Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $(".login").click(function(){
- var type = "login";
- var login = $(".btc-login").val();
- if(login=="" || login==null || login==undefined){
- alert("Please put your Bitcoin wallet for login/register");
- return;
- }
- var values = "type="+type+"&login="+login+"&tr="+getCookie("tr");
- $.ajax({
- url: "ajax.php",
- type: "post",
- data: values,
- success: function (response){
- // you will get response from your php page (what you echo or print)
- if(response=="success"){
- window.location.href = "account.php";
- }else if(response=="login"){
- window.location.href = "account.php";
- }else{
- alert(response);
- }
- },
- error: function(jqXHR, textStatus, errorThrown){
- alert(textStatus, errorThrown);
- }
- });
- });
- $servername = "localhost";
- $username = "root";
- $password = "";
- $dbname = "qwe";
- try{
- $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
- // set the PDO error mode to exception
- $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
- //echo "Connected successfully";
- }catch(PDOException $e){
- //echo "Connection failed: " . $e->getMessage();
- }
- $type = $_POST['type'];
- if($type=="login"){
- $login = trim($_POST['login']);
- $BTC = new Btc_address_validator();
- if(!$BTC->validate($login)){
- exit("Invalid bitcoin address");
- }
- $tr = $_POST['tr'];
- if($tr!="undefined" && $tr!=""){
- if(!$BTC->validate($tr)){
- exit("Invalid affiliate bitcoin address");
- }
- }
- $register_time = date("Y-m-d H:i:s");
- $total_deposits = 0.00000000;
- $total_deposited = 0.00000000;
- $total_paid = 0.00000000;
- $stmt1 = $conn->prepare("SELECT * FROM qweqw WHERE login=?");
- $stmt1->bindParam(1, $login, PDO::PARAM_INT);
- $stmt1->execute();
- $row = $stmt1->fetch(PDO::FETCH_ASSOC);
- if(!$row){
- //register & login
- $sql = "INSERT INTO eldoradiki(login,tr,total_deposits,total_deposited,total_paid,register_time) VALUES
- (:login,:tr,:total_deposits,:total_deposited,:total_paid,:register_time)";
- $stmt = $conn->prepare($sql);
- $stmt->bindParam(':login', $login, PDO::PARAM_STR);
- $stmt->bindParam(':tr', $tr, PDO::PARAM_STR);
- $stmt->bindParam(':total_deposits', $total_deposits, PDO::PARAM_STR);
- $stmt->bindParam(':total_deposited', $total_deposited, PDO::PARAM_STR);
- $stmt->bindParam(':total_paid', $total_paid, PDO::PARAM_STR);
- $stmt->bindParam(':register_time', $register_time, PDO::PARAM_STR);
- if($stmt->execute()){
- exit("success");
- }else{
- exit("fail");
- }
- }else{
- $_SESSION['login'] = $login;
- //login
- exit("login");
- }
- robot@kali:~$ nikto -h https://ban***.club/
- - Nikto v2.1.6
- ---------------------------------------------------------------------------
- + Target IP: 31.170.165.49
- + Target Hostname: bancobit.club
- + Target Port: 443
- ---------------------------------------------------------------------------
- + SSL Info: Subject: /OU=Domain Control Validated/OU=PositiveSSL/CN=ban****.club
- Ciphers: ECDHE-RSA-AES256-GCM-SHA384
- Issuer: /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
- + Start Time: 2017-05-18 14:50:48 (GMT3)
- ---------------------------------------------------------------------------
- + Server: openresty
- + Retrieved x-powered-by header: PHP/7.0.19
- + The anti-clickjacking X-Frame-Options header is not present.
- + The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
- + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
- + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
- + Cookie PHPSESSID created without the secure flag
- + Cookie PHPSESSID created without the httponly flag
- + No CGI Directories found (use '-C all' to force check all possible dirs)
- + Server leaks inodes via ETags, header found with file /ban****.tar, fields: 0x58be8093 0x97c
- + The Content-Encoding header is set to "deflate" this may mean that the server is vulnerable to the BREACH attack.
- + Web Server returns a valid response with junk HTTP methods, this may cause false positives.
- + OSVDB-3092: /test.txt: This might be interesting...
- + OSVDB-3268: /images/: Directory indexing found.
- + OSVDB-3268: /images/?pattern=/etc/*&sort=name: Directory indexing found.
- + /login.php: Admin login page/section found.
- + 7446 requests: 0 error(s) and 14 item(s) reported on remote host
- + End Time: 2017-05-18 15:29:27 (GMT3) (2319 seconds)
- ---------------------------------------------------------------------------
- + 1 host(s) tested
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement