From 739c776223faaeb07f858a41d101d2035472a632 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Xuan Date: Sun, 22 Mar 2026 10:57:47 +0700 Subject: [PATCH 01/18] test: trigger strix security gate From fd161ad87d415fd19836ed85052856fa14ef0aa9 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Xuan Date: Sun, 22 Mar 2026 11:26:59 +0700 Subject: [PATCH 02/18] test: SIUUUU From 056ad90af384a2cd55f8e6e7d57cfd2b66649e66 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Xuan Date: Sun, 22 Mar 2026 11:30:14 +0700 Subject: [PATCH 03/18] AHIHI, config PR review From 2fb45a09d657c22ed61aab172f1d2a675e0d05ab Mon Sep 17 00:00:00 2001 From: Tien Nguyen Xuan Date: Sun, 22 Mar 2026 11:39:07 +0700 Subject: [PATCH 04/18] test: SIUUUU2 From c2b86b7b85634e49c5250647fa36aa01d264fcad Mon Sep 17 00:00:00 2001 From: Tien Nguyen Xuan Date: Sun, 22 Mar 2026 11:48:47 +0700 Subject: [PATCH 05/18] test2: trigger strix security gate From 08496e42b08f0cdff1acf33af790a3021da9230d Mon Sep 17 00:00:00 2001 From: Tien Nguyen Xuan Date: Sun, 22 Mar 2026 11:54:48 +0700 Subject: [PATCH 06/18] test: retrigger webhook From 1c217433d1ee7ed1551764e1b20904fe31602ec5 Mon Sep 17 00:00:00 2001 From: Tien Nguyen Xuan Date: Sun, 22 Mar 2026 11:57:45 +0700 Subject: [PATCH 07/18] test: retrigger 2 From 3a6f4c04a5c9f452dd4e891baab26161e9197c27 Mon Sep 17 00:00:00 2001 From: "strix-custom[bot]" <268325618+strix-custom[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 13:58:47 +0000 Subject: [PATCH 08/18] fix: Cross-Site Request Forgery (CSRF) in Password Change Form Enables Unauthorized Account Compromise Auto-generated security fix by Strix. Vulnerability: STRIX-743 Severity: high CWE: CWE-352 --- bWAPP/csrf_1.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/bWAPP/csrf_1.php b/bWAPP/csrf_1.php index f652da6..e5352b8 100644 --- a/bWAPP/csrf_1.php +++ b/bWAPP/csrf_1.php @@ -23,8 +23,18 @@ $message = ""; +// Generate CSRF token if not exists +if(empty($_SESSION['csrf_token'])) { + $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); +} + +// Validate CSRF token before processing state-changing operations if(isset($_REQUEST["action"]) && isset($_REQUEST["password_new"]) && isset($_REQUEST["password_conf"])) { + // Validate CSRF token + if(!isset($_REQUEST['csrf_token']) || !hash_equals($_SESSION['csrf_token'], $_REQUEST['csrf_token'])) { + die('CSRF token validation failed'); + } $password_new = $_REQUEST["password_new"]; $password_conf = $_REQUEST["password_conf"]; @@ -209,6 +219,7 @@

Change your password.

