Update test-bed scripts

- Add php5 et php7 to test-bed scripts
- Add issue template to Github

.github/issue_template.md

@@ -0,0 +1,13 @@
+## What's the expected behavior?
+
+## And what's the actual behavior?
+
+## Any detailed information about the Issue?
+
+## Steps to reproduce the behavior
+
+  1. ...
+  2. ...
+
+## [Community] Any request for a new feature?
+

README.md

@@ -30,7 +30,22 @@ Install [Java 8](http://java.com), then download the latest [release](https://gi
 You can also type `java -jar jsql-injection-v0.81.jar` in your terminal to start the program.<br>
 If you are using Kali Linux then get the latest release using command `sudo apt-get -f install jsql`, or make a system full upgrade with `apt update` then `apt full-upgrade`.
 
-## Screenshots and [video](https://youtu.be/ZZkQRE3OL8E)
+## [[Test-bed scripts](https://github.com/ron190/jsql-injection/tree/master/web/test-bed)]
+Use the sample scripts to test injection on a local environment. First install a development environment like [EasyPHP](http://www.easyphp.org), then download the test-bed PHP scripts and place them into `www/`.
+```php
+<?php
+# http://127.0.0.1/mysql/strategy/get-normal.php?id=0
+
+$link = mysqli_connect('localhost', 'root', '', 'my_database');
+
+$result = $link->query("SELECT col1, col2 FROM my_table where id=$_GET[id]");
+
+while ($row = $result->fetch_array($result, MYSQLI_NUM))
+    echo join(',', $row);
+```
+
+
+## Screenshots and [[video](https://youtu.be/ZZkQRE3OL8E)]
 [![Default](https://github.com/ron190/jsql-injection/raw/master/web/images/v0.75/default-mini.png "Default")](https://github.com/ron190/jsql-injection/raw/master/web/images/v0.75/default.png)
 [![Database](https://github.com/ron190/jsql-injection/raw/master/web/images/v0.75/database-mini.png "Database")](https://github.com/ron190/jsql-injection/raw/master/web/images/v0.75/database.png)
 [![SQL Engine](https://github.com/ron190/jsql-injection/raw/master/web/images/v0.78/sqlengine-mini.png "SQL Engine")](https://github.com/ron190/jsql-injection/raw/master/web/images/v0.78/sqlengine.png)
@@ -44,14 +59,14 @@ If you are using Kali Linux then get the latest release using command `sudo apt-
 [![Bruteforce](https://github.com/ron190/jsql-injection/raw/master/web/images/v0.75/bruter-mini.png "Bruteforce")](https://github.com/ron190/jsql-injection/raw/master/web/images/v0.75/bruter.png)
 [![Coder](https://github.com/ron190/jsql-injection/raw/master/web/images/v0.75/coder-mini.png "Coder")](https://github.com/ron190/jsql-injection/raw/master/web/images/v0.75/coder.png)
 
-## Roadmap
-`Burp integration, Crawler, Database: Netezza, Test coverage with Jacoco, Integration test with Docker and JPA Hibernate Jooq, Reactive programming with RxJava, Maven Central: core swing cli, Full Path Disclosure, Injection strategies: DIOS RoutedQuery OOB, Bruteforce HTTP Auth using NTLM, Arabic translation, Command line interface, Dictionnary attack, WAF detection, Program self-updater.`
+## [[Roadmap](https://github.com/ron190/jsql-injection/projects)]
+`Burp integration, Crawler, Database: Netezza, Full Path Disclosure, Injection strategies: DIOS RoutedQuery OOB, Dictionnary attack, WAF detection.`
 
 ## In progress
 `Tampering.`
 
-## Since last release
-`Shared test-bed, SOAP injection, Fix multi-params injection, Fix adding items to Scan list, Fix translation dialog`
+## Since latest release
+`Test-bed scripts for php5 and php7 shared on Github, SOAP injection, Fix multi-params injection, Fix adding items to Scan list, Fix translation dialog`
 
