prod-details {
208padding: 20px;
209}
210.list-product {
211display: block;
212margin: 0 auto;
213min-height:140px;
214padding: 10px;
215width: 90%;
216border-top: 1px solid;
217border-bottom: 1px solid;
218}
219.list-blog {
220display: block;
221margin: 0 auto;
222min-height:140px;
223padding: 10px;
224width: 90%;
225border-top: 1px solid;
226border-bottom: 1px solid;
227}
228.list-product-detail {
229display: block;
230margin: 0 auto;
231min-height:280px;
232padding: 10px;
233width: 90%;
234border-top: 1px solid;
235border-bottom: 1px solid;
236}
237.prod-img {
238margin: 12px;
239float: left;
240height: 128px;
241}
242.prod-detail {
243margin: 12px;
244float: left;
245height: 256px;
246}
247.login-box {
248width:400px;
249height:400px;
250margin: 0 auto;
251}
252label {
253color: #999;
254display: block;
255}
256
257.cf:before,
258.cf:after {
259content: "";
260display: table;
261}
262
263.cf:after {
264clear: both;
265}
266
267.cf {
268*zoom: 1;
269}
270
271:focus {
272outline: 0;
273}
274
275.loginform {
276width: 410px;
277margin: 50px auto;
278padding: 25px;
279background-color: rgba(250,250,250,0.5);
280border-radius: 5px;
281box-shadow: 0px 0px 5px 0px rgba(0, 0, 0, 0.2),
282inset 0px 1px 0px 0px rgba(250, 250, 250, 0.5);
283border: 1px solid rgba(0, 0, 0, 0.3);
284}
285
286.loginform ul {
287padding: 0;
288margin: 0;
289}
290
291.loginform li {
292display: inline;
293float: left;
294}
295
296.loginform input:not([type=submit]) {
297padding: 5px;
298margin-right: 10px;
299border: 1px solid rgba(0, 0, 0, 0.3);
300border-radius: 3px;
301box-shadow: inset 0px 1px 3px 0px rgba(0, 0, 0, 0.1),
3020px 1px 0px 0px rgba(250, 250, 250, 0.5) ;
303}
304
305.loginform input[type=submit] {
306border: 1px solid rgba(0, 0, 0, 0.3);
307background: #64c8ef; /* Old browsers */
308background: -moz-linear-gradient(top, #64c8ef 0%, #00a2e2 100%); /* FF3.6+ */
309background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#64c8ef), color-stop(100%,#00a2e2)); /* Chrome,Safari4+ */
310background: -webkit-linear-gradient(top, #64c8ef 0%,#00a2e2 100%); /* Chrome10+,Safari5.1+ */
311background: -o-linear-gradient(top, #64c8ef 0%,#00a2e2 100%); /* Opera 11.10+ */
312background: -ms-linear-gradient(top, #64c8ef 0%,#00a2e2 100%); /* IE10+ */
313background: linear-gradient(to bottom, #64c8ef 0%,#00a2e2 100%); /* W3C */
314filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#64c8ef', endColorstr='#00a2e2',GradientType=0 ); /* IE6-9 */
315color: #fff;
316padding: 5px 15px;
317margin-right: 0;
318margin-top: 15px;
319border-radius: 3px;
320text-shadow: 1px 1px 0px rgba(0, 0, 0, 0.3);
321}
322.postbox input:not([type=submit]) {
323width: 80%;
324height: 200px;
325overflow: scroll-vertical;
326vertical-align: top;
327}
328.blogbox {
329padding: 20px;
330border-top: 1px solid;
331border-bottom: 1px solid;
332}
333
334
335
336include 'connectioni.php';
337
338if (isset($_GET['author'])) {
339$stmt = $link->prepare('SELECT name,username FROM tblMembers WHERE id = ?;');
340$stmt->bind_param('i', $_GET['author']);
341$stmt->execute();
342$userResult = $stmt->get_result();
343$userRow = $userResult->fetch_assoc();
344echo 'Viewing all posts by ' . $userRow['name'] . ' (' . $userRow['username'] . ')
345
346';
347
348$stmt = $link->prepare('SELECT * FROM tblBlogs WHERE author = ?;');
