Hello, I found a flaw in your code,
Several SQL queries that are performed are vulnerable to SQL injection.
Example:
https://github.com/PyFarsi/pyabr/blob/main/cloudprotocol/push.php
$sql = "SELECT password FROM users WHERE username='$username'";
Other vulnerable files are:
https://github.com/PyFarsi/pyabr/blob/main/cloudprotocol/inbox.php
https://github.com/PyFarsi/pyabr/blob/main/cloudprotocol/getkey.php
Hello, I found a flaw in your code,
Several SQL queries that are performed are vulnerable to SQL injection.
Example:
https://github.com/PyFarsi/pyabr/blob/main/cloudprotocol/push.php
Other vulnerable files are:
https://github.com/PyFarsi/pyabr/blob/main/cloudprotocol/inbox.php
https://github.com/PyFarsi/pyabr/blob/main/cloudprotocol/getkey.php