GithubHelp home page GithubHelp logo

stitch's Introduction

PHP后台管理系统

一个娱乐向 PHP 单页面后台管理系统。我将其命名为:Stitch。

简介

学了几天PHP,写了个后台管理系统,实现了单文件对服务器、数据库的管理,前前后后花了大概两周半的时间。第一次也是最后一次写PHP,难免写出各种问题漏洞,随便看看就行,别太认真。

功能

本后台管理系统提供了管理员常用的功能。

思路

就那些思路

设计

本 PHP 后台管理系统采用了极简主义风格设计,页面简约大方,布局清晰有条理,包括了常见的图标、样式,符合用户习惯的同时带来了新鲜感受。

本来是想完全模仿管理后台的那种蓝色的风格,后来一想伙伴们天天看后台看都看吐了,还是换换口味吧。

兼容

兼容是不可能兼容的了,我的测试PHP版本是5.6.30,MySQL 5.6.35,用的语法有新有旧,但是一些特别旧的语法已经摒弃,浏览器 chrome,显示器15寸,服务器加客户机操作系统macOS Sierra 10.12.6,如果你的各方面出现问题的话。。。跟我有什么关系。

前端部分很多内容是按照我的浏览器及分辨率给的死属性,兼容性在高分辨率机器上及其他内核浏览器上可能变弱,但展示部分还是尽量做到了自适应,建议使用chrome浏览器并适当调整窗口大小以获得最好的观感。由于太穷了,买不起智能机,现在用的还是诺基亚1110,所以没有移动端的适配。

截图

首页:

image-20191025104223012

文件管理:

image-20191031234521174

命令执行:

image-20191025104144182

代码执行:

image-20191025222228570

端口扫描:

image-20191028092935675

数据库执行:

image-20191031234447737

LD_PRELOAD:

image-20191101103111125

消息提示:

image-20191029141145532

这里就不过多剧透了,有兴趣请自己下载尝试。

使用

密码为 YZVlYfiI ,是随机生成的字符串,用户名爱填啥填啥,不填都没人管你。

声明

本 PHP 后台管理系统仅用于学习过程中的一个简单产物,算是阶段性学习成果吧,纯技术学习,用于给跟我一样的 PHP 小白学习和参考。

仅用于 PHP 编程和学习和参考,请在下载后 24 小时内删除。

请勿用于其他任何行为,后果自负。

反馈

全部功能已经测试成功,但是各种BUG那是一定的,欢迎提 issues 或在博客文章下面留言,我尽量积极回复,然而更新肯定是不可能的了。

鸣谢

感谢前端巨佬 素依依 提供的前端支持。

stitch's People

Contributors

su18 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

ep113 boxhg huangyuan666 liumengxiang bloodandwolf djiangliu id-10086 02bx wang0098 mofisto chennqqi yogistudio natto97 tazkimi lzp9421 lordlight yizhimanpadewoniu bkfish log4she11 jaychouzzk elderhausen 5l1v3r1 alifeline bigv4 robinl1 menglingchen wangyang404 benathan 7hma3s dylanbai8 itoushirou cream-sec s1g0day afwu why17 yeshuibo eess123w klinklinklin mea0w ubnm 0xsb cgddgc taofuli8 czz1233 aels whoforget trytohack8 root26 z-bool mwb0350 b3nguang xbcai

stitch's Issues

File upload vulnerability

in the file stitch.php, on line number 1467. There is no file suffix filtering. You can upload PHP files. File upload vulnerability!

		$file_name = isset($_FILES['upfile']['name']) ? $_FILES['upfile']['name'] : "";
		$name      = isset($GLOBALS['_GET']['name']) ? Decrypt::run($GLOBALS['_GET']['name']) : "";

		$pp = urlencode(dirname($this->p));

		$result = <<<EOF
<script>
function utf16to8(str) {var out, i, len, c;out = "";len = str.length;for(i = 0; i < len; i++) {c = str.charCodeAt(i);if ((c >= 0x0001) && (c <= 0x007F)) {out += str.charAt(i);} else if (c > 0x07FF) {out += String.fromCharCode(0xE0 | ((c >> 12) & 0x0F));out += String.fromCharCode(0x80 | ((c >> 6) & 0x3F));out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F));} else {out += String.fromCharCode(0xC0 | ((c >> 6) & 0x1F));out += String.fromCharCode(0x80 | ((c >> 0) & 0x3F));}}return out;}
function utf8to16(str) {var out, i, len, c;var char2, char3;out = "";len = str.length;i = 0;while(i < len) {c = str.charCodeAt(i++);switch(c >> 4) {case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:out += str.charAt(i-1);break;case 12: case 13:char2 = str.charCodeAt(i++);out += String.fromCharCode(((c & 0x1F) << 6) | (char2 & 0x3F));break;case 14:char2 = str.charCodeAt(i++);char3 = str.charCodeAt(i++);out += String.fromCharCode(((c & 0x0F) << 12) |((char2 & 0x3F) << 6) |((char3 & 0x3F) << 0));break;}}return out;}
function CheckDate(){var re = document.getElementById('mtime').value;var reg = /^\d{1,4}-\d{1,2}-\d{1,2} \d{1,2}:\d{1,2}:\d{1,2}$/;var r = re.match(reg);var t = document.getElementById('charset').value;t = t.toLowerCase();if(r==null){alert('日期格式不正确!格式:yyyy-mm-dd hh:mm:ss');return false;}else{document.getElementById('newfile').value = base64encode(document.getElementById('newfile').value);if(t=="utf-8"){document.getElementById('txt').value = base64encode(utf16to8(document.getElementById('txt').value));}if(t=="gbk" || t=="gb2312"){document.getElementById('txt').value = base64encode(utf16to8(document.getElementById('txt').value));}}document.getElementById('editor').submit();}
</script>
EOF;
		if (!empty($GLOBALS['_POST']['upload'])) {
			$message_name = $file_name . ' ' . $this->msg[2];
			$content      = @copy($_FILES['upfile']['tmp_name'] , str_replace('//' , '/' , $this->p . '/' . $file_name)) ? $message_name : $this->msg[3];
			$url          = "?action=wjdc&path=" . base64_encode($this->p);
			HtmlOutput::tips($content , $url);
		}

Security contact

Hello maintainer(s),

I am a security researcher from the Institute of Application Security at TU Braunschweig, Germany. We discovered a (potential) security vulnerability in your project.

We would like to report this vulnerability to you in a responsible and ethical manner.
Therefore, we do not want to disclose any details of the vulnerability publicly until you have had a chance to review and fix it.

Could you please let us know your prefered way of receiving security reports?

You can contact us at [email protected] or by replying to this issue.

Thank you for your attention and cooperation.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.