349$stmt->bind_param('i', $_GET['author']);
350}
351else {
352$stmt = $link->prepare('SELECT * FROM tblBlogs;');
353}
354$stmt->execute();
355$result = $stmt->get_result();
356
357if (mysqli_num_rows($result) == 0) {
358if ($_COOKIE["level"] = "1") {
359echo 'Couldn\'t find any posts by author: ' . htmlentities($_GET['author']) . '.';
360}
361else {
362$author = $_GET["author"];
363$author = preg_replace("/<[A-Za-z0-9]/" , "", $author);
364$author = preg_replace("/on([a-z]+)/", "", $author);
365echo 'Couldn\'t find any posts by author: ' . htmlentities($author) . '.';
366}
367}
368
369if (!$result) {
370echo "DB Error, could not query the database\n";
371echo 'MySQL Error: ' . htmlentities(mysql_error());
372exit;
373}
374
375while ($row = $result->fetch_assoc()) {
376$stmt = $link->prepare('SELECT name,username FROM tblMembers WHERE id = ?;');
377$stmt->bind_param('i', $row['author']);
378$stmt->execute();
379$checkResult = $stmt->get_result();
380$checkRow = $checkResult->fetch_assoc();
381echo '
382';
383echo '' . $row['title'] . ' by ' . $checkRow['name'] . '
384
385';
386echo $row['content'] . '
387';
388}
389
390?>
391
392
393include 'header.php';
394include 'blog-content.php';
395include 'footer.php';
396?>
397$host = 'localhost';
398$user = 'root';
399$pass = 'Alexis*94';
400$database = 'seattle';
401?>
402include 'config.php';
403if (!$link = mysql_connect($host, $user, $pass)) {
404echo 'Could not connect to mysql';
405exit;
406}
407
408if (!mysql_select_db($database, $link)) {
409echo 'Could not select database';
410exit;
411}
412?>
413include 'config.php';
414if (!$link = mysqli_connect($host, $user, $pass, $database)) {
415echo 'Could not connect to mysql database';
416exit;
417}
418?>
419include 'connectioni.php';
420
421echo "";
422if (!isset($_POST["name"])) {
423echo "Missing name!
424";
425}
426else if (!isset($_POST["email"])) {
427echo "Missing email!
428";
429}
430else if (!isset($_POST["password"])) {
431echo "Missing password!
432";
433}
434else if (!isset($_POST["confpassword"])) {
435echo "Missing confirmation password!
436";
437}
438else if ($_POST["password"] != $_POST["confpassword"]) {
439echo "Passwords did not match!
440";
441}
442else {
443echo "Got account creation request
444";
445
446$stmt = $link->prepare("INSERT INTO tblMembers (id,username,password,session, name, blog, admin) VALUES(0, ?,?,MD5(?), ?, 0, 0);");
447$stmt->bind_param('ssss', $_POST["email"], $_POST["password"], $_POST["email"], $_POST["name"]);
448$stmt->execute();
449echo 'Account created!';
450}
451
452echo "";
453
454?>
455include 'header.php';
456include 'prod-details.php';
457include 'footer.php';
458?>
459
460
461
462include 'connection.php';
463
464if (isset($_GET['type'])) {
465$type = $_GET['type'];
466if (!$_COOKIE['level'] == "1") {
467$type = preg_replace("/\s+/","", $type);
468}
469$sql = 'SELECT * FROM tblProducts WHERE type =' . $type;
470
471if (!$result = mysql_query($sql, $link)) {
472header('Location: /index.php') ;
473}
474
475if (!$result) {
476echo "DB Error, could not query the database\n";
477echo 'MySQL Error: ' . mysql_error();
478exit;
479}
480
481if (mysql_num_rows($result) > 0) {
482if (isset($_GET['lang'])) {
483$lang = $_GET['lang'];
484}
485elseif (isset($_COOKIE['lang'])) {
486$lang = $_COOKIE['lang'];
487} else {
488$lang = 'GBP';
489}
490
491include $lang;
