Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
Does anyone have a REALLY secure UberCMS?
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Wouto" data-source="post: 75345" data-attributes="member: 3046"><p>No, it only has an article.php exploit which has a simple fix by replacing your article with </p><p>[CODE]<?php</p><p>/*=======================================================================</p><p>| UberCMS - Advanced Website and Content Management System for uberEmu</p><p>| #######################################################################</p><p>| Copyright (c) 2010, Roy 'Meth0d'</p><p>| http://www.meth0d.org</p><p>| #######################################################################</p><p>| This program is free software: you can redistribute it and/or modify</p><p>| it under the terms of the GNU General Public License as published by</p><p>| the Free Software Foundation, either version 3 of the License, or</p><p>| (at your option) any later version.</p><p>| #######################################################################</p><p>| This program is distributed in the hope that it will be useful,</p><p>| but WITHOUT ANY WARRANTY; without even the implied warranty of</p><p>| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</p><p>| GNU General Public License for more details.</p><p>\======================================================================*/</p><p> </p><p>define('TAB_ID', 5);</p><p>define('PAGE_ID', 17);</p><p> </p><p>require_once "global.php";</p><p> </p><p>$articleData = null;</p><p> </p><p>if (isset($_GET['mostRecent']))</p><p>{</p><p> $getData = dbquery("SELECT * FROM site_news ORDER BY timestamp DESC LIMIT 1");</p><p> </p><p> if (mysql_num_rows($getData) > 0)</p><p> {</p><p> $articleData = mysql_fetch_assoc($getData);</p><p> }</p><p>}</p><p>else if (isset($_GET['rel']))</p><p>{</p><p> $rel = mysql_real_escape_string($_GET['rel']);</p><p> </p><p> if (strrpos($rel, '-') >= 1)</p><p> {</p><p> $bits = explode('-', $rel);</p><p> $id = mysql_real_escape_string($bits[0]);</p><p> </p><p> $getData = dbquery("SELECT * FROM site_news WHERE id = '" . $id . "' LIMIT 1");</p><p> </p><p> if (mysql_num_rows($getData) > 0)</p><p> {</p><p> $articleData = mysql_fetch_assoc($getData);</p><p> }</p><p> }</p><p>}</p><p> </p><p>$tpl->Init();</p><p> </p><p>$tpl->AddGeneric('head-init');</p><p>$tpl->AddIncludeSet('generic');</p><p>$tpl->WriteIncludeFiles();</p><p>$tpl->AddGeneric('head-overrides-generic');</p><p>$tpl->AddGeneric('head-bottom');</p><p>$tpl->AddGeneric('generic-top');</p><p> </p><p>$tpl->Write('<div id="column1" class="column">');</p><p> </p><p>$newslist = new Template('comp-newslist');</p><p> </p><p>if (isset($_GET['archiveMode']))</p><p>{</p><p> $newslist->SetParam('mode', 'archive');</p><p>}</p><p>else if (isset($_GET['category']) && is_numeric($_GET['category']))</p><p>{</p><p> $newslist->SetParam('mode', 'category');</p><p> $newslist->SetParam('category_id', mysql_real_escape_string($_GET['category']));</p><p>}</p><p>else</p><p>{</p><p> $newslist->SetParam('mode', 'recent');</p><p>}</p><p> </p><p>$tpl->AddTemplate($newslist);</p><p> </p><p>$tpl->Write('</div>');</p><p> </p><p>$tpl->Write('<div id="column2" class="column">');</p><p> </p><p>$article = new Template('comp-newsarticle');</p><p> </p><p>if ($articleData != null)</p><p>{</p><p> $article->SetParam('news_article_id', $articleData['id']);</p><p> $article->SetParam('news_article_title', clean($articleData['title']));</p><p> $article->SetParam('news_article_date', 'Posted ' . clean($articleData['datestr']));</p><p> $article->SetParam('news_category', '<a href="/articles/category/' . $articleData['category_id'] . '">' . clean(mysql_result(dbquery("SELECT caption FROM site_news_categories WHERE id = '" . $articleData['category_id'] . "' LIMIT 1"), 0)) . '</a>');</p><p> $article->SetParam('news_article_summary', clean($articleData['snippet']));</p><p> $article->SetParam('news_article_body', clean($articleData['body'], true));</p><p> </p><p> $tpl->SetParam('page_title', 'News - ' . clean($articleData['title']));</p><p>}</p><p>else</p><p>{</p><p> $article->SetParam('news_article_id', 0);</p><p> $article->SetParam('news_article_title', 'News article not found');</p><p> $article->SetParam('news_article_date', '');</p><p> $article->SetParam('news_category', '');</p><p> $article->SetParam('news_article_summary', '');</p><p> $article->SetParam('news_article_body', "The article you were looking for could not be retrieved. Please press the 'back' button on your browser to return to your previous page."); </p><p> </p><p> $tpl->SetParam('page_title', 'News - News Article not found');</p><p>}</p><p> </p><p>$tpl->AddTemplate($article);</p><p>$tpl->Write('</div>');</p><p> </p><p>$tpl->AddGeneric('generic-column3');</p><p>$tpl->AddGeneric('footer');</p><p> </p><p>$tpl->SetParam('body_id', 'news');</p><p> </p><p>$tpl->Output();</p><p> </p><p>?>[/CODE]</p><p>(credits to nobrain)</p></blockquote><p></p>
