[REL] AfterCMS | Plus Emulator | PHP7

[Matiasvm]

Hi guys,
Today I share a cms that I created recently, the design I did thinking about the r63 (that's why the name "After"), with the vertical menu on the left, I hope you like.
The only problem is that it is in Spanish since I am from Colombia, I am sorry.

Sorry for my lousy english

Details.

- Login and register on index.
- 2 Index designs.
- News.
- Comments for facebook plugin.
- Top users.
- Team page.
- Profile Settings
- Housekeeping 70%.

Images

Spoiler: Index 1

Spoiler: Index 2

Spoiler: Home

Spoiler: Housekeeping

More images:

You must be registered for see links

Download:

You must be registered for see links

VirusTotal:

You must be registered for see links

How to install:
- Upload the clean database of Plus Emulator and then the database of cms.
- Edit the file protected/config.php and client.php

Credits:
- Jauno (Matiasvm) (Programming and design)
- Habbo (Images)

 

[Etrion]

Looks really good tbh m8

 

[Ghost]

Not bad

 

[Manuela]

It's simplistic and neat, thanks for releasing it.

 

[Zodiak]

Could do with some file sorting and cleaning up into classes and shit but good job.

 

[BrainCMS]

Hmm i don't like this style.

 

[JoeriLowl]

Realy like this thanks

 

[Hender]

Not a fan of the theme/layout, Housekeeping is rather clean I like it, files need organising a little better but I guess it does the job.

Thank you for the release I'm sure people will use it I'm glad people are using updated PHP.

Sent from my GT-I9505 using Tapatalk

 

[Bekmezci]

Good release , would love to see another font being used tho

 

[Zaka]

I was thinking about one thing that I've seen many hotels have. They have the captcha just like you, but there is no background, no use of the PHP GD library to make the captcha a image. Which makes it easy for bots to just read the data from the captcha div/span or whatever is used, and paste it into the captcha input. If you don't know how to implement a more difficult way for bots to read the captcha, you could atleast use googles or something.

 

[BIOS]

Design seems quite unique and simple, IMO much preferred in comparison to other CMS's which have so much bloat in your face.

I was thinking about one thing that I've seen many hotels have. They have the captcha just like you, but there is no background, no use of the PHP GD library to make the captcha a image. Which makes it easy for bots to just read the data from the captcha div/span or whatever is used, and paste it into the captcha input. If you don't know how to implement a more difficult way for bots to read the captcha, you could atleast use googles or something.

^ This. Text-based captcha's are essentially useless, you can create a bot to crack them easily by scraping the generated code from the div and then submitting the form with that same value. Much better to use an image-based captcha, I'd probably go with a well known one such as Google reCaptcha as it is always being worked on rather than rolling your own.

You're using MySQLi but not with prepared statements, a lot of code is messy and left unvalidated leaving you open to attacks.

environment.php:
Throughout this file are raw queries, particularly using the HTTP IP headers from getRealIP(). This leaves you open to SQL Injection on line 74.

$vipb = $db->query("SELECT * FROM bans WHERE value='".getRealIP()."'");

If you were to spoof one of the HTTP header such as HTTP_X_FORWARDED_FOR for example, the user could potentially dump the entire database by injecting arbitrary SQL into the request header.

At line 42, you're also inputting raw data without escaping/preparing it.

$ban = $db->query("SELECT * FROM bans WHERE value='".$row['username']."'");

panel\news.php @ line 12 also, has no validation what-so-ever:

if(isset($_GET['del'])){
  $db->query("DELETE FROM cms_news WHERE id='".$_GET['del']."'");
}

Probably a lot more issues however won't go through it all as there are too many files, so i'll leave some tips.

To avoid this ensure you validate all input (e.g. that the headers you are processing are actually IP addresses, this can be achieved with filter_var() for example). Utilize MySQLi properly by using prepared statements throughout and never input raw data in a query as seen above.

Also noticed that you're outputting a lot of raw data, so it's likely there will be some XSS vulnerabilities in there also. Don't forget to validate all input and sanitize it before it's outputted.