 ## Change log
 

web/services/jsql-injection.json

@@ -4,7 +4,7 @@
         "[Release v0.81] Test all parameters, Parse forms and Csrf tokens, Databases: CockroachDB Mckoi Neo4j NuoDB Hana and Vertica, Translation complete: Russian Chinese French.",
         "[Roadmap] Burp integration, Crawler, Dump to a file, Full Path Disclosure, WAF detection.",
         "[In progress] Tampering.",
-        "[Done] Shared test-bed, SOAP injection, Fix multi-params injection, Fix adding items to Scan list, Fix translation dialog.",
+        "[Done] Test-bed scripts for php5 and php7 shared on Github, SOAP injection, Fix multi-params injection, Fix adding items to Scan list, Fix translation dialog.",
         "[Feature] Help the community and translate jSQL into your language. Click on the top right button to show the advanced settings and open menu Community, choose a language using 'I help translate jSQL' and translate some text then click on Send. Your translation will be integrated to the next release by the developer."
     ]
 }

web/test-bed/mysql/method/get.php → web/test-bed/mysql/php5/method/get.php

@@ -1,11 +1,11 @@
 <?php 
 # http://127.0.0.1/mysql/method/get.php?id=1
 
-mysql_connect("127.0.0.1", "login", "password");
+mysql_connect('127.0.0.1', 'login', 'password');
 
-mysql_select_db("my_database");
+mysql_select_db('my_database');
 
 $result = mysql_query("SELECT col1, col2 FROM my_table where id={$_GET['id']}");
 
 while ($row = mysql_fetch_array($result, MYSQL_NUM))
-    echo join(',',$row);
+    echo join(',', $row);

web/test-bed/mysql/method/header-cookie.php → web/test-bed/mysql/php5/method/header-cookie.php

@@ -3,9 +3,9 @@
 # Choose method Header
 # Header value => Cookie: id=1
 
-mysql_connect("127.0.0.1", "login", "password");
+mysql_connect('127.0.0.1', 'login', 'password');
 
-mysql_select_db("my_database");
+mysql_select_db('my_database');
 
 $result = mysql_query("SELECT col1, col2 FROM my_table where id={$_COOKIE['id']}");
 

web/test-bed/mysql/method/header.php → web/test-bed/mysql/php5/method/header.php

@@ -3,9 +3,9 @@
 # Choose method Header
 # Header value => id: 1
 
-mysql_connect("127.0.0.1", "login", "password");
+mysql_connect('127.0.0.1', 'login', 'password');
 
-mysql_select_db("my_database");
+mysql_select_db('my_database');
 
 $result = mysql_query("SELECT col1, col2 FROM my_table where id={$_SERVER['HTTP_ID']}");
 

web/test-bed/mysql/method/request-post.php → web/test-bed/mysql/php5/method/request-post.php

@@ -3,11 +3,11 @@
 # Choose method Request: POST
 # Request value => id=1
 
-mysql_connect("127.0.0.1", "login", "password");
+mysql_connect('127.0.0.1', 'login', 'password');
 
-mysql_select_db("my_database");
+mysql_select_db('my_database');
 
 $result = mysql_query("SELECT col1, col2 FROM my_table where id={$_POST['id']}");
 
 while ($row = mysql_fetch_array($result, MYSQL_NUM))
-    echo join(',',$row);
+    echo join(',', $row);

web/test-bed/mysql/preference/get-csrf.php → web/test-bed/mysql/php5/preference/get-csrf.php

@@ -7,19 +7,20 @@
 if (!isset($_SESSION['csrf_token'])) {
     $_SESSION['csrf_token'] = base64_encode(substr(str_shuffle(MD5(microtime())), 0, 10));
 }
+
 session_write_close();
 ?>
 
 <input name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>" />
 
 <?php
-echo 'Session csrf_token', $_SESSION['csrf_token'], "<br/>";
+echo "Session csrf_token $_SESSION[csrf_token]<br/>";
 
 if (isset($_SERVER['HTTP_CSRF_TOKEN']))
-    echo 'Header HTTP_CSRF_TOKEN:',$_SERVER['HTTP_CSRF_TOKEN'], "<br/>";
+    echo "Header HTTP_CSRF_TOKEN: $_SERVER[HTTP_CSRF_TOKEN]<br/>";
 
 if (isset($_GET['csrf_token']))
-    echo 'Get csrf_token:',$_GET['csrf_token'], "<br/>";
+    echo "Get csrf_token: $_GET[csrf_token]<br/>";
 
 // Check a POST is valid.
 if (isset($_POST['csrf_token']) && $_POST['csrf_token'] === $_SESSION['csrf_token']) {
@@ -28,11 +29,11 @@
     exit();
 }
 
-mysql_connect("127.0.0.1", "login", "password");
+mysql_connect('127.0.0.1', 'login', 'password');
 
-mysql_select_db("my_database");
+mysql_select_db('my_database');
 
 $result = mysql_query("SELECT col1, col2 FROM my_table where id=$_GET[id]");
 
 while ($row = mysql_fetch_array($result, MYSQL_NUM))
-    echo join(',',$row);
+    echo join(',', $row);

web/test-bed/mysql/preference/get-ignore-http-error.php → web/test-bed/mysql/php5/preference/get-ignore-http-error.php