492
493while ($row = mysql_fetch_assoc($result)) {
494echo '
495';
496echo '';
497echo 'Product Name: ' . $row['name'] . '
498';
499echo 'Price: ' . $currency . $row['price']*$multiplier;
500echo '
501';
502}
503
504mysql_free_result($result);
505}
506}
507?>
508
509
510include 'header.php';
511include 'getfile.php';
512include 'footer.php';
513?>
514include 'getfile.php';
515?>
516
517
518
519
520 Catalogue
521
522 Vinyl
523
524 Clothing
525
526
527
528
529
530
531 Login
532
533 About
534
535
536
537
538
539
540
541
542 //$query = $_GET;
543 $query = preg_replace("/[<>]/g", "", $_GET);
544 $baseurl = $_SERVER['PHP_SELF'];
545 $baseurl = preg_replace("/[<>()\"]/", "", $baseurl);
546
547 $query['lang'] = 'EUR';
548 $eur_result = http_build_query($query);
549 $query['lang'] = 'USD';
550 $usd_result = http_build_query($query);
551 $query['lang'] = 'GBP';
552 $gbp_result = http_build_query($query);
553 echo '
554 GBP
555 ';
556 echo '
557 EUR
558 ';
559 echo '
560 USD
561 ';
562 ?>
563
564
565
566
567
568 T&Cs
569
570
571
572
573
574
575
576
577
578
579
580
581Copyright © Seattle-Sounds
582
583
584
585
586
587Grab our stock brochure here!
588
589
590ignore_user_abort(true);
591set_time_limit(0);
592
593$path = "/var/www/html/downloads/";
594
595if ($_COOKIE["level"] == "2") {
596$patterns = array();
597$patterns[0] = '/\.\.\//';
598$dl_file = preg_replace($patterns, '', $_GET['item']); // simple file name validation
599$dl_file = filter_var($dl_file, FILTER_SANITIZE_URL); // Remove (more) invalid characters
600$fullPath = $path.$dl_file;
601}
602else {
603$fullPath = $path.$_GET['item'];
604}
605
606
607if ($fd = fopen ($fullPath, "r")) {
608$fsize = filesize($fullPath);
609$path_parts = pathinfo($fullPath);
610$ext = strtolower($path_parts["extension"]);
611switch ($ext) {
612case "pdf":
613header("Content-type: application/pdf");
614header("Content-Disposition: attachment; filename=\"".$path_parts["basename"]."\""); // use 'attachment' to force a file download
615break;
616// add more headers for other content types here
617default;
618header("Content-type: application/octet-stream");
619header("Content-Disposition: filename=\"".$path_parts["basename"]."\"");
620break;
621}
622header("Content-length: $fsize");
623header("Cache-control: private"); //use this to open files directly
624while(!feof($fd)) {
625$buffer = fread($fd, 2048);
626echo $buffer;
627}
628}
629fclose ($fd);
630?>
631
632
633if (!isset($_COOKIE['level'])) {
634setcookie("level", "1");
635}
636if (strpos($_SERVER['HTTP_USER_AGENT'], "sqlmap") !== false ||
637strpos($_SERVER['HTTP_USER_AGENT'], "Havij") !== false ||
638strpos($_SERVER['HTTP_USER_AGENT'], "Gecko/20060418 Firefox/1.0.8") !== false) {
639exit;
640}
641if(isset($_GET['lang'])) {
642setcookie("lang", $_GET['lang']);
643}
644?>
645
646
647
648
649
650Current level: if (isset($_COOKIE['level'])) {
651print(htmlentities($_COOKIE["level"]));
652}
653else {
654print("1");
655} ?>
656if ($_COOKIE["level"] != "2") {
657print('Go to Level 2');
658}
659else {
660print('Go to Level 1');
661} ?>
662
663
664
665Seattle Sounds
666
667
668
669include 'nav.php';
670?>
671
672include 'header.php';
673include 'front.php';
674include 'footer.php';
675?>
676phpinfo();
677?>
678if (isset($_GET["set"])) {
679setcookie("level", $_GET["set"]);
680}
681header("Location: /index.php");
