How to remove my CMS exploits?

Aruthra

Aruthra

Owner, Swift Industry
Aug 14, 2013
616
61
Ok so recently my hotel is getting SQL injected... The hackers just get into my database, change users's motto, mess up homeroom, mess up staff page etc....
Could anyone help me patch and remove all the exploits present in my RevCMS edit? I would give you a rank on my hotel if you help me :)

Skype - tiny.builder
Hotel - swift-hotel.net

Thanks.
 
Sort by date Sort by votes
Khalil

Khalil

IDK
Dec 6, 2011
1,642
786
Rekt said:
If you're using xampp, that's so in-secure! I prefer using IIS to keep your stuff secured and database.
Click to expand...
XAMPP's security issues can be sorted, however, it is best to only use it on a development environment not on a live one.

Not to get down to the real problem! You said the attackers got access to the database, now this goes beyond any exploits known to any habbo content management systems, the attackers could execute a piece of code that could make changes to your database and/or drop certain tables or even the entire database itself yes, however, they cannot view the data parsed/inserted/present in the database. If the attackers are able to view that data, this means they either have a shell put onto your system OR someone has access to your server.

Otherwise, can you paste your 'class.users.php'?
 
Upvote 0 Downvote
Aruthra

Aruthra

Owner, Swift Industry
Aug 14, 2013
616
61
Khalil said:
XAMPP's security issues can be sorted, however, it is best to only use it on a development environment not on a live one.

Not to get down to the real problem! You said the attackers got access to the database, now this goes beyond any exploits known to any habbo content management systems, the attackers could execute a piece of code that could make changes to your database and/or drop certain tables or even the entire database itself yes, however, they cannot view the data parsed/inserted/present in the database. If the attackers are able to view that data, this means they either have a shell put onto your system OR someone has access to your server.

Otherwise, can you paste your 'class.users.php'?
Click to expand...
Sure.
You must be registered for see links
 
Upvote 0 Downvote
Khalil

Khalil

IDK
Dec 6, 2011
1,642
786
Here, replace it by this:
You must be registered for see links
; Now go to your class.core.php:

replace this:
PHP: 
    final public function handleCall($k)
    {
        global $users, $template, $_CONFIG;
      
        if($_CONFIG['hotel']['in_maint'] == false)
        {
            if(!isset($_SESSION['user']['id']))
            {
                switch($k)
                {
                    case "index":
                    case null:
                    case "login":
                        $users->login();
                    break;
                  
                    case "register":
                    $users->register();
                    break;
                  
                    case "forgot":
                        $users->forgotten();
                    break;
                  
                    case "maintenance":
                    case "ToS":
                        //
                    break;
              
                    case "me":
                    case "account":
                    case "news":
                        header('Location: '.$_CONFIG['hotel']['url'].'/index');
                        exit;
                    break;
                  
                    default:
                        //Nothing
                    break;
                }
            }
            else
            {
                if($_SESSION['user']['ip_last'] != $_SERVER['REMOTE_ADDR'])
                {
                    header('Location: '.$_CONFIG['hotel']['url'].'/logout');
                }
              
                switch($k)
                {
                    case "index":
                    case null:
                        header('Location: '.$_CONFIG['hotel']['url'].'/me');
                    exit;
                    break;
                  
                    case "register":
                    header('Location: '.$_CONFIG['hotel']['url'].'/me');
                    exit;
                    break;
                  
                    case "forgot":
                        header('Location: '.$_CONFIG['hotel']['url'].'/me');
                        exit;
                    break;
                  
                    case "client":
                        $users->createSSO($_SESSION['user']['id']);
                        $users->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
                        $template->setParams('sso', $users->getInfo($_SESSION['user']['id'], 'auth_ticket'));
                    break;
                      
                    case "help":
                        $users->help();
                    break;
              
                    case "account":
                        $users->updateAccount();
                    break;
                  
                    default:
                        //nothing
                    break;
                }
            }
        }
        elseif($_GET['url'] != 'maintenance')
        {
            header('Location: '.$_CONFIG['hotel']['url'].'/maintenance');
            exit;
        }
    }

by this:

PHP: 
    final public function handleCall($k)
    {
        global $users, $template, $_CONFIG;
      
        if($_CONFIG['hotel']['in_maint'] == false)
        {
            if(!isset($_SESSION['user']['id']))
            {
                switch($k)
                {
                    case "index":
                    case null:
                    case "login":
                        $users->login();
                    break;
                  
                    case "register":
                    $users->register();
                    break;
                  
                    case "maintenance":
                        //
                    break;
              
                    case "me":
                    case "account":
                    case "news":
                        header('Location: '.$_CONFIG['hotel']['url'].'/index');
                        exit;
                    break;
                  
                    default:
                        //Nothing
                    break;
                }
            }
            else
            {
                if($_SESSION['user']['ip_last'] != $_SERVER['REMOTE_ADDR'])
                {
                    header('Location: '.$_CONFIG['hotel']['url'].'/logout');
                }
              
                switch($k)
                {
                    case "index":
                    case null:
                        header('Location: '.$_CONFIG['hotel']['url'].'/me');
                    exit;
                    break;
                  
                    case "register":
                    header('Location: '.$_CONFIG['hotel']['url'].'/me');
                    exit;
                    break;
                  
                    case "client":
                        $users->createSSO($_SESSION['user']['id']);
                        $users->updateUser($_SESSION['user']['id'], 'ip_last', $_SERVER['REMOTE_ADDR']);
                        $template->setParams('sso', $users->getInfo($_SESSION['user']['id'], 'auth_ticket'));
                    break;
              
                    case "account":
                        $users->updateAccount();
                    break;
                  
                    default:
                        //nothing
                    break;
                }
            }
        }
        elseif($_GET['url'] != 'maintenance')
        {
            header('Location: '.$_CONFIG['hotel']['url'].'/maintenance');
            exit;
        }
    }


Now go on 'interface.users.php' and remove: 'public function forgotten();' & 'public function help();'. Make sure you do this, if you don't it will return a blank white page or an error.

See if the attackers can cause damage again, let me know if they do.
 
Upvote 0 Downvote
j0sh

j0sh

Will someone please explain the meaning of life?
Apr 27, 2012
167
25
I'd reccomend a new CMS. It's alot of work. a good cms is an old boonCMS edit- javasex released this a while ago
 
Upvote 0 Downvote


Write your reply...

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top