Release: RevCMS Exploit

[Rastaberry]

Not going to explain too much but this is for those who've not fixed this yet:

Go to /App/ and open Class.template.php/

Remove this part if your running your hotel or emulator on a web-host.

 $this->setParams('mysql_host', $_CONFIG['mysql']['hostname']);

Remove this part to prevent people seeing your IP by putting "{server_IP}" in their motto.

  $this->setParams('server_ip', $_CONFIG['hotel']['server_ip']);

There you go You've just prevented script kids taking down your web-server.

Something like this:

 

[Chaotic]

Thanks for the release. I am not currently using RevCMS but the next time I do, I'll make sure to update it.

 

[Wickd]

Theres not many people who have noticed that exploit.Great job.

 

[Rastaberry]

Wicked.

It's good that they are updated about this exploit now. This could fix the whole DDoS on your site even when you''re running Cloudflare & a Proxy.

Choatic

Glad to hear that thanks !

 

[Derqah]

Nice.