682?>
683include 'connection.php';
684
685$sql = "SELECT * FROM tblMembers WHERE username='" . $_POST['usermail'] . "';";
686$result = mysql_query($sql, $link);
687
688if (!$result) {
689echo "DB Error, could not query the database\n";
690echo 'MySQL Error: ' . mysql_error();
691exit;
692}
693
694if (mysql_num_rows($result) < 1) {
695header('Location: /account.php?login=user') ;
696}
697else {
698$sql = "SELECT session FROM tblMembers WHERE username='" . $_POST['usermail'] . "' AND password='" . $_POST['password'] . "';";
699$result = mysql_query($sql, $link);
700if (mysql_num_rows($result) == 0) {
701header('Location: /account.php?login=pass') ;
702}
703else {
704$row = mysql_fetch_assoc($result);
705setcookie("SessionId", $row['session']);
706header('Location: /account.php?login=success');
707}
708}
709?>
710setcookie("SessionId", "", time()-3600);
711header('Location: /account.php') ;
712?>
713
714
715Home
716
717Vinyl
718
719Clothing
720
721Blog
722
723My Account
724
725
726
727if (isset($_POST['title']) && isset($_POST['content'])) {
728include 'connection.php';
729$sql = "SELECT * FROM tblMembers WHERE session='" . $_COOKIE['SessionId'] . "';";
730$result = mysql_query($sql, $link);
731$row = mysql_fetch_assoc($result);
732
733$postBlog = "INSERT INTO tblBlogs (author,title,content) VALUES('" . $row['id'] . "','" . $_POST['title'] . "','" . $_POST['content'] . "');";
734$postResult = mysql_query($postBlog, $link);
735
736header('Location: /blog.php?author=' . $row['id']);
737}
738else {
739echo 'Error: Missing input.';
740}
741?>
742echo "Preping Seattle-Sounds Server Database..."
743systemctl stop mariadb
744systemctl start mariadb
745# Drop Database
746mysql -u root --password=Alexis*94 -e "DROP DATABASE seattle;"
747# Create Database
748mysql -u root --password=Alexis*94 -e "CREATE DATABASE seattle;"
749# Create Tables
750mysql -u root --password=Alexis*94 -e "CREATE TABLE tblMembers (id INT, username VARCHAR(64), password VARCHAR(20), session VARCHAR(32), name VARCHAR(64), blog INT, admin INT);" seattle
751mysql -u root --password=Alexis*94 -e "CREATE TABLE tblProducts (id INT, type INT, name VARCHAR(64), price INT, detail VARCHAR(256));" seattle
752mysql -u root --password=Alexis*94 -e "CREATE TABLE tblBlogs (author INT, title VARCHAR(64), content VARCHAR(10000));" seattle
753# Sanity output
754mysql -u root --password=Alexis*94 -e "SHOW tables;" seattle
755# Populate Members
756mysql -u root --password=Alexis*94 -e "INSERT INTO tblMembers (id,username,password,session, name, blog, admin) VALUES(1,'admin@seattlesounds.net','Assasin1',MD5('admin@seattlesounds.net'), 'Admin', 1, 1);" seattle
757mysql -u root --password=Alexis*94 -e "INSERT INTO tblMembers (id,username,password,session, name, blog, admin) VALUES(2,'tim@seattlesounds.net','SuperSecurePassword',MD5('tim@seattlesounds.net'), 'Tim', 1, 1);" seattle
758mysql -u root --password=Alexis*94 -e "INSERT INTO tblMembers (id,username,password,session, name, blog, admin) VALUES(3,'holly@seattlesounds.net','admin',MD5('holly@seattlesounds.net'), 'Holly', 1, 1);" seattle
759mysql -u root --password=Alexis*94 -e "SELECT * FROM tblMembers;" seattle
760mysql -u root --password=Alexis*94 -e "SELECT session FROM tblMembers WHERE session='db65b66f76639da5594fa1e4658e5efd' AND admin = 1;" seattle
