LinkBack URL
About LinkBacks
Solution = RevCMS
Welcome to the RaGEZONE - MMORPG development forums.
This is a discussion on How your hotel gets "hacked".... within the Habbo Tutorials forums, part of the Habbo Hotel category; I really do enjoy pissing on the bonfire's of "l33t nubs" and especially the almighty "Zejew" Zecrew*. So here is ...
I really do enjoy pissing on the bonfire's of "l33t nubs" and especially the almighty "Zejew" Zecrew*.
So here is how your phoenix and or uber hotel's gets exploited, through the register page.
// THIS IS NOT A HACKING TUTORIAL, JUST SHOWING YOU WHAT HAPPENS ON AN UNSECURE CMS.
Firstly, you require a program called "Havij".
It is a specialised sql inejction program, that basically does all the querys for you.
You also require the "POST data" for uber exploits.
To exploit on uber(If vulnerable), you must first check the register page type.
If using the old register, with green shit use the following url.
(http://www.site.com/register_submit)
The post data is...
bean.avatarName=%Inject_Here%&bean.password=lawl123&bean.retypedPassword=lawl123&bean.email=aelkrwlawr%40awrlawr.com&bean.day=13&bean.month=7&bean.year=1979&bean.parentEmail=&recaptcha_challenge_field=03AHJ_Vusdlhnu-boAW_CfwD97Y3AiIhbdW_KVUI0EfuKsSnteQK3OhdZMrv-yQ1LOW6Ve_83WZBpLpy0It4IIPjK79w4K519N6VLtJ4F94_ERYh3Ci50M9I8LSgHKqT5vKyytcX_VZsaPDvaVnXYXaaKoiPM4_1BqbA&recaptcha_response_field=menticlo+plus&bean.tos=accept
If using the new register, AKA Quick register use the following url.
(http://www.site.com/quickregister/email_password_submit)
And the post data-
bean.name=%Inject_Here%&bean.email=[email protected]&bean.password=lawl123&bean.retypedPassword=lawl123&bean.termsOfServiceSelection=accept
For phoenix the url must be
(http://site.com/index.php?error=ban&user=%Inject_Here%)
and set to "Get".
For a tutorial on patching it, google is your way forward.
Simply search "patch sql injection vuln".
And for any "l33t" nubs reading this, your not so l33t now that everyone knows this simple exploit
Solution = RevCMS
Rofl, *Cough* who told you this ;).
100% true, plus i hate how its out of range and then the whole thread is messed-.-Originally Posted by SuperNoob
Cant find the link to a patch. fml.
I don't run around for people here. No-one nowadays provides anything useful for me so why should I?
Besides, if your not going to event ry and get your hotel patched, then why the hell should I spoon feed it to you all.
And one more thing, the title says "How your hotel gets hacked". Not "How to prevent...".
Jesus christ Mithex, I would of thought that even you could of understood that?
And siem, If your so assed about my thread's layout then go re design it for me, and send me it via pm. If you do, your one sad mofo.
For the record its impossible to have a cms that's not exploitable
I'm sure the owners of their hotel would know this. If they had a brain to develop a retro, they must have a brain to know the basics of how your hotel gets hacked.
Good guide, I'm sure this will help a lot of retro owners.
Hotels only get hacked because of the CMS they're using like PhoenixPHP that's easy to hack
Interesting
There is thousands of ways to bring down site's and hotel's.
xss injection (possible in uber)
Denial of service (a cowards way out)
Shell's (a four year olds weapon)
The list goes on.
Precisely.
By using PhoenixPHP, now, you're simply saying; "Hax0rz me PL0X <3" to ZeJew.
mhm - Would find any expliots . :L Nice -
If you wish to patch these exploits simply look in the Habbo Release section and you will see I have patched them.
Posting Permissions
