[Release] RevCMS IMPORTANT Exploit Fix!

Jerry

not rly active lol
Jul 8, 2013
1,956
522
Hi,
So you guys have some problem with revcms??
Oke let we fix the exploityouDontSay
Find final public function forgotten() (class.users.php) and delete the whole function!
Go to class.core.php and delete everything that looks like this case "forgot":
PHP:
DELETE :
case "forgot":
$users->forgotten();
break;

DELETE :
case "forgot":
header('Location: '.$_CONFIG['hotel']['url'].'/me');
exit;
break;

Yeah you fixed the exploit! Nobody can change your password now!!
How was this could be used (Shame for the big retros)
How to find :By logging everything in your cms ;I Special thanks to Spot Ify
Found by searching into the logs :
And then found this :

2014-06-26 16:50:58 ipipipipip POST /forgot - 80 - 141.101.104.219 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:30.0)+Gecko/20100101+Firefox/30.0 __cfduid=d76c81d40ec99160437607c4f5565871b1400161926734;+_ga=GA1.2.817099073.1403220409;+PHPSESSID=642pittqttuv4u692nkhptodh6
The guy used this to change the password :


He also could use post form to change the password since you guys are stupid to put seckey to NULL or 1234 XD
Owner who destroyed all your things Ricardo ... Owner : weebz.net
Maybe something you guys need to do:
Or just make a CMS by your self in php or asp.net (pssht i recomment asp.net its simular to butterfly so then you have 2 fly's in one thing)
And if you cant make a own just read tutorials or just use trail and error
(I made my own cms too ;$ in asp.net and i love it lol)
gr Spot Ify

Maybe a like for me, Sir Jamal and Sopt Ify!!
 

chrisissick

Member
May 23, 2014
62
2
Hi,
So you guys have some problem with revcms??
Oke let we fix the exploityouDontSay
Find final public function forgotten() (class.users.php) and delete the whole function!
Go to class.core.php and delete everything that looks like this case "forgot":
PHP:
DELETE :
case "forgot":
$users->forgotten();
break;

DELETE :
case "forgot":
header('Location: '.$_CONFIG['hotel']['url'].'/me');
exit;
break;

Yeah you fixed the exploit! Nobody can change your password now!!
How was this could be used (Shame for the big retros)
How to find :By logging everything in your cms ;I Special thanks to Spot Ify
Found by searching into the logs :
And then found this :


The guy used this to change the password :


He also could use post form to change the password since you guys are stupid to put seckey to NULL or 1234 XD
Owner who destroyed all your things Ricardo ... Owner : weebz.net
Maybe something you guys need to do:


Maybe a like for me, Sir Jamal and Sopt Ify!!


so i followed your tut and did this and now my whole site pops up as a white screen, no page works
 

aliking

New Member
Jul 9, 2014
20
8
This isn't even an exploit - you cannot access this as it returns a 404 error.
This is another stupid tutorial to trick people;
 

Jerry

not rly active lol
Jul 8, 2013
1,956
522
This isn't even an exploit - you cannot access this as it returns a 404 error.
This is another stupid tutorial to trick people;
You don't see the point, can't really explain now but they use index.php?url=forgot to hack people's accounts and some shit.
 

Sledmore

Chaturbate Livestreamer
Staff member
FindRetros Moderator
Jul 24, 2010
5,194
3,901
The proper way to fix this is to fix the sec_key value on registration, though you you should only do that with a fresh database. Or to add a null check (the sec_key hash is null).
 

CoderX0X

Member
Jul 6, 2014
36
8
You don't delete the fucking function LMFAO u stupid cunt Jerry this is richbro I can't say much but the whole function u don't delete it ends with a { or a }
 

Users who are viewing this thread

Top