761# Populate Products
762mysql -u root --password=Alexis*94 -e "INSERT INTO tblProducts (id,type,name,price,detail) VALUES(1,1,'Foo Vinyl',12,'Speed 33RPM
763Size 12\"
7641-disc
765');" seattle
766mysql -u root --password=Alexis*94 -e "INSERT INTO tblProducts (id,type,name,price,detail) VALUES(2,1,'Bar Vinyl',27,'Speed 33RPM
767Size 12\"
7681-disc
769');" seattle
770mysql -u root --password=Alexis*94 -e "INSERT INTO tblProducts (id,type,name,price,detail) VALUES(3,1,'Baz Vinyl',86,'Speed 33RPM
771Size 12\"
7721-disc
773');" seattle
774mysql -u root --password=Alexis*94 -e "INSERT INTO tblProducts (id,type,name,price,detail) VALUES(4,1,'Baq Vinyl',11,'Speed 33RPM
775Size 12\"
7761-disc
777');" seattle
778mysql -u root --password=Alexis*94 -e "INSERT INTO tblProducts (id,type,name,price,detail) VALUES(5,2,'Foo T-Shirt',31,'100% Polyester
779Machine Wash
780Crew Neck
781');" seattle
782mysql -u root --password=Alexis*94 -e "INSERT INTO tblProducts (id,type,name,price,detail) VALUES(6,2,'Bar T-Shirt',45,'100% Polyester
783Machine Wash
784Crew Neck
785');" seattle
786mysql -u root --password=Alexis*94 -e "INSERT INTO tblProducts (id,type,name,price,detail) VALUES(7,2,'Baz T-Shirt',35,'100% Polyester
787Machine Wash
788Crew Neck
789');" seattle
790mysql -u root --password=Alexis*94 -e "INSERT INTO tblProducts (id,type,name,price,detail) VALUES(8,2,'Baq T-Shirt',32,'100% Polyester
791Machine Wash
792Crew Neck
793');" seattle
794
795# Populate Blog
796mysql -u root --password=Alexis*94 -e "INSERT INTO tblBlogs (author,title,content) VALUES(1,'Hey!','Welcome to our site!');" seattle
797mysql -u root --password=Alexis*94 -e "INSERT INTO tblBlogs (author,title,content) VALUES(1,'Testing :)','Just testing out new blog.');" seattle
798mysql -u root --password=Alexis*94 -e "INSERT INTO tblBlogs (author,title,content) VALUES(3,'Tests :)','Just testing my account!');" seattle
799
800
801
802include 'connection.php';
803
804$prod = $_GET['prod'];
805if (!$_COOKIE["level"] == "1") {
806$prod = preg_replace("/\s+/", "", $prod);
807}
808$sql = 'SELECT * FROM tblProducts WHERE id = ' . $prod;
809$result = mysql_query($sql, $link);
810
811if (!$result) {
812echo "DB Error, could not query the database\n";
813echo 'MySQL Error: ' . htmlentities(mysql_error());
814exit;
815}
816
817$row = mysql_fetch_assoc($result);
818echo '
819Product Details
820';
821echo '
822';
823echo '';
824echo 'Product Name: ' . $row['name'];
825echo '
826
827Details
828' . $row['detail'] . '
829';
830echo '
831
832';
833echo '
834';
835
836mysql_free_result($result);
837
838?>
839
840
841include 'header.php';
842include 'display.php';
843include 'footer.php';
844?>
845include 'header.php';
846include 'user-register.php';
847include 'footer.php';
848?>
849
850
851
852Terms & Conditions
853
854
855Seattle Sounds owns and operate this Website. This document governs your relationship with the Online Store. Access to and use of this Website and the products and services available through this Website (collectively, the "Services") are subject to the following terms, conditions and notices (the "Terms of Service"). By using the Services, you are agreeing to all of the Terms of Service, as may be updated by us from time to time. You should check this page regularly to take notice of any changes we may have made to the Terms of Service.
