Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[CMS] Exploit!

Custom Title Activated
Member
Joined
Jun 27, 2009
Messages
1,571
Reaction score
170
Hey Pepz,

So I now came to find out someone is exploiting my site.

This keep popping up every time I go to the community page.

Glee - [CMS] Exploit! - RaGEZONE Forums


My Community page code

PHP:
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta http-equiv="content-type" content="text/html; charset=utf-8">
        <title>{hotelName} - Community</title>
        
        <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/common.css" type="text/css">
        <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/lightweightmepage.css" type="text/css">
        <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/campaigns.css" type="text/css">
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs2.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/visual.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/libs.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/common.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/fullcontent.js"></script>
        <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/lightweightmepage.js"></script>

        <script type="text/javascript">
            document.habboLoggedIn = true;
            var habboName = "{username}";
            var habboId = {userid};
            var habboReqPath = "";
            var habboStaticFilePath = "{url}/app/tpl/skins/Habbo";
            var habboImagerUrl = "http://www.habbo.com/habbo-imaging/";
            var habboPartner = "";
            var habboDefaultClientPopupUrl = "{url}/client";
            window.name = "habboMain";
            if (typeof HabboClient != "undefined") {
                HabboClient.windowName = "eac955c8dbc88172421193892a3e98fc7402021a";
                HabboClient.maximizeWindow = true;
            }
        </script>
        
        <!--[if IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie8.css" type="text/css">
        <![endif]-->
        <!--[if lt IE 8]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie.css" type="text/css" />
        <![endif]-->
        <!--[if lt IE 7]>
            <link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/styles/ie6.css" type="text/css" />
            <script type="text/javascript" src="{url}/app/tpl/skins/Habbo/js/pngfix.js"></script>
            <script type="text/javascript">
                try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
            </script>
            <style type="text/css">
                body { behavior: url({url}/app/tpl/skins/Habbo/js/csshover.htc); }
            </style>
        <![endif]-->
    </head>
    
    <body id="home">
    <?php 

$navigatorID = 2;
require_once ('includes/header.php'); 

?>
            </div>
            </div>
        </div>
        <div id="content-container">
            <div id="navi2-container" class="pngbg">
                <div id="navi2" class="pngbg clearfix">
                    <ul>
                        <?php 

$subNavigatorID = 1;
require_once ('includes/subnavi.php'); 

?>

                    </ul>
                </div>
            </div>
    <div id="container">
        <div id="content" style="position: relative" class="clearfix">
            <div id="promo-box">

                <div id="promo-bullets"></div>

            <?php
            $to5 = mysql_query("SELECT * FROM cms_news ORDER BY ID DESC LIMIT 5") or die(mysql_error());
            ?>

            <?php $i = 0; while($newsobject = mysql_fetch_assoc($to5)){ $i++; ?>

                    <div class="promo-container" style="background-image: url({url}/web_promo/<?php echo $newsobject['image']; ?>)<?php if($i != '1'){ ?>; display: none<?php } ?>">
                        <div class="promo-content-container">
                            <div class="promo-content">
                                <div class="title"><?php echo $newsobject['title']; ?></div>
                                <div class="body"><?php echo $newsobject['shortstory']; ?></div>
                            </div>
                        </div>
                        <div class="promo-link-container">
            <div class="enter-hotel-btn">
            <div class="open enter-btn">
                         <a href="{url}/news/<?php echo $newsobject['id']; ?>">Read the full article »</a>
                    <b></b>
                </div>
            </div>
            <div style="color:#FFF;margin-top:25px;margin-left:10px;">Posted on: <b><?php echo date('F d, Y', $newsobject['published']); ?></b></div>
                        </div>
                    </div>

