znixbtw / php-panel-v1 Goto Github PK
View Code? Open in Web Editor NEW:wrench: User management panel written in php
License: MIT License
:wrench: User management panel written in php
License: MIT License
get_msgs.php work but in index.php shuotbox always clear
When I try to login with admin credentials the page just reloads.
Hello. Can you add some feautures?
You can find me in telegram @dinrise or discord DinRise#3507 and i can show my panel for you)
I installed the panel on the host, connected the database, I go to the site and there is always loading
give any loader
So i have changed the admin = 1 in sql but i still get "HTTP ERROR 403"
I found multiple possibles XSS vulnerabilities.
Login.php
If you put "><script>alert(1);</script>
in the username parameter you can execute scripts.
Register.php
If you put "><script>alert(1);</script>
in the password AND/OR confirm_password parameter you can execute scripts.
Im not sure how dangerous they are in that case, but you could fix them.
give me loader please for ur panel
-- Host: 127.0.0.1:3306
-- Generation Time: Aug 10, 2020 at 06:11 PM
-- Server version: 10.4.10-MariaDB
-- PHP Version: 7.4.0
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET AUTOCOMMIT = 0;
START TRANSACTION;
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT /;
/!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS /;
/!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION /;
/!40101 SET NAMES utf8mb4 */;
users
invites
DROP TABLE IF EXISTS invites
;
CREATE TABLE IF NOT EXISTS invites
(
uid
int(11) NOT NULL AUTO_INCREMENT,
code
varchar(255) NOT NULL,
used
int(1) NOT NULL DEFAULT 0,
PRIMARY KEY (uid
)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;
invites
INSERT INTO invites
(uid
, code
, used
) VALUES
(1, 'admin_acc_invite', 1);
service
DROP TABLE IF EXISTS service
;
CREATE TABLE IF NOT EXISTS service
(
status
int(1) NOT NULL DEFAULT 0,
version
int(1) NOT NULL DEFAULT 0,
maintenance
int(1) NOT NULL DEFAULT 0
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
service
INSERT INTO service
(status
, version
, maintenance
) VALUES
(0, 1, 0);
shoutbox
DROP TABLE IF EXISTS shoutbox
;
CREATE TABLE IF NOT EXISTS shoutbox
(
id
int(255) NOT NULL AUTO_INCREMENT,
user
varchar(255) NOT NULL,
msg
varchar(255) NOT NULL,
time
timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (id
)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
users
DROP TABLE IF EXISTS users
;
CREATE TABLE IF NOT EXISTS users
(
id
int(11) NOT NULL AUTO_INCREMENT,
username
varchar(50) NOT NULL,
password
varchar(255) NOT NULL,
admin
int(1) NOT NULL DEFAULT 0,
hwid
varchar(255) DEFAULT NULL,
active
int(1) NOT NULL DEFAULT 0,
banned
int(1) NOT NULL DEFAULT 0,
created_at
timestamp DEFAULT CURRENT_TIMESTAMP,
inject
varchar(255) DEFAULT NULL,
ip
varchar(255) DEFAULT NULL,
PRIMARY KEY (id
),
UNIQUE KEY username
(username
),
UNIQUE KEY hwid
(hwid
)
) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;
users
INSERT INTO users
(id
, username
, password
, admin
, hwid
, active
, banned
, created_at
, inject
, ip
) VALUES
(1, 'admin', '$2y$10$OUK4tSrF3aa3Qm0D/1TcU.iPq5Ptvzik3/OBaMcSSLiUqPOcuOTGy', 1, NULL, 0, 0, '2020-08-10 23:38:23', NULL, NULL);
COMMIT;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT /;
/!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS /;
/!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
`
If you enter a '
in the Invite code field you get an error:
Warning
: mysqli_fetch_all() expects parameter 1 to be mysqli_result, bool given in
C:\xampp\www\register.php
on line
81
Warning
: mysqli_fetch_array() expects parameter 1 to be mysqli_result, bool given in
C:\xampp\www\register.php
on line
83
In general i think you have pretty clean and easy to read code but everytime you used SQL it looks kinda meh.
I would suggest you to use Prepared Statements instead. You also dont need to care about SQL injections if you use it.
https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.