856
857Access to this Website is permitted on a temporary basis, and we reserve the right to withdraw or amend the Services without notice. We will not be liable if for any reason this Website is unavailable at any time or for any period. From time to time, we may restrict access to some parts or all of this Website.
858This Website may contain links to other websites (the "Linked Sites"), which are not operated by Seattle Sounds. Seattle Sounds has no control over the Linked Sites and accepts no responsibility for them or for any loss or damage that may arise from your use of them. Your use of the Linked Sites will be subject to the terms of use and service contained within each such site.
859
860
861
862Prohibitions
863
864You must not misuse this Website. You will not: commit or encourage a criminal offense; transmit or distribute a virus, trojan, worm, logic bomb or any other material which is malicious, technologically harmful, in breach of confidence or in any way offensive or obscene; hack into any aspect of the Service; corrupt data; cause annoyance to other users; infringe upon the rights of any other person's proprietary rights; send any unsolicited advertising or promotional material, commonly referred to as "spam"; or attempt to affect the performance or functionality of any computer facilities of or accessed through this Website. Breaching this provision would constitute a criminal offense and Seattle Sounds will report any such breach to the relevant law enforcement authorities and disclose your identity to them.
865
866We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of this Website or to your downloading of any material posted on it, or on any website linked to it.
867
868Intellectual Property, Software and Content
869The intellectual property rights in all software and content (including photographic images) made available to you on or through this Website remains the property of Seattle Sounds or its licensors and are protected by copyright laws and treaties around the world. All such rights are reserved by Seattle Sounds and its licensors. You may store, print and display the content supplied solely for your own personal use. You are not permitted to publish, manipulate, distribute or otherwise reproduce, in any format, any of the content or copies of the content supplied to you or which appears on this Website nor may you use any such content in connection with any business or commercial enterprise.
870
871
872
873Terms of Sale
874
875By placing an order you are offering to purchase a product on and subject to the following terms and conditions. All orders are subject to availability and confirmation of the order price.
876Dispatch times may vary according to availability and subject to any delays resulting from postal delays or force majeure for which we will not be responsible.
877
878In order to contract with Seattle Sounds you must be over 18 years of age and possess a valid credit or debit card issued by a bank acceptable to us. Seattle Sounds retains the right to refuse any request made by you. If your order is accepted we will inform you by email and we will confirm the identity of the party which you have contracted with. This will usually be Seattle Sounds or may in some cases be a third party. Where a contract is made with a third party Seattle Sounds is not acting as either agent or principal and the contract is made between yourself and that third party and will be subject to the terms of sale which they supply you. When placing an order you undertake that all details you provide to us are true and accurate, that you are an authorized user of the credit or debit card used to place your order and that there are sufficient funds to cover the cost of the goods. The cost of foreign products and services may fluctuate. All prices advertised are subject to such changes.
879
880(a) Our Contract
881When you place an order, you will receive an acknowledgement e-mail confirming receipt of your order: this email will only be an acknowledgement and will not constitute acceptance of your order. A contract between us will not be formed until we send you confirmation by e-mail that the goods which you ordered have been dispatched to you. Only those goods listed in the confirmation e-mail sent at the time of dispatch will be included in the contract formed.
882
883(b) Pricing and Availability
884Whilst we try and ensure that all details, descriptions and prices which appear on this Website are accurate, errors may occur. If we discover an error in the price of any goods which you have ordered we will inform you of this as soon as possible and give you the option of reconfirming your order at the correct price or cancelling it. If we are unable to contact you we will treat the order as cancelled. If you cancel and you have already paid for the goods, you will receive a full refund.
885Delivery costs will be charged in addition; such additional charges are clearly displayed where applicable and included in the 'Total Cost'.
