i try your project and it is amazing easy. it is very useful to start simple projects and can be extended easly

see picture
https://i.ibb.co/mbcWYNK/select-area-20201011213238.png

Affected software : php-mysql-admin-panel-generator

Version : N/A

Type of vulnerability : XSS (Cross-Site Scripting)

Author : s7safe

Description:
php-mysql-admin-panel-generator is susceptible to cross-site scripting attacks, allowing malicious users to inject code into web pages, and other users will be affected when viewing web pages .

login the system

PoC :
turn to http://192.168.146.130/generated/mysql2022-03-26_02-49/edit-db.php?act=%22%3E%3CScRiPt%3Ealert(%22xss%22)%3C%2FsCrIpT%3E

payload:"><ScRiPt>alert("xss")<%2FsCrIpT>

Successful

Reason:
Failure to filter or escape special characters leads to vulnerabilities

How to fix :
escape special characters or filter it .

by s7safe

when i click the next button nothing works......fix the issue mate

Hi,
Is there an option for uploading pictures?

Installed thisscripts on my shared-hosting for testing and i find not worked button. I added db user or pass or host, but does not continue further

Affected software : php-mysql-admin-panel-generator

Version : N/A

Type of vulnerability : XSS (Cross-Site Scripting)

Author : Noth

Description:
php-mysql-admin-panel-generator is susceptible to cross-site scripting attacks, allowing malicious users to inject code into web pages, and other users will be affected when viewing web pages .

PoC :

1. login the system
   

2. turn to http://127.0.0.1/php-mysql-admin-panel-generator-master/generated/noth2020-09-06_19-37/edit-users.php?act=add
   Type XSS payload : <svg/onload=alert(1)>
   

3. Successful
   

Reason:
Failure to filter or escape special characters leads to vulnerabilities

How to fix :
escape special characters or filter it .

by Noth

Upon generating the files, it converts table names to lower case, so for example a table names "Menu" is converted in the php files as "menu" and it creates errors.

It should show upload option, like original ckeditor is showing , so users can upload images from local computer .

When I use PHP version 7.1 and above, I don't get the table data shown in the panel, only the number of entries. Any plans for PHP 7.1 support?

Hi

After generating the admin-pages and trying to log in with admin/admin, the login.php page stays blank and nothing happens. Tried in several browsers.
Any ideas?
Thanks
Dev

i have fixed the issue, by adding

//beginning of file
ob_start();

//end of file
ob_end_flush();

Adjust handler.php
from line 114:

		$save = "<?php
		include(\"includes/connect.php\");

		$"."cat = $"."_POST['cat'];
		$"."cat_get = $"."_GET['cat'];
		$"."act = $"."_POST['act'];
		$"."act_get = $"."_GET['act'];
		$"."id = $"."_POST['id'];
		$"."id_get = $"."_GET['id'];

		";

to

		$save = "<?php
		include(\"includes/connect.php\");

		$"."cat = \"\";
		if(isset($"."_POST['cat'])){
			$"."cat=$"."_POST['cat'];
		}		
		
		$"."cat_get = \"\";
		if(isset($"."_GET['cat'])){
			$"."cat_get=$"."_GET['cat'];
		}	

		$"."act = \"\";
		if(isset($"."_POST['act'])){
			$"."act=$"."_POST['act'];
		}	

		$"."act_get = \"\";
		if(isset($"."_GET['act'])){
			$"."act_get=$"."_GET['act'];
		}	

		$"."id = \"\";
		if(isset($"."_POST['id'])){
			$"."id=$"."_POST['id'];
		}	

		$"."id_get = \"\";
		if(isset($"."_GET['id'])){
			$"."id_get=$"."_GET['id'];
		}

		";

I have managed to run it and let it create a folder with the php files after pressing on Generating Admin Panel. However, I see the files created, only the index.html in the Generated folder is blank. I also dont get the Admin Panel °Finished page. It stays on the Available Databases page, although it generates the files.

Then upon entering the address to the generated panel monually I get:

( ! ) Notice: Undefined index: auth in /home/swtchme/public_html/neairaklitsa/panel/generated/swtchme_NeaIraklitsa2019-09-18_18-28/index.php on line 3
--

I tried with PHP5 and PHP7, same result.

For some reason, md5() doesn't work for me.