DO NOT USE THIS SCRIPT!!!EDIT: The OP has fixed the issue below and sent an e-mail to faucet owners. There are still some logic problems in that code but so far every "exploit" requires admin login. I will take a look at the fixed version.
This script has a backdoor!!!
On this page: https://github.com/destinybogan/Faucet-Builder/blob/master/admin/index.php
The code contains:if(isset($_COOKIE['remember'])){
$_SESSION['admin']=true;
}
This means that if I set a cookie with the name "remember", I AM THE ADMIN!
Hackers can set cookies because they are stored client-side and sent to the server in an HTTP header!
You may think that because it only shows the last four characters of your Xapo key, you are safe.
But a hacker could increase the referral payout to something insanely high, disable the timeout, take the SolveMedia key and run a bot until all the coins are gone .
So do not use this script!