Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Releases
CMS Releases
[REL] AfterCMS | Plus Emulator | PHP7
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="BIOS" data-source="post: 398223" data-attributes="member: 15674"><p>Design seems quite unique and simple, IMO much preferred in comparison to other CMS's which have so much bloat in your face.</p><p></p><p></p><p></p><p>^ This. Text-based captcha's are essentially useless, you can create a bot to crack them easily by scraping the generated code from the div and then submitting the form with that same value. Much better to use an image-based captcha, I'd probably go with a well known one such as Google reCaptcha as it is always being worked on rather than rolling your own.</p><p></p><p>You're using MySQLi but not with prepared statements, a lot of code is messy and left unvalidated leaving you open to attacks.</p><p></p><p><strong>environment.php:</strong></p><p>Throughout this file are raw queries, particularly using the HTTP IP headers from getRealIP(). This leaves you open to SQL Injection on line 74.</p><p>[PHP]$vipb = $db->query("SELECT * FROM bans WHERE value='".getRealIP()."'");[/PHP]</p><p></p><p>If you were to spoof one of the HTTP header such as HTTP_X_FORWARDED_FOR for example, the user could potentially dump the entire database by injecting arbitrary SQL into the request header.</p><p></p><p>At line 42, you're also inputting raw data without escaping/preparing it.</p><p>[PHP]$ban = $db->query("SELECT * FROM bans WHERE value='".$row['username']."'");[/PHP]</p><p></p><p>panel\news.php @ line 12 also, has no validation what-so-ever:</p><p>[PHP]if(isset($_GET['del'])){</p><p> $db->query("DELETE FROM cms_news WHERE id='".$_GET['del']."'");</p><p>}[/PHP]</p><p></p><p>Probably a lot more issues however won't go through it all as there are too many files, so i'll leave some tips. </p><p></p><p>To avoid this ensure you validate all input (e.g. that the headers you are processing are actually IP addresses, this can be achieved with filter_var() for example). Utilize MySQLi properly by using prepared statements throughout and never input raw data in a query as seen above.</p><p></p><p>Also noticed that you're outputting a lot of raw data, so it's likely there will be some XSS vulnerabilities in there also. Don't forget to validate all input and sanitize it before it's outputted.</p></blockquote><p></p>
[QUOTE="BIOS, post: 398223, member: 15674"] Design seems quite unique and simple, IMO much preferred in comparison to other CMS's which have so much bloat in your face. ^ This. Text-based captcha's are essentially useless, you can create a bot to crack them easily by scraping the generated code from the div and then submitting the form with that same value. Much better to use an image-based captcha, I'd probably go with a well known one such as Google reCaptcha as it is always being worked on rather than rolling your own. You're using MySQLi but not with prepared statements, a lot of code is messy and left unvalidated leaving you open to attacks. [B]environment.php:[/B] Throughout this file are raw queries, particularly using the HTTP IP headers from getRealIP(). This leaves you open to SQL Injection on line 74. [PHP]$vipb = $db->query("SELECT * FROM bans WHERE value='".getRealIP()."'");[/PHP] If you were to spoof one of the HTTP header such as HTTP_X_FORWARDED_FOR for example, the user could potentially dump the entire database by injecting arbitrary SQL into the request header. At line 42, you're also inputting raw data without escaping/preparing it. [PHP]$ban = $db->query("SELECT * FROM bans WHERE value='".$row['username']."'");[/PHP] panel\news.php @ line 12 also, has no validation what-so-ever: [PHP]if(isset($_GET['del'])){ $db->query("DELETE FROM cms_news WHERE id='".$_GET['del']."'"); }[/PHP] Probably a lot more issues however won't go through it all as there are too many files, so i'll leave some tips. To avoid this ensure you validate all input (e.g. that the headers you are processing are actually IP addresses, this can be achieved with filter_var() for example). Utilize MySQLi properly by using prepared statements throughout and never input raw data in a query as seen above. Also noticed that you're outputting a lot of raw data, so it's likely there will be some XSS vulnerabilities in there also. Don't forget to validate all input and sanitize it before it's outputted. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Releases
CMS Releases
[REL] AfterCMS | Plus Emulator | PHP7
Top