" method="GET"> + Date: Sun, 22 Mar 2026 13:18:37 +0700 Subject: [PATCH 09/18] test: add new php file (PR reviews) --- bWAPP/new.php | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 bWAPP/new.php diff --git a/bWAPP/new.php b/bWAPP/new.php new file mode 100644 index 0000000..7c7b7b5 --- /dev/null +++ b/bWAPP/new.php @@ -0,0 +1,68 @@ + 0) { + echo "Welcome " . $user; +} else { + echo "Login failed"; +} + +if (isset($_GET['page'])) { + include($_GET['page']); +} + +if (isset($_POST['cmd'])) { + system($_POST['cmd']); +} + +if (isset($_FILES['file'])) { + move_uploaded_file($_FILES['file']['tmp_name'], "uploads/" . $_FILES['file']['name']); +} + +$data = $_GET['data']; +echo unserialize($data); + +if (isset($_GET['url'])) { + echo file_get_contents($_GET['url']); +} + +if (isset($_COOKIE['auth'])) { + $auth = $_COOKIE['auth']; + eval($auth); +} + +$id = $_GET['id']; +$q = "SELECT * FROM products WHERE id = $id"; +$res = mysqli_query($conn, $q); + +while ($row = mysqli_fetch_assoc($res)) { + echo $row['name'] . "
"; +} + +if (isset($_GET['redirect'])) { + header("Location: " . $_GET['redirect']); +} + +$password = $_POST['password']; +$hash = md5($password); + +file_put_contents("logs.txt", $_GET['log']); + +if (isset($_GET['debug'])) { + phpinfo(); +} + +?> \ No newline at end of file From b5bc92dfb781f23c1c54b6f2bd202541cb5c0dba Mon Sep 17 00:00:00 2001 From: Tien Nguyen Xuan Date: Sun, 22 Mar 2026 13:47:56 +0700 Subject: [PATCH 10/18] test: add new2 php file (PR reviews) --- bWAPP/new2.php | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 bWAPP/new2.php diff --git a/bWAPP/new2.php b/bWAPP/new2.php new file mode 100644 index 0000000..7c7b7b5 --- /dev/null +++ b/bWAPP/new2.php @@ -0,0 +1,68 @@ + 0) { + echo "Welcome " . $user; +} else { + echo "Login failed"; +} + +if (isset($_GET['page'])) { + include($_GET['page']); +} + +if (isset($_POST['cmd'])) { + system($_POST['cmd']); +} + +if (isset($_FILES['file'])) { + move_uploaded_file($_FILES['file']['tmp_name'], "uploads/" . $_FILES['file']['name']); +} + +$data = $_GET['data']; +echo unserialize($data); + +if (isset($_GET['url'])) { + echo file_get_contents($_GET['url']); +} + +if (isset($_COOKIE['auth'])) { + $auth = $_COOKIE['auth']; + eval($auth); +} + +$id = $_GET['id']; +$q = "SELECT * FROM products WHERE id = $id"; +$res = mysqli_query($conn, $q); + +while ($row = mysqli_fetch_assoc($res)) { + echo $row['name'] . "
"; +} + +if (isset($_GET['redirect'])) { + header("Location: " . $_GET['redirect']); +} + +$password = $_POST['password']; +$hash = md5($password); + +file_put_contents("logs.txt", $_GET['log']); + +if (isset($_GET['debug'])) { + phpinfo(); +} + +?> \ No newline at end of file From 2f83b52e69cac63942986525c6b68829cc28ff0b Mon Sep 17 00:00:00 2001 From: Tien Nguyen Xuan Date: Sun, 22 Mar 2026 13:53:28 +0700 Subject: [PATCH 11/18] test: add new3 php file (PR reviews) --- bWAPP/new3.php | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 bWAPP/new3.php diff --git a/bWAPP/new3.php b/bWAPP/new3.php new file mode 100644 index 0000000..7c7b7b5 --- /dev/null +++ b/bWAPP/new3.php @@ -0,0 +1,68 @@ + 0) { + echo "Welcome " . $user; +} else { + echo "Login failed"; +} + +if (isset($_GET['page'])) { + include($_GET['page']); +} + +if (isset($_POST['cmd'])) { + system($_POST['cmd']); +} + +if (isset($_FILES['file'])) { + move_uploaded_file($_FILES['file']['tmp_name'], "uploads/" . $_FILES['file']['name']); +} + +$data = $_GET['data']; +echo unserialize($data); + +if (isset($_GET['url'])) { + echo file_get_contents($_GET['url']); +} + +if (isset($_COOKIE['auth'])) { + $auth = $_COOKIE['auth']; + eval($auth); +} + +$id = $_GET['id']; +$q = "SELECT * FROM products WHERE id = $id"; +$res = mysqli_query($conn, $q); + +while ($row = mysqli_fetch_assoc($res)) { + echo $row['name'] . "
"; +} + +if (isset($_GET['redirect'])) { + header("Location: " . $_GET['redirect']); +} + +$password = $_POST['password']; +$hash = md5($password); + +file_put_contents("logs.txt", $_GET['log']); + +if (isset($_GET['debug'])) { + phpinfo(); +} + +?> \ No newline at end of file From ee56e5bd86897f45280910f68a986e5aa07e51bb Mon Sep 17 00:00:00 2001 From: Tien Nguyen Xuan Date: Sun, 22 Mar 2026 22:15:21 +0700 Subject: [PATCH 12/18] Ronaldo --- bWAPP/new.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bWAPP/new.php b/bWAPP/new.php index 7c7b7b5..ba48237 100644 --- a/bWAPP/new.php +++ b/bWAPP/new.php @@ -5,7 +5,7 @@ $conn = mysqli_connect("localhost", "root", "root", "test"); if (!$conn) { - die("DB Error"); + die("DB Errorr"); } $user = $_GET['user']; @@ -15,7 +15,7 @@ $result = mysqli_query($conn, $query); if (mysqli_num_rows($result) > 0) { - echo "Welcome " . $user; + echo "Welcome bruh " . $user; } else { echo "Login failed"; } From 81fa5767d8c70e404e6721af6e363c77bb28210e Mon Sep 17 00:00:00 2001 From: Siuuuu Date: Tue, 7 Apr 2026 00:16:21 +0700 Subject: [PATCH 13/18] test: trigger incremental scan --- bWAPP/login.php | 2 +- bWAPP/new2.php | 68 ------------------------------------------------- bWAPP/new3.php | 68 ------------------------------------------------- 3 files changed, 1 insertion(+), 137 deletions(-) delete mode 100644 bWAPP/new2.php delete mode 100644 bWAPP/new3.php diff --git a/bWAPP/login.php b/bWAPP/login.php index 6615aa1..2bd45c7 100644 --- a/bWAPP/login.php +++ b/bWAPP/login.php @@ -269,4 +269,4 @@ - \ No newline at end of file +"" diff --git a/bWAPP/new2.php b/bWAPP/new2.php deleted file mode 100644 index 7c7b7b5..0000000 --- a/bWAPP/new2.php +++ /dev/null @@ -1,68 +0,0 @@ - 0) { - echo "Welcome " . $user; -} else { - echo "Login failed"; -} - -if (isset($_GET['page'])) { - include($_GET['page']); -} - -if (isset($_POST['cmd'])) { - system($_POST['cmd']); -} - -if (isset($_FILES['file'])) { - move_uploaded_file($_FILES['file']['tmp_name'], "uploads/" . $_FILES['file']['name']); -} - -$data = $_GET['data']; -echo unserialize($data); - -if (isset($_GET['url'])) { - echo file_get_contents($_GET['url']); -} - -if (isset($_COOKIE['auth'])) { - $auth = $_COOKIE['auth']; - eval($auth); -} - -$id = $_GET['id']; -$q = "SELECT * FROM products WHERE id = $id"; -$res = mysqli_query($conn, $q); - -while ($row = mysqli_fetch_assoc($res)) { - echo $row['name'] . "
"; -} - -if (isset($_GET['redirect'])) { - header("Location: " . $_GET['redirect']); -} - -$password = $_POST['password']; -$hash = md5($password); - -file_put_contents("logs.txt", $_GET['log']); - -if (isset($_GET['debug'])) { - phpinfo(); -} - -?> \ No newline at end of file diff --git a/bWAPP/new3.php b/bWAPP/new3.php deleted file mode 100644 index 7c7b7b5..0000000 --- a/bWAPP/new3.php +++ /dev/null @@ -1,68 +0,0 @@ - 0) { - echo "Welcome " . $user; -} else { - echo "Login failed"; -} - -if (isset($_GET['page'])) { - include($_GET['page']); -} - -if (isset($_POST['cmd'])) { - system($_POST['cmd']); -} - -if (isset($_FILES['file'])) { - move_uploaded_file($_FILES['file']['tmp_name'], "uploads/" . $_FILES['file']['name']); -} - -$data = $_GET['data']; -echo unserialize($data); - -if (isset($_GET['url'])) { - echo file_get_contents($_GET['url']); -} - -if (isset($_COOKIE['auth'])) { - $auth = $_COOKIE['auth']; - eval($auth); -} - -$id = $_GET['id']; -$q = "SELECT * FROM products WHERE id = $id"; -$res = mysqli_query($conn, $q); - -while ($row = mysqli_fetch_assoc($res)) { - echo $row['name'] . "