886
887(c) Payment
888Upon receiving your order we carry out a standard authorization check on your payment card to ensure there are sufficient funds to fulfil the transaction. Your card will be debited upon authorisation being received. The monies received upon the debiting of your card shall be treated as a deposit against the value of the goods you wish to purchase. Once the goods have been despatched and you have been sent a confirmation email the monies paid as a deposit shall be used as consideration for the value of goods you have purchased as listed in the confirmation email.
889
890
891
892Disclaimer of Liability
893
894The material displayed on this Website is provided without any guarantees, conditions or warranties as to its accuracy. Unless expressly stated to the contrary to the fullest extent permitted by law Seattle Sounds and its suppliers, content providers and advertisers hereby expressly exclude all conditions, warranties and other terms which might otherwise be implied by statute, common law or the law of equity and shall not be liable for any damages whatsoever, including but without limitation to any direct, indirect, special, consequential, punitive or incidental damages, or damages for loss of use, profits, data or other intangibles, damage to goodwill or reputation, or the cost of procurement of substitute goods and services, arising out of or related to the use, inability to use, performance or failures of this Website or the Linked Sites and any materials posted thereon, irrespective of whether such damages were foreseeable or arise in contract, tort, equity, restitution, by statute, at common law or otherwise. This does not affect Seattle Sounds's liability for death or personal injury arising from its negligence, fraudulent misrepresentation, misrepresentation as to a fundamental matter or any other liability which cannot be excluded or limited under applicable law.
895
896
897
898Linking to this Website
899
900You may link to our home page, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists. You must not establish a link from any website that is not owned by you. This Website must not be framed on any other site, nor may you create a link to any part of this Website other than the home page. We reserve the right to withdraw linking permission without notice.
901
902Disclaimer as to ownership of trade marks, images of personalities and third party copyright
903Except where expressly stated to the contrary all persons (including their names and images), third party trade marks and content, services and/or locations featured on this Website are in no way associated, linked or affiliated with Seattle Sounds and you should not rely on the existence of such a connection or affiliation. Any trade marks/names featured on this Website are owned by the respective trade mark owners. Where a trade mark or brand name is referred to it is used solely to describe or identify the products and services and is in no way an assertion that such products or services are endorsed by or connected to Seattle Sounds.
904
905
906
907Indemnity
908
909You agree to indemnify, defend and hold harmless Seattle Sounds, its directors, officers, employees, consultants, agents, and affiliates, from any and all third party claims, liability, damages and/or costs (including, but not limited to, legal fees) arising from your use this Website or your breach of the Terms of Service.
910
911
912
913Variation
914
915Seattle Sounds shall have the right in its absolute discretion at any time and without notice to amend, remove or vary the Services and/or any page of this Website.
916
917
918
919Invalidity
920
921If any part of the Terms of Service is unenforceable (including any provision in which we exclude our liability to you) the enforceability of any other part of the Terms of Service will not be affected all other clauses remaining in full force and effect. So far as possible where any clause/sub-clause or part of a clause/sub-clause can be severed to render the remaining part valid, the clause shall be interpreted accordingly. Alternatively, you agree that the clause shall be rectified and interpreted in such a way that closely resembles the original meaning of the clause /sub-clause as is permitted by law.
922
923
924
925Complaints
926
927We operate a complaints handling procedure which we will use to try to resolve disputes when they first arise, please let us know if you have any complaints or comments.
928
929
930
931Waiver
932
933If you breach these conditions and we take no action, we will still be entitled to use our rights and remedies in any other situation where you breach these conditions.
934
935
936
937Entire Agreement
938
939The above Terms of Service constitute the entire agreement of the parties and supersede any and all preceding and contemporaneous agreements between you and Seattle Sounds. Any waiver of any provision of the Terms of Service will be effective only if in writing and signed by a Director of Seattle Sounds.
940
941
942If additional information is required, please contact admin@seattlesounds.net.