[QUOTE="Wouto, post: 75345, member: 3046"] No, it only has an article.php exploit which has a simple fix by replacing your article with [CODE]<?php /*======================================================================= | UberCMS - Advanced Website and Content Management System for uberEmu | ####################################################################### | Copyright (c) 2010, Roy 'Meth0d' | http://www.meth0d.org | ####################################################################### | This program is free software: you can redistribute it and/or modify | it under the terms of the GNU General Public License as published by | the Free Software Foundation, either version 3 of the License, or | (at your option) any later version. | ####################################################################### | This program is distributed in the hope that it will be useful, | but WITHOUT ANY WARRANTY; without even the implied warranty of | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | GNU General Public License for more details. \======================================================================*/ define('TAB_ID', 5); define('PAGE_ID', 17); require_once "global.php"; $articleData = null; if (isset($_GET['mostRecent'])) { $getData = dbquery("SELECT * FROM site_news ORDER BY timestamp DESC LIMIT 1"); if (mysql_num_rows($getData) > 0) { $articleData = mysql_fetch_assoc($getData); } } else if (isset($_GET['rel'])) { $rel = mysql_real_escape_string($_GET['rel']); if (strrpos($rel, '-') >= 1) { $bits = explode('-', $rel); $id = mysql_real_escape_string($bits[0]); $getData = dbquery("SELECT * FROM site_news WHERE id = '" . $id . "' LIMIT 1"); if (mysql_num_rows($getData) > 0) { $articleData = mysql_fetch_assoc($getData); } } } $tpl->Init(); $tpl->AddGeneric('head-init'); $tpl->AddIncludeSet('generic'); $tpl->WriteIncludeFiles(); $tpl->AddGeneric('head-overrides-generic'); $tpl->AddGeneric('head-bottom'); $tpl->AddGeneric('generic-top'); $tpl->Write('<div id="column1" class="column">'); $newslist = new Template('comp-newslist'); if (isset($_GET['archiveMode'])) { $newslist->SetParam('mode', 'archive'); } else if (isset($_GET['category']) && is_numeric($_GET['category'])) { $newslist->SetParam('mode', 'category'); $newslist->SetParam('category_id', mysql_real_escape_string($_GET['category'])); } else { $newslist->SetParam('mode', 'recent'); } $tpl->AddTemplate($newslist); $tpl->Write('</div>'); $tpl->Write('<div id="column2" class="column">'); $article = new Template('comp-newsarticle'); if ($articleData != null) { $article->SetParam('news_article_id', $articleData['id']); $article->SetParam('news_article_title', clean($articleData['title'])); $article->SetParam('news_article_date', 'Posted ' . clean($articleData['datestr'])); $article->SetParam('news_category', '<a href="/articles/category/' . $articleData['category_id'] . '">' . clean(mysql_result(dbquery("SELECT caption FROM site_news_categories WHERE id = '" . $articleData['category_id'] . "' LIMIT 1"), 0)) . '</a>'); $article->SetParam('news_article_summary', clean($articleData['snippet'])); $article->SetParam('news_article_body', clean($articleData['body'], true)); $tpl->SetParam('page_title', 'News - ' . clean($articleData['title'])); } else { $article->SetParam('news_article_id', 0); $article->SetParam('news_article_title', 'News article not found'); $article->SetParam('news_article_date', ''); $article->SetParam('news_category', ''); $article->SetParam('news_article_summary', ''); $article->SetParam('news_article_body', "The article you were looking for could not be retrieved. Please press the 'back' button on your browser to return to your previous page."); $tpl->SetParam('page_title', 'News - News Article not found'); } $tpl->AddTemplate($article); $tpl->Write('</div>'); $tpl->AddGeneric('generic-column3'); $tpl->AddGeneric('footer'); $tpl->SetParam('body_id', 'news'); $tpl->Output(); ?>[/CODE] (credits to nobrain) [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
Does anyone have a REALLY secure UberCMS?
Top