Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed XSS
Found By @hitisec
  • Loading branch information
znixbtw committed Jan 14, 2022
1 parent 16abe44 commit 19096f7
Show file tree
Hide file tree
Showing 7 changed files with 36 additions and 36 deletions.
20 changes: 10 additions & 10 deletions admin/cheat.php
Expand Up @@ -16,21 +16,21 @@
Util::head('Admin Panel');
Util::navbar();

// if post request
// if post request
if ($_SERVER['REQUEST_METHOD'] === 'POST') {


if (isset($_POST["cheatStatus"])) {
$admin->setCheatStatus();
$admin->setCheatStatus();
}

if (isset($_POST["cheatMaint"])) {
$admin->setCheatMaint();
$admin->setCheatMaint();
}

if (isset($_POST["cheatVersion"])) {
$ver = floatval($_POST['version']);
$admin->setCheatVersion($ver);
$admin->setCheatVersion($ver);
}

header("location: cheat.php");
Expand Down Expand Up @@ -92,29 +92,29 @@
<div class="col-12 mt-3">
<div class="rounded p-3 mb-3">

<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">

<button name="cheatStatus" type="submit" class="btn btn-outline-primary btn-sm">
SET detected+-
</button>

<button name="cheatMaint" type="submit" class="btn btn-outline-primary btn-sm">
SET maintenance+-
</button>

</form>

<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">
<div class="form-row mt-1">
<div class="col">
<input type="text" class="form-control form-control-sm" placeholder="Version" name="version" required>
</div>

<div class="col">
<button class="btn btn-outline-primary btn-sm" name="cheatVersion" type="submit" value="submit">Update</button>
</div>
</div>

</form>

</div>
Expand Down
8 changes: 4 additions & 4 deletions admin/invites.php
Expand Up @@ -16,12 +16,12 @@
Util::head('Admin Panel');
Util::navbar();

// if post request
// if post request
if ($_SERVER['REQUEST_METHOD'] === 'POST') {


if (isset($_POST["genInv"])) {
$admin->getInvCodeGen($username);
$admin->getInvCodeGen($username);
}

header("location: invites.php");
Expand All @@ -37,8 +37,8 @@
<div class="col-12 mt-3">
<div class="rounded p-3 mb-3">

<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">

<button name="genInv" type="submit" class="btn btn-outline-primary btn-sm">
Gen Inv
</button>
Expand Down
8 changes: 4 additions & 4 deletions admin/sub.php
Expand Up @@ -16,12 +16,12 @@
Util::head('Admin Panel');
Util::navbar();

// if post request
// if post request
if ($_SERVER['REQUEST_METHOD'] === 'POST') {


if (isset($_POST["genSub"])) {
$admin->getSubCodeGen($username);
$admin->getSubCodeGen($username);
}

header("location: sub.php");
Expand All @@ -37,8 +37,8 @@
<div class="col-12 mt-3">
<div class="rounded p-3 mb-3">

<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">

<button name="genSub" type="submit" class="btn btn-outline-primary btn-sm">
Gen Subscription code
</button>
Expand Down
20 changes: 10 additions & 10 deletions admin/users.php
Expand Up @@ -16,22 +16,22 @@
Util::head('Admin Panel');
Util::navbar();

// if post request
// if post request
if ($_SERVER['REQUEST_METHOD'] === 'POST') {

if (isset($_POST["resetHWID"])) {
if (isset($_POST["resetHWID"])) {
$rowUID = $_POST['resetHWID'];
$admin->resetHWID($rowUID);
$admin->resetHWID($rowUID);
}

if (isset($_POST["setBanned"])) {
if (isset($_POST["setBanned"])) {
$rowUID = $_POST['setBanned'];
$admin->setBanned($rowUID);
$admin->setBanned($rowUID);
}

if (isset($_POST["setAdmin"])) {
if (isset($_POST["setAdmin"])) {
$rowUID = $_POST['setAdmin'];
$admin->setAdmin($rowUID);
$admin->setAdmin($rowUID);
}

header("location: users.php");
Expand Down Expand Up @@ -93,8 +93,8 @@
</td>

<td>
<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">

<button value="<?php Util::display($row->uid); ?>" name="resetHWID" title="Reset HWID" data-toggle="tooltip" data-placement="top" class="btn btn-sm text-white" type="submit">
<i class="fas fa-microchip"></i>
</button>
Expand Down Expand Up @@ -124,6 +124,6 @@

<script>
$(document).ready(function(){
$('[data-toggle="tooltip"]').tooltip();
$('[data-toggle="tooltip"]').tooltip();
});
</script>
2 changes: 1 addition & 1 deletion login.php
Expand Up @@ -33,7 +33,7 @@

<h4 class="card-title text-center">Login</h4>

<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">

<div class="form-group">
<input type="text" class="form-control form-control-sm" placeholder="Username" name="username" required>
Expand Down
12 changes: 6 additions & 6 deletions profile.php
Expand Up @@ -53,7 +53,7 @@

<h4 class="card-title text-center">Update Password</h4>

<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">

<div class="form-group">
<input type="password" class="form-control form-control-sm" placeholder="Current Password" name="currentPassword" required>
Expand Down Expand Up @@ -94,11 +94,11 @@

Sub:
<p class="float-right mb-0">
<?php
if ($sub > 0) {
Util::display($sub . ' days');
<?php
if ($sub > 0) {
Util::display($sub . ' days');
} else {
Util::display('0 days');
Util::display('0 days');
} ?>
</p>

Expand All @@ -116,7 +116,7 @@

<h4 class="card-title text-center">Activate Sub</h4>

<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">

<div class="form-group">
<input type="password" class="form-control form-control-sm" placeholder="Subscription Code" name="subCode" required>
Expand Down
2 changes: 1 addition & 1 deletion register.php
Expand Up @@ -33,7 +33,7 @@

<h4 class="card-title text-center">Register</h4>

<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">

<div class="form-group">
<input type="text" class="form-control form-control-sm" placeholder="Username" name="username" minlength="3" required>
Expand Down

0 comments on commit 19096f7

Please sign in to comment.