                    <?php }?>

            </div>
                <div class = "right"></div>
                            <script type="text/javascript">
                                document.observe("dom:loaded", function() { PromoSlideShow.init(); });
                            </script>                       
<div id="column1" class="column">
<div class="habblet-container ">
<div class="cbb clearfix red ">
<h2 class="title"><span style="float: left;">Random Users</span></h2>
<?php
                        $GetUsers = mysql_query("SELECT * FROM users WHERE id ORDER BY RAND() LIMIT 3");
                        while($Users = mysql_fetch_assoc($GetUsers))
                        {
                            echo "<div class=\"ContentBox\"><div class=\"BoxHeader\" id=\"blue\">{$Users['name']}</div><div class=\"BoxContent\"><p>";
                            $GetUsers = mysql_query("SELECT username,motto,online,look FROM users WHERE id ORDER BY RAND() LIMIT 3");
                            while($Users = mysql_fetch_assoc($GetUsers))
                            {
                                if($Users['online'] == 1){ $OnlineStatus = "<font color=\"darkgreen\"><b>Online</b></font>"; } else { $OnlineStatus = "<font color=\"darkred\"><b>Offline</b></font>"; }
                                echo "<img style=\"position:absolute;\" src=\"http://www.habbo.com/habbo-imaging/avatarimage?figure={$Users['look']}&action=crr=3&direction=2&head_direction=3&gesture=sml&size=1\">"
                                    ."<p style=\"margin-left:80px;margin-top:20px;\"><strong>{$Users['username']}</strong><br>{$Users['motto']}</p>"
                                    ."<p style=\"float:right;margin-top:-30px;margin-right:5px;\">{$OnlineStatus}</p><br><br><br>";
                            }
                            echo "</p></div></div>";
                        }
                    ?>
<div id="room-more-data-h124" style="display: none">
<ul class="habblet-list room-more-data"> 
</div>
<table style="margin-left: 55px; padding-top: 6px;">
<tr style="padding: 0;">
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="column2" class="column">
<div class="habblet-container ">
<div class="cbb clearfix blue ">
<h2 class="title"><span style="float: left;">Random Groups</span></h2>
<div style="padding: 5px;">
<table style="margin-left: 55px; padding-top: 6px;">
<tr style="padding: 0;">
<?php
	$get = mysql_query("SELECT * FROM guilds ORDER BY rand() DESC LIMIT 5");
	while ($group = mysql_fetch_assoc($get))                     {
		echo '<div style="padding: 5px;">
                     <img style="margin-top:5px; margin-left: 10px;position: absolute;" src="https://swf.habcheer.ca/c_images/Badgeparts/generated/' . htmlspecialchars ($group['badge']) . '.png" alt="" align="middle"/>
                     <table style="margin-left: 68px; padding-top: -3px;">
                     <tr style="padding: 0;">
                     <td>
                     ' . htmlspecialchars ($group['name']) . '</a><br/>
                     <p style="padding-top: 6px;">' . htmlspecialchars ($group['description']) . '<br/>
                     </p>
                     </td>
                     </tr>
                     </table>
                     <hr>
                     </div>
                         ';
	}

	?>
</div>
</div>
</div>

                            </div>
                        </div>
                        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
                        
                    </div>
                    
                        


                        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
                    </div>
                </div>
            <script type="text/javascript">
                document.observe('dom:loaded', function() {
                    CurrentRoomEvents.init();
                });
            </script>
        </div>
		
        <script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
        <script type="text/javascript">
            HabboView.run();
        </script>

        <!--[if lt IE 7]>
            <script type="text/javascript">
                Pngfix.doPngImageFix();
            </script>
        <![endif]-->
       </tr>
       </table>
       </div>
       </div>
       </div>
       </div>
            <div id="footer">
                    </div>
                    <?php  include('includes/footer.php'); ?>
    
    </body>
</html>
 
Initiate Mage
Joined
Jun 3, 2014
Messages
25
Reaction score
4
Filter out the <script> tags from the motto is probably the quickest and easiest way imo
 
Upvote 0
Custom Title Activated
Member
Joined
Jun 27, 2009
Messages
1,571
Reaction score
170
Filter out the <script> tags from the motto is probably the quickest and easiest way imo

How would I filter out? Because I don't want this happening again.



Filter out the <script> tags from the motto is probably the quickest and easiest way imo

How would I filter out? Because I don't want this happening again.
 
Upvote 0
Initiate Mage
Joined
Jun 3, 2014
Messages
25
Reaction score
4
same way the group display did it
Code:
. htmlspecialchars ($group['description'])
the above transforms characters into html entities. Do the same to the motto
 
Upvote 0
Custom Title Activated
Member
Joined
Jun 27, 2009
Messages
1,571
Reaction score
170
same way the group display did it
Code:
. htmlspecialchars ($group['description'])
the above transforms characters into html entities. Do the same to the motto

I attempted to change the code little but I get 500 Internal Error.

I need to have these { } in my code for it to work but I get this in my code.

Glee - [CMS] Exploit! - RaGEZONE Forums
 
Upvote 0
Initiate Mage
Joined
Jun 3, 2014
Messages
25
Reaction score
4
Code:
."<p style=\"margin-left:80px;margin-top:20px;\"><strong>" . htmlspecialchars($Users['username']) . "</strong><br>" . htmlspecialchars($Users['motto'] . "</p>"
 
Upvote 0
◝(⁰▿⁰)◜Smile◝ (⁰▿⁰)◜
Developer
Joined
May 29, 2007
Messages
2,167
Reaction score
898
Filter your output but also your input if you can.

The best way of figuring out what has caused is by visiting the page and going trough the generated HTML and look for alert.
 
Upvote 0
Back
Top