[REL] AfterCMS | Plus Emulator | PHP7

Matiasvm

New Member
Dec 23, 2016
3
3
Hi guys,
Today I share a cms that I created recently, the design I did thinking about the r63 (that's why the name "After"), with the vertical menu on the left, I hope you like.
The only problem is that it is in Spanish since I am from Colombia, I am sorry.

Sorry for my lousy english

Details.
Code:
- Login and register on index.
- 2 Index designs.
- News.
- Comments for facebook plugin.
- Top users.
- Team page.
- Profile Settings
- Housekeeping 70%.

Images
PgnppNk.png
khD7XsL.png
zR5xeaA.png
3fr5tpb.png

More images:


Download:
VirusTotal:

How to install:
- Upload the clean database of Plus Emulator and then the database of cms.
- Edit the file protected/config.php and client.php

Credits:
- Jauno (Matiasvm) (Programming and design)
- Habbo (Images)
 

Zodiak

recovering crack addict
Nov 18, 2011
450
411
Could do with some file sorting and cleaning up into classes and shit but good job.
 

Hender

King Tinkerer
Mar 3, 2016
304
122
Not a fan of the theme/layout, Housekeeping is rather clean I like it, files need organising a little better but I guess it does the job.

Thank you for the release I'm sure people will use it I'm glad people are using updated PHP.

Sent from my GT-I9505 using Tapatalk
 

Zaka

Programmer
Feb 9, 2012
471
121
I was thinking about one thing that I've seen many hotels have. They have the captcha just like you, but there is no background, no use of the PHP GD library to make the captcha a image. Which makes it easy for bots to just read the data from the captcha div/span or whatever is used, and paste it into the captcha input. If you don't know how to implement a more difficult way for bots to read the captcha, you could atleast use googles or something.
 

BIOS

ಠ‿ಠ
Apr 25, 2012
906
247
Design seems quite unique and simple, IMO much preferred in comparison to other CMS's which have so much bloat in your face.

I was thinking about one thing that I've seen many hotels have. They have the captcha just like you, but there is no background, no use of the PHP GD library to make the captcha a image. Which makes it easy for bots to just read the data from the captcha div/span or whatever is used, and paste it into the captcha input. If you don't know how to implement a more difficult way for bots to read the captcha, you could atleast use googles or something.

^ This. Text-based captcha's are essentially useless, you can create a bot to crack them easily by scraping the generated code from the div and then submitting the form with that same value. Much better to use an image-based captcha, I'd probably go with a well known one such as Google reCaptcha as it is always being worked on rather than rolling your own.

You're using MySQLi but not with prepared statements, a lot of code is messy and left unvalidated leaving you open to attacks.

environment.php:
Throughout this file are raw queries, particularly using the HTTP IP headers from getRealIP(). This leaves you open to SQL Injection on line 74.
PHP:
$vipb = $db->query("SELECT * FROM bans WHERE value='".getRealIP()."'");

If you were to spoof one of the HTTP header such as HTTP_X_FORWARDED_FOR for example, the user could potentially dump the entire database by injecting arbitrary SQL into the request header.

At line 42, you're also inputting raw data without escaping/preparing it.
PHP:
$ban = $db->query("SELECT * FROM bans WHERE value='".$row['username']."'");

panel\news.php @ line 12 also, has no validation what-so-ever:
PHP:
if(isset($_GET['del'])){
  $db->query("DELETE FROM cms_news WHERE id='".$_GET['del']."'");
}

Probably a lot more issues however won't go through it all as there are too many files, so i'll leave some tips.

To avoid this ensure you validate all input (e.g. that the headers you are processing are actually IP addresses, this can be achieved with filter_var() for example). Utilize MySQLi properly by using prepared statements throughout and never input raw data in a query as seen above.

Also noticed that you're outputting a lot of raw data, so it's likely there will be some XSS vulnerabilities in there also. Don't forget to validate all input and sanitize it before it's outputted.
 

Zaka

Programmer
Feb 9, 2012
471
121
Design seems quite unique and simple, IMO much preferred in comparison to other CMS's which have so much bloat in your face.



^ This. Text-based captcha's are essentially useless, you can create a bot to crack them easily by scraping the generated code from the div and then submitting the form with that same value. Much better to use an image-based captcha, I'd probably go with a well known one such as Google reCaptcha as it is always being worked on rather than rolling your own.

You're using MySQLi but not with prepared statements, a lot of code is messy and left unvalidated leaving you open to attacks.

environment.php:
Throughout this file are raw queries, particularly using the HTTP IP headers from getRealIP(). This leaves you open to SQL Injection on line 74.
PHP:
$vipb = $db->query("SELECT * FROM bans WHERE value='".getRealIP()."'");

If you were to spoof one of the HTTP header such as HTTP_X_FORWARDED_FOR for example, the user could potentially dump the entire database by injecting arbitrary SQL into the request header.

At line 42, you're also inputting raw data without escaping/preparing it.
PHP:
$ban = $db->query("SELECT * FROM bans WHERE value='".$row['username']."'");

panel\news.php @ line 12 also, has no validation what-so-ever:
PHP:
if(isset($_GET['del'])){
  $db->query("DELETE FROM cms_news WHERE id='".$_GET['del']."'");
}

Probably a lot more issues however won't go through it all as there are too many files, so i'll leave some tips.

To avoid this ensure you validate all input (e.g. that the headers you are processing are actually IP addresses, this can be achieved with filter_var() for example). Utilize MySQLi properly by using prepared statements throughout and never input raw data in a query as seen above.

Also noticed that you're outputting a lot of raw data, so it's likely there will be some XSS vulnerabilities in there also. Don't forget to validate all input and sanitize it before it's outputted.
I have two questions for you. When you talk about validating data, are you talking about the filter_var() method in PHP? Or just to make sure a input is an int if thats what u need etc? And the second question, couldnt't you just sanitize the input before it's submitted, and then just output the data without sanitizing it since you already done that before they could submit the data?
 

BIOS

ಠ‿ಠ
Apr 25, 2012
906
247
I have two questions for you. When you talk about validating data, are you talking about the filter_var() method in PHP? Or just to make sure a input is an int if thats what u need etc? And the second question, couldnt't you just sanitize the input before it's submitted, and then just output the data without sanitizing it since you already done that before they could submit the data?

1. It depends what type of data you're validating. For example, the method has options which make it useful for validating data such as IP addresses and e-mail addresses, e.g: FILTER_VALIDATE_EMAIL.

If you're only expecting a whole number, I'd opt for something like over others such as is_numeric as this particular function allows for float values which you probably don't want in a lot of cases; if you're looking for a user's ID etc.

2. I generally wouldn't as that may allow for tainted input, which as you know can lead to a lot of problems and may even make your application vulnerable somewhere down the process.

This is why I opt for a whitelist validation approach. If you require a username that only contains letters and numbers, make sure that's all you allow; nothing else should pass. Then I'd store it in the database using prepared statements and such for extra measure, then it is pulled back out somewhere and sanitized before it's finally displayed on the page.
 

maxam2000

New Member
Jan 21, 2017
13
1
The CMS does only have a .htaccess and only the /me works on IIS7..(and PHP7)
It's because of the missing web.config, right?
 

Users who are viewing this thread

Top