Yavuzlar · boracicekk · Feb 12, 2024 · Feb 16, 2024 · Feb 20, 2024 · Mar 3, 2024
diff --git a/app/lab/api-hacking/api-1/Indexupdatepassword.php b/app/lab/api-hacking/api-1/Indexupdatepassword.php
@@ -0,0 +1,26 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title><?php echo $strings["updatePassword"] ?></title>
+    <link rel="stylesheet" href="style.css">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
+</head>
+<body>
+<div class="container" style="width: 500px; margin: 10% auto;">
+        <h2><?php echo $strings["updatePassword"] ?></h2>
+        <p><?php echo $strings["enterNewPassword"] ?></p>
+        <form action="updatepassword.php" method="POST">
+        <input type="hidden" name="username" value="<?php echo isset($_REQUEST['username']) ? $_REQUEST['username'] : 'default_username'; ?>">
+            <input type="text" name="newpassword" required><br>
+            <button type="submit"><?php echo $strings["updatePassword"] ?></button>
+        </form>
+    </div>
+    <script id="VLBar" title="<?= $strings["title"]; ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</body>
+</html>
diff --git a/app/lab/api-hacking/api-1/adminindex.php b/app/lab/api-hacking/api-1/adminindex.php
@@ -0,0 +1,30 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title><?php echo $strings["adminAccount"] ?></title>
+    <link rel="stylesheet" href="style.css">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
+</head>
+<body>
+<div class="container" style="width: 500px; margin: 10% auto;">
+        <h2><?php echo $strings["adminAccount"] ?></h2>
+        <p><?php echo $strings["adminLogin"] ?></p>
+        <p><?php echo $strings["welcomeSystem"] ?></p>
+        <div class="update-password">
+            <form action="Indexupdatepassword.php" method="POST">
+            <input type="hidden" name="username" value="admin">
+                <button type="submit"><?php echo $strings["updatePassword"] ?></button>
+            </form>
+            <a href="index.php" class="btn mt-3" style="background-color: #f00c3d;color: white; width:250px;"><?php echo $strings["logOut"] ?></a>
+        </div>
+    </div>
+    <script id="VLBar" title="<?= $strings["title"]; ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</body>
+</html>
+
diff --git a/app/lab/api-hacking/api-1/api.php b/app/lab/api-hacking/api-1/api.php
@@ -0,0 +1,67 @@
+<?php
+function readData() {
+    $data = file_get_contents('main1.json');
+    return json_decode($data, true);
+}
+
+function writeData($data) {
+    $jsonData = json_encode($data, JSON_PRETTY_PRINT);
+    file_put_contents('main1.json', $jsonData);
+}
+
+$method = $_SERVER['REQUEST_METHOD'];
+
+// GET
+if ($method === 'GET') {
+    $users = readData();
+    if ($users) {
+        echo json_encode($users);
+    } else {
+        echo "Kullanıcı bulunamadı.";
+    }
+}
+
+
+
+// POST
+if ($method === 'POST') {
+    parse_str(file_get_contents("php://input"), $data);
+    $username = $data['username'];
+    $newPassword = $data['newpassword'];
+    $users = readData();
+    $userFound = false;
+    foreach ($users as &$user) {
+        if ($user['username'] === $username) {
+            $user['password'] = $newPassword;
+            $userFound = true;
+            break;
+        }
+    }
+    if ($userFound) {
+        writeData($users);
+        header("Location: userFound.php");
+    } else {
+        echo "Kullanıcı bulunamadı. Kullanıcı adı: $username";
+    }
+}
+
+// DELETE
+if ($method === 'DELETE') {
+    parse_str(file_get_contents("php://input"), $data);
+    $username = $data['username'];
+    $users = readData();
+    $userFound = false;
+    foreach ($users as $key => $user) {
+        if ($user['username'] === $username) {
+            unset($users[$key]);
+            $userFound = true;
+            break;
+        }
+    }
+    if ($userFound) {
+        writeData($users);
+        echo "Kullanıcı başarıyla silindi.";
+    } else {
+        echo "Kullanıcı bulunamadı. Kullanıcı adı: $username";
+    }
+}
diff --git a/app/lab/api-hacking/api-1/en.ini b/app/lab/api-hacking/api-1/en.ini
@@ -0,0 +1,17 @@
+title="API Hacking"
+login="Login"
+username="Username:"
+password="Password:"
+defaultLogin="Default Login:"
+adminAccount="Admin Account"
+userAccount="User Account"
+adminLogin="Hello Admin."