 

[Zaka]

Design seems quite unique and simple, IMO much preferred in comparison to other CMS's which have so much bloat in your face.



^ This. Text-based captcha's are essentially useless, you can create a bot to crack them easily by scraping the generated code from the div and then submitting the form with that same value. Much better to use an image-based captcha, I'd probably go with a well known one such as Google reCaptcha as it is always being worked on rather than rolling your own.

You're using MySQLi but not with prepared statements, a lot of code is messy and left unvalidated leaving you open to attacks.

environment.php:
Throughout this file are raw queries, particularly using the HTTP IP headers from getRealIP(). This leaves you open to SQL Injection on line 74.

$vipb = $db->query("SELECT * FROM bans WHERE value='".getRealIP()."'");

If you were to spoof one of the HTTP header such as HTTP_X_FORWARDED_FOR for example, the user could potentially dump the entire database by injecting arbitrary SQL into the request header.

At line 42, you're also inputting raw data without escaping/preparing it.

$ban = $db->query("SELECT * FROM bans WHERE value='".$row['username']."'");

panel\news.php @ line 12 also, has no validation what-so-ever:

if(isset($_GET['del'])){
  $db->query("DELETE FROM cms_news WHERE id='".$_GET['del']."'");
}

Probably a lot more issues however won't go through it all as there are too many files, so i'll leave some tips.

To avoid this ensure you validate all input (e.g. that the headers you are processing are actually IP addresses, this can be achieved with filter_var() for example). Utilize MySQLi properly by using prepared statements throughout and never input raw data in a query as seen above.

Also noticed that you're outputting a lot of raw data, so it's likely there will be some XSS vulnerabilities in there also. Don't forget to validate all input and sanitize it before it's outputted.

I have two questions for you. When you talk about validating data, are you talking about the filter_var() method in PHP? Or just to make sure a input is an int if thats what u need etc? And the second question, couldnt't you just sanitize the input before it's submitted, and then just output the data without sanitizing it since you already done that before they could submit the data?

 

[BIOS]

I have two questions for you. When you talk about validating data, are you talking about the filter_var() method in PHP? Or just to make sure a input is an int if thats what u need etc? And the second question, couldnt't you just sanitize the input before it's submitted, and then just output the data without sanitizing it since you already done that before they could submit the data?

1. It depends what type of data you're validating. For example, the

You must be registered for see links

method has options which make it useful for validating data such as IP addresses and e-mail addresses, e.g: FILTER_VALIDATE_EMAIL.

If you're only expecting a whole number, I'd opt for something like

You must be registered for see links

over others such as is_numeric as this particular function allows for float values which you probably don't want in a lot of cases; if you're looking for a user's ID etc.

2. I generally wouldn't as that may allow for tainted input, which as you know can lead to a lot of problems and may even make your application vulnerable somewhere down the process.

This is why I opt for a whitelist validation approach. If you require a username that only contains letters and numbers, make sure that's all you allow; nothing else should pass. Then I'd store it in the database using prepared statements and such for extra measure, then it is pulled back out somewhere and sanitized before it's finally displayed on the page.

 

[SupahCookie]

If someone has one in english (or Dutch ) van you share it?

 

[maxam2000]

web.config?

 

[Zaka]

web.config?

Well that was very specific... What about the web.config?

 

[maxam2000]

The CMS does only have a .htaccess and only the /me works on IIS7..(and PHP7)
It's because of the missing web.config, right?

 

[Manuela]

web.config?

Use URL Rewrite, here ya' have it:

You must be registered for see links

 

[Zaka]

The CMS does only have a .htaccess and only the /me works on IIS7..(and PHP7)
It's because of the missing web.config, right?

Use URL Rewrite, here ya' have it:

You must be registered for see links

Yes it's because of web.config missing, and Manuela, yes you can use a service like that, but it won't be accurate.

 

[maxam2000]

There are always warnings:

You must be registered for see links

Could anyone tell me how to fix that?