[Release] RevCMS IMPORTANT Exploit Fix!

Musa_real · Dec 25, 2014

Parse error: syntax error, unexpected '{', expecting function (T_FUNCTION) in C:\xampp\htdocs\app\class.users.php on line 394

IWillSmackYou · Dec 26, 2014

I like how you copied from RZ and paste

RyanzRetros · Jan 20, 2015

Thanks Jerry. A serious exploit which most CMS' have fixed already by now but good for the noobs who don't check over CMS'.

Joshtinkgamer · Jan 31, 2015

Right... Working.. Yes....

Fatal error: Class Revolution\users contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (Revolution\iUsers::forgotten) inC:\xampp\htdocs\app\class.users.php on line 479

RyanzRetros · Jan 31, 2015

send the document @Joshtinkgamer

Khalil · Jan 31, 2015

CoderX0X said:
You don't delete the fucking function LMFAO u stupid cunt Jerry this is richbro I can't say much but the whole function u don't delete it ends with a { or a }

Yes he can.

Joshtinkgamer said:
Right... Working.. Yes....

Fatal error: Class Revolution\users contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (Revolution\iUsers::forgotten) inC:\xampp\htdocs\app\class.users.php on line 479

You forgot to delete that function ('forgotten()') from the user's class interface, go to interface.users.php and find 'final public function forgotten();' and delete that.

Joshtinkgamer · Jan 31, 2015

Khalil said:
Yes he can.

You forgot to delete that function ('forgotten()') from the user's class interface, go to interface.users.php and find 'final public function forgotten();' and delete that.

Oh ehh thank you. Haha

Avduf · Feb 9, 2015

I get white page?

brentjuh2000 · May 15, 2015

i get Parse error: syntax error, unexpected '{', expecting function (T_FUNCTION) in C:\xampp2\htdocs\app\class.users.php on line 393

RyanzRetros · May 15, 2015

brentjuh2000 said:
i get Parse error: syntax error, unexpected '{', expecting function (T_FUNCTION) in C:\xampp2\htdocs\app\class.users.php on line 393

If it is just at the top of the page, go to app/management/config.php and replace the <?php with this:

PHP:

<?php
error_reporting(0); //This will stop errors at the top of the page.

brentjuh2000 · May 15, 2015

Thanks Again.. Ryanz

RyanzRetros · May 15, 2015

brentjuh2000 said:
Thanks Again.. Ryanz

You're welcome, not been very active recently, so think you're the first in a while...

brentjuh2000 · May 16, 2015

still getting it worked like 1 min orso and its back

Parse error: syntax error, unexpected '{', expecting function (T_FUNCTION) in C:\xampp2\htdocs\app\class.users.php on line 393

RyanzRetros · May 16, 2015

brentjuh2000 said:
still getting it worked like 1 min orso and its back

Parse error: syntax error, unexpected '{', expecting function (T_FUNCTION) in C:\xampp2\htdocs\app\class.users.php on line 393

Then you have either fucked up or removed the code I sent... Send the config.PHP file BUT REMOVE IP'S AND PASSWORDS!!

Jerry · May 16, 2015

I did this tutorial release terribly as I have copied this from a rival forum..

I. Go to class.core.php
Find:

Code:

$users->forgotten();

Replace with:

Code:

//$users->forgotten();

II. Go to class.users.php
Find: final public function forgotten()

Inside the brackles or whatever { code inside this }, delete everything inside the brackles..

Your code should look like this after deleting the code inside the brackles;

Code:

final public function forgotten()
{

}

That should fix it.

Sent from my iPhone using Tapatalk

Also, if you plan on deleting the entire function, follow this quote below:

Khalil said:
You forgot to delete that function ('forgotten()') from the user's class interface, go to interface.users.php and find 'final public function forgotten();' and delete that.

warm · May 18, 2015

Jerry_ said:
Yeah you fixed the exploit! Nobody can change your password now!!
How was this could be used (Shame for the big retros)
How to find :By logging everything in your cms ;I Special thanks to Spot Ify
Found by searching into the logs :
And then found this :

The guy used this to change the password :

You must be registered for see links

He also could use post form to change the password since you guys are stupid to put seckey to NULL or 1234 XD
Owner who destroyed all your things Ricardo ... Owner : weebz.net
Maybe something you guys need to do:

Maybe a like for me, Sir Jamal and Sopt Ify!!

Thanks for the warning!
Cheers

Spades · Aug 8, 2015

How do I do the exploit?

Khalil · Aug 8, 2015

Spades said:
How do I do the exploit?

You send a GET request on HTTP. Though you can't, seeing as most retros powered by Rev patched it a long time ago.

Simon121 · Aug 25, 2015

RyanzRetros said:
If it is just at the top of the page, go to app/management/config.php and replace the <?php with this:

PHP:

<?php error_reporting(0); //This will stop errors at the top of the page.

That will make the hotel more Exploit!
Dont add error_reporting(0);

The only way to get a secure hotel is, fix all errors, dont use cheats!
and,

In class.users.php you gonna,
find

/*-------------------------------Loggin forgotten-------------------------------------*/

final public function forgotten()
{
global $template, $_CONFIG, $core;

if(isset($_POST['forgot']))
{

$template->form->setData();
unset($template->form->error);

if($this->nameTaken($template->form->for_username))
{
if(strlen($template->form->for_password) > 6)
{
if($this->getInfo($this->getID($template->form->for_username), 'seckey') == $core->hashed($template->form->for_key))
{
$this->updateUser($this->getID($template->form->for_username), 'password', $core->hashed($template->form->for_password));
$template->form->error = 'Account recovered! Go <b><a href="index">here</a></b> to login!';
return;
}
else
{
$template->form->error = 'Secret key is incorrect';
return;
}
}
else
{
$template->form->error = 'Password must have more than 6 characters.';
return;
}
}
else
{
$template->form->error = 'Username does not exist';
return;
}
}
}

And replace it with,

/*-------------------------------Loggin forgotten-------------------------------------*/

final public function forgotten()
{
}

better than the jerry has explained , a little more easy for beginners ! I will make tutorials I also peoples!! just wait and see !
I'm gonna make a RevCMS Edit without Exploit!

RyanzRetros · Aug 25, 2015

Simon121 said:
That will make the hotel more Exploit!
Dont add error_reporting(0);

The only way to get a secure hotel is, fix all errors, dont use cheats!
and,

In class.users.php you gonna,
find

And replace it with,

better than the jerry has explained , a little more easy for beginners ! I will make tutorials I also peoples!! just wait and see !
I'm gonna make a RevCMS Edit without Exploit!

Don't mean to sound harsh or anything, but I don't know if you realise that NON-EXPLOITABLE ReVCMS' are EVERYWHERE. Also, Jerry's tutorial is good enough for anyone who can code, so if you can't figure out that tiny bit of basic PHP, I think there is no point in you trying to work on the CMS, you would get a developer... But thanks for your feedback, and I look forward to your tutorials which sound like they're going to bring in more noobs for the community, who then rename etc.

[Release] RevCMS IMPORTANT Exploit Fix!

Member

New Member

Developer of ChakCMS

Member

Developer of ChakCMS

IDK

Member

Member

New Member

Developer of ChakCMS

New Member

Developer of ChakCMS

New Member

Developer of ChakCMS

not rly active lol

Active Member

New Member

IDK

New Member

Developer of ChakCMS

Users who are viewing this thread