Unknown Exploit?

Status
Not open for further replies.
Feb 27, 2013
140
70
Hello Devbest,

Recently my server has been getting exploited and a person who refers to themselves as "NodeNull" is able to rank themselves owner. I was thinking that it was Housekeeping but I removed it and he still had the ability to rank users owner.
cat.png
This is really inconvenient as he can log in anytime and rank someone (or everybody in unfortunate cases) an owner.

If anybody might be able to help me patch this exploit or look at the potential cause that would be great! My hotel is

I'm willing to offer Gold Subscription to anyone who can guarantee a fix
 
Last edited:
Feb 27, 2013
140
70
Have you removed the forgotten functions on the core? :p Maybe this guy has access to the vps and is acting like he's doing something cool lol
Yes, forgotten has been patched. I don't believe he's changing staff passwords but we don't have pins so I'm going to add those right now.
 

NeedForSpreed

Member
May 18, 2014
326
71
Already discussed this with filip - your previous dev had enabled remote connections and had a special "development" mysql user which had access to all databases.
That's a smart way of screwing hotels I havn't though about xD GRANT ALL [emoji14]

Skickat från min FRD-L09 via Tapatalk
 
Feb 27, 2013
140
70
Already discussed this with filip - your previous dev had enabled remote connections and had a special "development" mysql user which had access to all databases.
Yeah. A friend also found there was a shell that allowed for users with the URL to upload/edit files so he disabled PHP executions in addition to this.

Just thought I'd post this incase anyone ever needs it for future reference.
 
Status
Not open for further replies.

Users who are viewing this thread

Top