Unknown Exploit?

[Brandon]

Hello Devbest,

Recently my server has been getting exploited and a person who refers to themselves as "NodeNull" is able to rank themselves owner. I was thinking that it was Housekeeping but I removed it and he still had the ability to rank users owner.

This is really inconvenient as he can log in anytime and rank someone (or everybody in unfortunate cases) an owner.

If anybody might be able to help me patch this exploit or look at the potential cause that would be great! My hotel is

You must be registered for see links

I'm willing to offer Gold Subscription to anyone who can guarantee a fix

 

[Zenuyasha]

What CMS are you using?

 

[Mrmoseby]

What CMS are you using?

RevCMS

 

[Brandon]

What CMS are you using?

RevCMS with Hablore Edit but we tried changing themes and it was still exploitable :/

 

[Zenuyasha]

RevCMS

Did you patch all known revcms exploit fix in your cms?

 

[Mrmoseby]

Did you patch all known revcms exploit fix in your cms?

All known exploits in the base of RevCMS should be patched.

 

[Zenuyasha]

All known exploits in the base of RevCMS should be patched.

You sure bro?

 

[NeedForSpreed]

Have you removed the forgotten functions on the core? Maybe this guy has access to the vps and is acting like he's doing something cool lol

 

[Brandon]

Have you removed the forgotten functions on the core? Maybe this guy has access to the vps and is acting like he's doing something cool lol

Yes, forgotten has been patched. I don't believe he's changing staff passwords but we don't have pins so I'm going to add those right now.

 

[Weasel]

Already discussed this with filip - your previous dev had enabled remote connections and had a special "development" mysql user which had access to all databases.

 

[NeedForSpreed]

Already discussed this with filip - your previous dev had enabled remote connections and had a special "development" mysql user which had access to all databases.

That's a smart way of screwing hotels I havn't though about xD GRANT ALL [emoji14]

Skickat från min FRD-L09 via Tapatalk

 

[Brandon]

Already discussed this with filip - your previous dev had enabled remote connections and had a special "development" mysql user which had access to all databases.

Yeah. A friend also found there was a shell that allowed for users with the URL to upload/edit files so he disabled PHP executions in addition to this.

Just thought I'd post this incase anyone ever needs it for future reference.

 

[MasterJiq]

Give your revcms, I will search the exploit for you and I will tell you what things should be removed.
 
@Cyberbully and can I know, you're using IIS or Xampp ?

 

[MayoMayn]

Probably because RevCMS is deprecated and full of exploits lol.

Sent from my SM-G928F using Tapatalk

 

[MayoMayn]

Give your revcms, I will search the exploit for you and I will tell you what things should be removed.
 
@Cyberbully and can I know, you're using IIS or Xampp ?

RevCMS got nothing to do with a shell......
Unless its been implemented onto the CMS.

Sent from my SM-G928F using Tapatalk

 

[Haid]

Probably because RevCMS is deprecated and full of exploits lol.

Sent from my SM-G928F using Tapatalk

It was absolutely nothing to do with revcms and his cms likely has no exploits at all.