[Release] RevCMS IMPORTANT Exploit Fix!

Musa_real

Member
Aug 7, 2013
32
1
Parse error: syntax error, unexpected '{', expecting function (T_FUNCTION) in C:\xampp\htdocs\app\class.users.php on line 394
 

RyanzRetros

Developer of ChakCMS
Jan 14, 2015
978
182
Thanks Jerry. A serious exploit which most CMS' have fixed already by now but good for the noobs who don't check over CMS'.
 

Joshtinkgamer

Member
Aug 2, 2014
36
3
Right... Working.. Yes....

Fatal error: Class Revolution\users contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (Revolution\iUsers::forgotten) inC:\xampp\htdocs\app\class.users.php on line 479
 

Khalil

IDK
Dec 6, 2011
1,642
786
You don't delete the fucking function LMFAO u stupid cunt Jerry this is richbro I can't say much but the whole function u don't delete it ends with a { or a }
Yes he can.
Right... Working.. Yes....

Fatal error: Class Revolution\users contains 1 abstract method and must therefore be declared abstract or implement the remaining methods (Revolution\iUsers::forgotten) inC:\xampp\htdocs\app\class.users.php on line 479
You forgot to delete that function ('forgotten()') from the user's class interface, go to interface.users.php and find 'final public function forgotten();' and delete that.
 
Last edited:

brentjuh2000

New Member
Mar 30, 2015
5
2
i get Parse error: syntax error, unexpected '{', expecting function (T_FUNCTION) in C:\xampp2\htdocs\app\class.users.php on line 393
 

RyanzRetros

Developer of ChakCMS
Jan 14, 2015
978
182
i get Parse error: syntax error, unexpected '{', expecting function (T_FUNCTION) in C:\xampp2\htdocs\app\class.users.php on line 393
If it is just at the top of the page, go to app/management/config.php and replace the <?php with this:
PHP:
<?php
error_reporting(0); //This will stop errors at the top of the page.
 

brentjuh2000

New Member
Mar 30, 2015
5
2
still getting it worked like 1 min orso and its back

Parse error: syntax error, unexpected '{', expecting function (T_FUNCTION) in C:\xampp2\htdocs\app\class.users.php on line 393
 

RyanzRetros

Developer of ChakCMS
Jan 14, 2015
978
182
still getting it worked like 1 min orso and its back

Parse error: syntax error, unexpected '{', expecting function (T_FUNCTION) in C:\xampp2\htdocs\app\class.users.php on line 393
Then you have either fucked up or removed the code I sent... Send the config.PHP file BUT REMOVE IP'S AND PASSWORDS!!
 

Jerry

not rly active lol
Jul 8, 2013
1,956
522
I did this tutorial release terribly as I have copied this from a rival forum..

I. Go to class.core.php
Find:
Code:
$users->forgotten();
Replace with:
Code:
//$users->forgotten();

II. Go to class.users.php
Find: final public function forgotten()

Inside the brackles or whatever { code inside this }, delete everything inside the brackles..

Your code should look like this after deleting the code inside the brackles;
Code:
final public function forgotten()
{

}

That should fix it.


Sent from my iPhone using Tapatalk
 
Also, if you plan on deleting the entire function, follow this quote below:
You forgot to delete that function ('forgotten()') from the user's class interface, go to interface.users.php and find 'final public function forgotten();' and delete that.
 

warm

Active Member
Jun 8, 2014
178
25
Yeah you fixed the exploit! Nobody can change your password now!!
How was this could be used (Shame for the big retros)
How to find :By logging everything in your cms ;I Special thanks to Spot Ify
Found by searching into the logs :
And then found this :


The guy used this to change the password :


He also could use post form to change the password since you guys are stupid to put seckey to NULL or 1234 XD
Owner who destroyed all your things Ricardo ... Owner : weebz.net
Maybe something you guys need to do:

Maybe a like for me, Sir Jamal and Sopt Ify!!
Thanks for the warning!
Cheers
 

Simon121

New Member
Mar 28, 2015
8
1
If it is just at the top of the page, go to app/management/config.php and replace the <?php with this:
PHP:
<?php
error_reporting(0); //This will stop errors at the top of the page.

That will make the hotel more Exploit!
Dont add error_reporting(0);

The only way to get a secure hotel is, fix all errors, dont use cheats!
and,

In class.users.php you gonna,
find
/*-------------------------------Loggin forgotten-------------------------------------*/

final public function forgotten()
{
global $template, $_CONFIG, $core;

if(isset($_POST['forgot']))
{

$template->form->setData();
unset($template->form->error);

if($this->nameTaken($template->form->for_username))
{
if(strlen($template->form->for_password) > 6)
{
if($this->getInfo($this->getID($template->form->for_username), 'seckey') == $core->hashed($template->form->for_key))
{
$this->updateUser($this->getID($template->form->for_username), 'password', $core->hashed($template->form->for_password));
$template->form->error = 'Account recovered! Go <b><a href="index">here</a></b> to login!';
return;
}
else
{
$template->form->error = 'Secret key is incorrect';
return;
}
}
else
{
$template->form->error = 'Password must have more than 6 characters.';
return;
}
}
else
{
$template->form->error = 'Username does not exist';
return;
}
}
}
And replace it with,
/*-------------------------------Loggin forgotten-------------------------------------*/

final public function forgotten()
{
}
better than the jerry has explained , a little more easy for beginners ! I will make tutorials I also peoples!! just wait and see !
I'm gonna make a RevCMS Edit without Exploit!
 

RyanzRetros

Developer of ChakCMS
Jan 14, 2015
978
182
That will make the hotel more Exploit!
Dont add error_reporting(0);

The only way to get a secure hotel is, fix all errors, dont use cheats!
and,

In class.users.php you gonna,
find

And replace it with,

better than the jerry has explained , a little more easy for beginners ! I will make tutorials I also peoples!! just wait and see !
I'm gonna make a RevCMS Edit without Exploit!
Don't mean to sound harsh or anything, but I don't know if you realise that NON-EXPLOITABLE ReVCMS' are EVERYWHERE. Also, Jerry's tutorial is good enough for anyone who can code, so if you can't figure out that tiny bit of basic PHP, I think there is no point in you trying to work on the CMS, you would get a developer... But thanks for your feedback, and I look forward to your tutorials which sound like they're going to bring in more noobs for the community, who then rename etc. :)
 

Users who are viewing this thread

Top