+userLogin="Hello User Account."
+welcomeSystem="Welcome to System!"
+updatePassword="Update Password"
+enterNewPassword="Enter New Password:"
+reset="Reset"
+logOut="Log out"
+passwordUpdated="Password Updated"
+ SuccesfulPassword="Password successfully updated"
+ NewSuccesfulPassword="Your new password has been successfully updated."
diff --git a/app/lab/api-hacking/api-1/fr.ini b/app/lab/api-hacking/api-1/fr.ini
@@ -0,0 +1,17 @@
+title="Piratage de l'API"
+login="Connexion"
+username="Nom d'utilisateur"
+password="Mot de passe"
+defaultLogin="Connexion par défaut"
+adminAccount="Compte administratif"
+userAccount="User Account"
+adminLogin="Bonjour Utilisateur Admin"
+userLogin="Bonjour compte utilisateur."
+welcomeSystem="Bienvenue dans le système !"
+updatePassword="Mise à jour du mot de passe"
+enterNewPassword="Entrez votre nouveau mot de passe :"
+reset="réinitialiser"
+logOut="Sortie"
+passwordUpdated="Mise à jour du mot de passe"
+ SuccesfulPassword="Mise à jour du mot de passe réussie"
+ NewSuccesfulPassword="Votre nouveau mot de passe a été mis à jour avec succès."
diff --git a/app/lab/api-hacking/api-1/index.php b/app/lab/api-hacking/api-1/index.php
@@ -0,0 +1,35 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title><?php echo $strings["login"] ?></title>
+    <link rel="stylesheet" href="style.css">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
+</head>
+<body>
+    <div class="container" style="width:30%; margin-top: 5%;">
+        <h2><?php echo $strings["login"] ?></h2>
+        <form action="login.php" method="POST">
+            <div class="input-group">
+                <label for="username"><?php echo $strings["username"] ?></label>
+                <input type="text" id="username" name="username" required>
+            </div>
+            <div class="input-group">
+                <label for="password"><?php echo $strings["password"] ?></label>
+                <input type="password" id="password" name="password" required>
+            </div>
+            <button class="btn btn-primary" type="submit"><?php echo $strings["login"] ?></button>
+            <p style="margin-top: 10px; font-weight: bold;"><?php echo $strings["defaultLogin"] ?><br>user / user</p>
+        </form>
+        <form action="reset.php" method="POST">
+        <button class="btn btn-primary" type="submit" style="width: 200px;"><?php echo $strings["reset"] ?></button>
+        </form>
+    </div>
+    <script id="VLBar" title="<?= $strings["title"]; ?>" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</body>
+</html>
diff --git a/app/lab/api-hacking/api-1/login.php b/app/lab/api-hacking/api-1/login.php
@@ -0,0 +1,34 @@
+<?php
+
+// Check POST request 
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    // Get username and password from POST data
+    $username = $_POST['username'];
+    $password = $_POST['password'];
+
+    // Read main1.json and get the content
+    $data = file_get_contents('main1.json');
+    $users = json_decode($data, true);
+
+    // Control users
+    foreach ($users as $user) {
+        // If username and password match
+        if ($user['username'] === $username && $user['password'] === $password) {
+            // User redirect
+            if ($username == 'admin') {
+                header("Location: adminindex.php");
+                exit();
+            } elseif ($username == 'user') {
+                header("Location: userindex.php");
+                exit();
+            } else {
+                header("Location: index.php");
+                exit();
+            }
+        }
+    }
+    // If there is no match, redirect back to the login page
+    header("Location: index.php");
+    exit();
+}
+
diff --git a/app/lab/api-hacking/api-1/main1.json b/app/lab/api-hacking/api-1/main1.json
@@ -0,0 +1,10 @@
+[
+    {
+        "username": "admin",
+        "password": "admin"
+    },
+    {
+        "username": "user",
+        "password": "user"
+    }
+]
diff --git a/app/lab/api-hacking/api-1/reset.php b/app/lab/api-hacking/api-1/reset.php
@@ -0,0 +1,18 @@
+<?php
+// To return the user information in the main1.json file to default values