@@ -2,13 +2,13 @@
 # http://127.0.0.1/mysql/preference/get-ignore-http-error.php?id=1
 # Open Preferences and choose option 'Disable initial connection test'
 
-header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
+header("$_SERVER[SERVER_PROTOCOL] 500 Internal Server Error", true, 500);
 
-mysql_connect("127.0.0.1", "login", "password");
+mysql_connect('127.0.0.1', 'login', 'password');
 
-mysql_select_db("my_database");
+mysql_select_db('my_database');
 
 $result = mysql_query("SELECT col1, col2 FROM my_table where id=$_GET[id]");
 
 while ($row = mysql_fetch_array($result, MYSQL_NUM))
-    echo join(',',$row);
+    echo join(',', $row);

web/test-bed/mysql/preference/get-json.php → web/test-bed/mysql/php5/preference/get-json.php

@@ -4,11 +4,11 @@
 
 $json = json_decode($_GET['n']);
 
-mysql_connect("127.0.0.1", "login", "password");
+mysql_connect('127.0.0.1', 'login', 'password');
 
-mysql_select_db("my_database");
+mysql_select_db('my_database');
 
 $result = mysql_query("SELECT col1, col2 FROM my_table where id={$json[2]->id}");
 
 while ($row = mysql_fetch_array($result, MYSQL_NUM))
-    echo join(',',$row);
+    echo join(',', $row);

web/test-bed/mysql/preference/get-parse-html-form.php → web/test-bed/mysql/php5/preference/get-parse-html-form.php

@@ -15,15 +15,15 @@
 
 <?php
 if (!isset($_GET['a']) && !isset($_POST['b'])) {
-    header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500);
+    header("$_SERVER[SERVER_PROTOCOL] 500 Internal Server Error", true, 500);
     exit();
 }
 
-mysql_connect("127.0.0.1", "login", "password");
+mysql_connect('127.0.0.1', 'login', 'password');
 
-mysql_select_db("test");
+mysql_select_db('my_database');
 
 $result = mysql_query("SELECT col1, col2 FROM my_table where id=$_GET[id]");
 
 while ($row = mysql_fetch_array($result, MYSQL_NUM))
-    echo join(',',$row);
+    echo join(',', $row);

web/test-bed/mysql/preference/redirection/destination.php → web/test-bed/mysql/php5/preference/redirection/destination.php

@@ -2,11 +2,11 @@
 # Called by http://127.0.0.1/mysql/preference/redirection/source.php?id=1
 # Open Preferences and choose option 'Follow HTTP redirection'
 
-mysql_connect("127.0.0.1", "login", "password");
+mysql_connect('127.0.0.1', 'login', 'password');
 
-mysql_select_db("my_database");
+mysql_select_db('my_database');
 
 $result = mysql_query("SELECT col1, col2 FROM my_table where id=$_GET[id]");
 
 while ($row = mysql_fetch_array($result, MYSQL_NUM))
-    echo join(',',$row);
+    echo join(',', $row);

web/test-bed/mysql/php5/preference/redirection/source.php

@@ -0,0 +1,6 @@
+<?php 
+# http://127.0.0.1/mysql/preference/redirection/source.php?id=1
+# Open Preferences and choose option 'Follow HTTP redirection'
+
+header("Location: destination.php?$_SERVER[QUERY_STRING]");
+exit();

web/test-bed/mysql/php5/preference/soap/client.php

@@ -0,0 +1,31 @@
+<?php
+# Do not use
+# Only a test client
+
+$client = new SoapClient(
+	"definition.wsdl",
+	array(
+	    "trace"      => 1,
+	    "exceptions" => 0
+	)
+);
+
+try {
+    echo "\n";
+    print($client->getParameters("version"));
+    echo "\n<br>";
+    print "<span style=width:1024px>\n";
+    print "Request :\n".htmlspecialchars($client->__getLastRequest()) ."\n<br>";
+    print "Response:\n".htmlspecialchars($client->__getLastResponse())."\n<br>";
+    print "</span><br><br>";
+
+    print($client->getParameters("version_comment"));
+    echo "\n\n<br>";
+
+    print "<span style=width:1024px>\n";
+    print "Request :\n".htmlspecialchars($client->__getLastRequest()) ."\n<br>";
+    print "Response:\n".htmlspecialchars($client->__getLastResponse())."\n<br>";
+    print "</span>";
+} catch (SoapFault $exception) {
+    echo $exception;
+}

web/test-bed/mysql/preference/soap/server.php → web/test-bed/mysql/php5/preference/soap/server.php

@@ -1,5 +1,6 @@
 <?php
 # http://127.0.0.1/mysql/preference/soap/server.php
+# Activate extension=php_soap.dll in php.ini
 # Choose method Request: POST
 /* 
 # Request value => <?xml version="1.0" encoding="UTF-8" standalone="no"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="urn:mySqlParms" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><SOAP-ENV:Body><ns1:getParameters><_param xsi:type="xsd:string">0</_param></ns1:getParameters></SOAP-ENV:Body></SOAP-ENV:Envelope>
@@ -9,21 +10,21 @@
 function getParameters($parm) {
     $returnedValue = "";
 
-    $link = mysql_connect("127.0.0.1", "login", "password");
+    $link = mysql_connect('127.0.0.1', 'login', 'password');
 
     mysql_set_charset('utf8', $link);
 
-    mysql_select_db("my_database");    
+    mysql_select_db('my_database');    
 
     $rsc = mysql_query("SELECT col1, col2 FROM my_table where id=$parm");
 
     while ($row = mysql_fetch_array($rsc, MYSQL_NUM))
-        $returnedValue .= join(',',$row);
+        $returnedValue .= join(',', $row);
 
     return ($returnedValue);
 }
 
-ini_set("soap.wsdl_cache_enabled", "0"); // désactivation du cache WSDL
+ini_set("soap.wsdl_cache_enabled", "0"); // disable WSDL cache
 
 $server = new SoapServer("definition.wsdl");
 $server->addFunction("getParameters");

web/test-bed/mysql/special/big5.php → web/test-bed/mysql/php5/special/big5.php

@@ -9,13 +9,13 @@
 
 header('Content-Type: text/html; charset=GBK');
 
-$link = mysql_connect("127.0.0.1", "login", "password");
+$link = mysql_connect('127.0.0.1', 'login', 'password');
 
 mysql_set_charset('big5', $link);
 
-mysql_select_db("my_database");
+mysql_select_db('my_database');
 
 $result = mysql_query("SELECT col1, col2 FROM my_table where id=((\"". addslashes($_GET['id']) ."\"))");
 
 while ($row = mysql_fetch_array($result, MYSQL_NUM))
-    echo join(',',$row);
+    echo join(',', $row);

web/test-bed/mysql/php5/special/in-url/.htaccess

@@ -0,0 +1,8 @@
+# put this file in the root folder of web server, usually www/
+
+RewriteEngine On
+
+RewriteRule ^mysql/special/in-url/(.*)/url-rewriting.php /mysql/special/in-url/url-rewriting.php
+
+# Call a URL like http://127.0.0.1/mysql/special/in-url/inject-sql-here/url-rewriting.php
+# Currently you need to define at least one QueryString parameter: http://127.0.0.1/mysql/special/in-url/1*/url-rewriting.php?fake-param=whatever

web/test-bed/mysql/php5/special/in-url/url-rewriting.php

@@ -0,0 +1,15 @@
+<?php
+# http://127.0.0.1/mysql/special/in-url/1*/url-rewriting.php?fake-param=whatever
+
+$url = explode('/', $_SERVER['REQUEST_URI']);
+
+$urldecode = urldecode($url[2]);
+
+mysql_connect('127.0.0.1', 'login', 'password');
+
+mysql_select_db('my_database');
+
+$result = mysql_query("SELECT col1, col2 FROM my_table where id=$urldecode");
+
+while ($row = mysql_fetch_array($result, MYSQL_NUM))
+    echo join(',', $row);

web/test-bed/mysql/strategy/get-all.php → web/test-bed/mysql/php5/strategy/get-all.php

@@ -1,24 +1,25 @@
 <?php
 # http://127.0.0.1/mysql/strategy/get-all.php?id=1*
 
-mysql_connect("127.0.0.1", "login", "password");
+mysql_connect('127.0.0.1', 'login', 'password');
 
-mysql_select_db("my_database");
+mysql_select_db('my_database');
 
 $result = mysql_query("SELECT col1, col2 FROM my_table where id=$_GET[id]") # time
-or die("Could not connect: ". mysql_error()); # error
+or die(mysql_error()); # error
 
 echo rand();
 ?> A <?php
 
-# blind
 if (mysql_num_rows($result) != 0)
-    echo ".";
+	# blind
+    echo '.';
 
 ?> B <?php
 
 while ($row = mysql_fetch_array($result, MYSQL_NUM))
     # normal
-    echo join(',',$row);
+    echo join(',', $row);
 
-?> C <?php echo rand();
+?> C <?php
+echo rand();