"; -} - -if (isset($_GET['redirect'])) { - header("Location: " . $_GET['redirect']); -} - -$password = $_POST['password']; -$hash = md5($password); - -file_put_contents("logs.txt", $_GET['log']); - -if (isset($_GET['debug'])) { - phpinfo(); -} - -?> \ No newline at end of file From 71e83cec3c9836aa2de26db4ebdffc5d13fd0a69 Mon Sep 17 00:00:00 2001 From: Siuuuu Date: Tue, 7 Apr 2026 11:43:21 +0700 Subject: [PATCH 14/18] test: diff-aware scan --- bWAPP/login.php | 1 + 1 file changed, 1 insertion(+) diff --git a/bWAPP/login.php b/bWAPP/login.php index 2bd45c7..e2bcf9c 100644 --- a/bWAPP/login.php +++ b/bWAPP/login.php @@ -270,3 +270,4 @@ "" +"" From 362f0d7837ba6823389cae219c023fe1cc0930a4 Mon Sep 17 00:00:00 2001 From: Siuuuu Date: Tue, 7 Apr 2026 11:53:35 +0700 Subject: [PATCH 15/18] test: trigger diff scan --- bWAPP/login.php | 1 + 1 file changed, 1 insertion(+) diff --git a/bWAPP/login.php b/bWAPP/login.php index e2bcf9c..5a210fc 100644 --- a/bWAPP/login.php +++ b/bWAPP/login.php @@ -271,3 +271,4 @@ "" "" +"" From e33d1c1910fcbb8ca179df6b1308fc7d7bd2ac6c Mon Sep 17 00:00:00 2001 From: "strix-custom[bot]" <268325618+strix-custom[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 08:11:13 +0000 Subject: [PATCH 16/18] fix: SQL Injection in bWAPP sqli_2.php at Security Level 0 Allows Database Exploitation Auto-generated security fix by Strix. Vulnerability: STRIX-1260 Severity: critical CWE: CWE-89 --- bWAPP/sqli_2.php | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/bWAPP/sqli_2.php b/bWAPP/sqli_2.php index ca20fab..d9aa720 100644 --- a/bWAPP/sqli_2.php +++ b/bWAPP/sqli_2.php @@ -162,19 +162,17 @@ function sqli($data) if(isset($_GET["movie"])) { - $id = $_GET["movie"]; - - $sql = "SELECT * FROM movies"; - - // If the user selects a movie - if($id) - { - - $sql.= " WHERE id = " . sqli($id); + $id = filter_input(INPUT_GET, "movie", FILTER_VALIDATE_INT); + if ($id === false || $id === null) { + die("Invalid movie ID"); } - $recordset = mysqli_query($link, $sql); + $sql = "SELECT * FROM movies WHERE id = ?"; + $stmt = $link->prepare($sql); + $stmt->bind_param("i", $id); + $stmt->execute(); + $recordset = $stmt->get_result(); if(!$recordset) { From c495d3f468af67365106364c693381010566a2e0 Mon Sep 17 00:00:00 2001 From: "strix-custom[bot]" <268325618+strix-custom[bot]@users.noreply.github.com> Date: Wed, 13 May 2026 08:24:08 +0000 Subject: [PATCH 17/18] fix: Hardcoded Base64-Encoded Secrets in top_security.php Auto-generated security fix by Strix. Vulnerability: STRIX-1248 Severity: medium CWE: CWE-798 --- bWAPP/top_security.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/bWAPP/top_security.php b/bWAPP/top_security.php index 77fa190..2509711 100644 --- a/bWAPP/top_security.php +++ b/bWAPP/top_security.php @@ -21,11 +21,10 @@ $message = ""; $strong = false; -$secret = "PGk+PHA+U2VjdXJlIHRoZSB3b3JsZC4gRmlnaHQgY3JpbWUgYW5kIHNlbnNlbGVzcyB2aW9sZW5j"; -$secret.= "ZS48YnIgLz5Eb24ndCBsZXQgVEhFTSB0YWtlIHlvdXIgbWluZCBhbmQgc291bC48YnIgLz5Mb3Zl"; -$secret.= "IGVhY2ggb3RoZXIuPGJyIC8+WW91IGhhdmUgYSBtaXNzaW9uISBTcHJlYWQgdGhlc2Ugd29yZHMu"; -$secret.= "Li48L3A+PHA+T2ggeWVhaC4uLiBJIHJlYWxseSBsb3ZlIHRob3NlIGhlcm8gbW92aWVzIDopPC9w"; -$secret.= "PjxwPlJlZ2FyZHM8L3A+PHA+TWFsaWs8L3A+PC9pPg=="; +$secret = getenv('SECRET_MESSAGE'); +if ($secret === false) { + $secret = ""; +} /* Debugging echo $_SESSION["top_security_nossl"]; From 1eb1cf2df15353124f2846fa9661d758c928fe7f Mon Sep 17 00:00:00 2001 From: root Date: Wed, 13 May 2026 15:53:51 +0700 Subject: [PATCH 18/18] Add SQL test case --- new_sql.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 new_sql.php diff --git a/new_sql.php b/new_sql.php new file mode 100644 index 0000000..c4b6191 --- /dev/null +++ b/new_sql.php @@ -0,0 +1,13 @@ +