+
+// Define default usernames and passwords
+$defaultUsers = array(
+    array("username" => "admin", "password" => "admin"),
+    array("username" => "user", "password" => "user")
+);
+
+// Convert to JSON format
+$defaultData = json_encode($defaultUsers, JSON_PRETTY_PRINT);
+
+// Write to main1.json
+file_put_contents('main1.json', $defaultData);
+
+// Redirect to Index page
+header("Location: index.php");
+exit;
diff --git a/app/lab/api-hacking/api-1/style.css b/app/lab/api-hacking/api-1/style.css
@@ -0,0 +1,42 @@
+        body {
+
+        height: 100vh;
+        margin: 0;
+    }
+
+    .container {
+        width: 300px;
+        padding: 20px;
+        border: 1px solid #ccc;
+        border-radius: 5px;
+        background-color: #f9f9f9;
+        text-align: center;
+    }
+
+    .input-group {
+        margin-bottom: 20px;
+    }
+
+    input[type="text"],
+    input[type="password"] {
+        width: calc(100% - 16px); /* Düğme genişliğini ayarlamak için */
+        padding: 8px;
+        margin-bottom: 10px;
+        border: 1px solid #203069;
+        border-radius: 4px;
+        box-sizing: border-box;
+    }
+
+    button {
+        width: calc(100% - 16px); /* Düğme genişliğini ayarlamak için */
+        padding: 10px;
+        border: none;
+        border-radius: 4px;
+        background-color: #203069;
+        color: white;
+        cursor: pointer;
+    }
+
+    button:hover {
+        background-color: #203069;
+    }
diff --git a/app/lab/api-hacking/api-1/tr.ini b/app/lab/api-hacking/api-1/tr.ini
@@ -0,0 +1,17 @@
+title="API Zaafiyeti"
+login="Giriş"
+username="Kullanıcı Adı:"
+password="Şifre:"
+defaultLogin="Varsayılan Giriş:"
+adminAccount="Admin Kullanıcı"
+userAccount="User Kullanıcı"
+adminLogin="Merhaba Admin Kullanıcısı"
+userLogin="Merhaba User Kullanıcısı."
+welcomeSystem="Sisteme Hoşgeldiniz!"
+updatePassword="Parolayı Güncelle"
+enterNewPassword="Yeni Şifrenizi Giriniz:"
+reset="Değişiklikleri Sıfırla"
+logOut="Çıkış Yap"
+passwordUpdated="Şifre Güncellendi"
+SuccesfulPassword="Şifre Başarıyla Güncellendi"
+NewSuccesfulPassword="Yeni şifreniz başarıyla güncellenmiştir."
diff --git a/app/lab/api-hacking/api-1/updatepassword.php b/app/lab/api-hacking/api-1/updatepassword.php
@@ -0,0 +1,37 @@
+<?php
+// Veri gönderme işlemi için cURL kullanarak API'ye istek yapılır
+function sendRequest($url, $data) {
+    $ch = curl_init($url);
+    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
+    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data));
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+    $response = curl_exec($ch);
+    curl_close($ch);
+    return $response;
+}
+
+// API endpoint
+//$apiUrl = "http://localhost:1337/lab/api-hacking/api-1/api.php";
+include "./api.php";
+
+// HTTP method
+$method = $_SERVER['REQUEST_METHOD'];
+
+// User update (POST)
+if ($method === 'POST') {
+    $username = $_GET['username'];
+    $newPassword = $_GET['newpassword'];
+
+    // Data to be sent to the API
+    $data = array(
+        'username' => $username,
+        'newpassword' => $newPassword
+    );
+
+    // Send request to API
+    $response = sendRequest($apiUrl, $data);
+
+    // Print the response from the API to the screen
+    echo $response;
+}
+
diff --git a/app/lab/api-hacking/api-1/userFound.php b/app/lab/api-hacking/api-1/userFound.php
@@ -0,0 +1,24 @@
+<?php
+require("../../../lang/lang.php");
+$strings = tr();
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title><?php echo $strings["passwordUpdated"] ?></title>
+    <link rel="stylesheet" href="style.css">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
+</head>
+<body>
+<div class="container" style="width: 500px; margin-top: 10%; ">
+        <h2><?php echo $strings["SuccesfulPassword"] ?></h2>
+        <p><?php echo $strings["NewSuccesfulPassword"] ?></p>
+        <form action="login.php" method="POST">
+            <button type="submit"><?php echo $strings["logOut"] ?></button>
+        </form>
+    </div>
+    <script id="VLBar" title="title" category-id="13" src="/public/assets/js/vlnav.min.js"></script>
+</body>
+</html>