Revcms Exploit Help (PHP)

[steno]

Hello Devbest,

I have just had someone come on my hotel and they claimed to use a PHP exploit to rank themself.

Where is the exploit located in? How do i fix it? and How do i know if it's an exploit?

Please help

Regards,

 

[Balls]

claimed

Did they rank themselves or not? You should look into your user database and find the guy and ip block him from your website.
In the mean time, you can look around on the forum for any expolit fixes. Most recent:

You must be registered for see links

 

[steno]

They ranked themselves. And used the hotel alert command. I'm using Revcms and using custom-habbo theme.

I also patched exploits up from that thread you provided.

 

[Balls]

They ranked themselves. And used the hotel alert command. I'm using Revcms and using custom-habbo theme.

I also patched exploits up from that thread you provided.

All I can advise is to change database/vps/hotel login password. IP Block them from the hotel and use a more secure custom theme for the time being.

 

[Jerry]

I heard they're using a "WPE Script" to get hotel packets, etc.. Happened to my RP, haha..

 

[steno]

Person who came on the hotel who did it said its a PHP exploit they're using.

 

[Jerry]

Uhm, Maybe it's the Forgot Password then.. Read the thread Sakura mention and figure out how to delete/remove it.

 

[steno]

Apparently the exploit was in my profile.php and tradesettings.php. I can see on the profile page they may have used the motto field to put a PHP script in there to rank themselves.

 

[FunkyBohh]

Go To Class.Core.php and remove the "Forgotten" bit

 

[thatsronnie4u]

Uhm, Maybe it's the Forgot Password then.. Read the thread Sakura mention and figure out how to delete/remove it.

How did you patch this?

 

[Rahmat]

what is the link of ur hotel?

 

[rent]

Remove tradesettings.php bro