943
944
945
946include 'header.php';
947include 'terms-body.php';
948include 'footer.php';
949?>
950if (isset($_POST['name']) && isset($_POST['password'])) {
951include 'connection.php';
952$postUpdate = "UPDATE tblMembers SET name='" . $_POST['name'] . "',password='" . $_POST['password'] . "' WHERE session='" . $_COOKIE['SessionId'] . "';";
953$postResult = mysql_query($postUpdate, $link);
954header('Location: /account.php?user=updated');
955}
956else {
957echo 'Error: Missing input.';
958}
959?>
960
961
962
963if (!isset($_COOKIE['SessionId'])) {
964echo '
965';
966if ($_GET['login'] == "user") {
967echo 'Invalid username, please try again.
968
969';
970}
971elseif ($_GET['login'] == "admin") {
972echo 'Not an admin account, please login with higher privileges.
973
974';
975}
976elseif ($_GET['login'] == "pass") {
977echo 'Invalid password, please try again.
978
979';
980}
981echo '
982
983
984 Email
985
986
987 Password
988
989
990
991
992
993
994
995Don\'t have an account? Register here!
996';
997}
998elseif ($_GET['login'] == "session") {
999echo 'ERROR: Invalid Session
1000';
1001echo 'Logout';
1002}
1003else {
1004if (isset($_GET['user'])) {
1005echo 'Account updated!
1006';
1007}
1008
1009include 'connection.php';
1010
1011$loadDetails = "SELECT * FROM tblMembers WHERE session='" . $_COOKIE['SessionId'] . "';";
1012$detailsResult = mysql_query($loadDetails, $link);
1013$detailsData = mysql_fetch_assoc($detailsResult);
1014if (!$detailsResult) {
1015echo "DB Error, could not query the database\n";
1016echo 'MySQL Error: ' . mysql_error();
1017}
1018
1019if (mysql_num_rows($detailsResult) < 1) {
1020header('Location: /account.php?login=session') ;
1021}
1022else {
1023$sql = "SELECT admin,name FROM tblMembers WHERE session='" . $_COOKIE['SessionId'] . "';";
1024$result = mysql_query($sql, $link);
1025$row = mysql_fetch_assoc($result);
1026echo "Hello " . $row['name'] . "! [Logout]
1027
1028";
1029
1030$blogCheck = "SELECT * FROM tblMembers WHERE session='" . $_COOKIE['SessionId'] . "' AND blog=1;";
1031$blogResult = mysql_query($sql, $link);
1032if (mysql_num_rows($result) == 1) {
1033echo '
1034Post new blog:
1035
1036
1037
1038Title:
1039
1040
1041Content:
1042
1043
1044
1045
1046
1047
1048
1049';
1050}
1051if ($row["admin"] != 0) {
1052echo '
1053Update Account:
1054
1055';
1056echo '
1057
1058Name:
1059
1060
1061Password:
1062
1063';
1064echo '';
1065echo '
1066
1067
1068
1069';
1070echo '
1071View Logs
1072
1073';
1074echo 'Logs Available:
1075';
1076exec("ls logs/", $output);
1077foreach ($output as $line) {
1078$line = str_replace(".txt","",$line);
1079echo $line;
1080}
1081echo "
1082---
1083
1084";
1085
1086echo "Read Log:
1087";
1088echo '
1089';
1090echo 'Log Name:
1091
1092';
1093echo '
1094';
1095
1096if (isset($_GET["log"])) {
1097echo "Output
1098";
1099$command = "cat /var/www/html/logs/" . $_GET["log"] . ".txt";
1100exec($command, $logout);
1101foreach ($logout as $line) {
1102echo $line . "
1103";
1104}
1105}
1106echo "
1107";
1108}
1109else {
1110echo 'Logged in as standard user, no administrative actions available.';
1111}
1112}
1113}
1114?>
1115
1116
1117
1118
1119
1120
1121if (!isset($_COOKIE['SessionId'])) {
1122echo '
1123';
1124echo '
1125
1126
1127 Name
1128
1129
1130
1131 Email
1132
1133
1134
1135 Password
1136
1137
1138
1139 Confirm Password
1140
1141
1142
1143
1144
1145
1146
1147
1148';
1149}
1150?>