[Release] DeltaCMS 1.0 - First Version of Delta!

[AmirZ]

(Update 1-2-2012) 1.0.7: http://www.mediafire.com/download.php?cdshnwao6syyv08
Another update for it: http://www.mediafire.com/download.php?ww32bvkd89g9lyd (not complete, replace the files that are already in there)

(Update 31-1-2012) 1.0.6: http://www.mediafire.com/download.php?i7v51caha1wnw20

New 1.0.3: http://www.mediafire.com/download.php?3qqt98juxl7v445 (1.0.3)
It was already in the reactions but for the people that don't want read the reactions here.

I think all exploits fixed in 1.3 ;)
________________________________


Hello RaGEZONE

Everyone who downloaded my releases knows I was working on a CMS from scratch called DeltaCMS. George2000 would make the emu, DeltaEMU, to work with it but he didn't have enough time so I made the cms compatible with Phoenix Emulator.

So I have two versions: With and without news/campaign images and badges. That images are the same as Public/Images from phoenix so just copy that map if you already have phoenix and don't want to download it.

DL Link with images: DeltaCMS 1.0.rar
DL Link without images: DeltaCMS 1.0 - No news Images.rar

Database: phxtest.sql

I made two themes called Test and Habbo. "Habbo" is dutch and "Test" is English. I only have a little housekeeping yet.

Best XAMPP: http://www.oldapps.com/xampp.php?app...cb5ebdc888865f (1.6.8)
Xampp 1.7.3 and below should work.

PHPMyAdmin security fix:
open C:/xampp/phpmyadmin/index.php and on top place:
<?php
if($_SERVER['REMOTE_ADDR'] !== '127.0.0.1'){
header("Location: ../yousuckman!");
exit();
}
?>

Screens (Habbo Theme):






Live Demo (nog 24/7): Hablow.dyndns.org
I don't think DeltaCMS will still be on Hablow over a month so please post other demos :)

And I have a request: Can some people code more themes for 1.1?


Please like the thread if you like it!
+ I still want my account 'azaidi' back

__
Exploit found by joopie:
Very important:

change:

foreach($_COOKIE as $key => $value){
$_SESSION[$key]=X($value);
}

to:

foreach($_COOKIE as $key => $value){
$_COOKIE[$key]=X($value);
}

[MichellGeerdink]

Nice AmirZ

You are pro.

[AmirZ]

Are you the owner of sunniechat?

[Jaxter]

That , just look's exactly like HabboRE CMS....

[Akimbo]

Nah, it is allright, credits for the effort! :)

[joopie]

Which fag removed my post?

Cant i say there is an exploit?, Jesus, ragefags
Posted via Mobile Device

[Hejula]

Whatever idiot keeps removing Joopie's post just STOP! Either delete the thread or leave the post!! He is warning everyone about a major exploit in this CMS.

[AmirZ]

Ohw didn't know filtering cookies would become an exploit?

[Hejula]

Ohw didn't know filtering cookies would become an exploit?

Not filtering, you changing them into sessions - Joopie was explaining to me on MSN that you can put session Username and change it to an administrators username, then reload the page it converts that cookie you created to a session and you are on administrator account.

[AmirZ]

foreach($_COOKIE as $key => $value){
$_SESSION[$key]=X($value);
}

WOW OOPS! IT SHOULD BE:

foreach($_COOKIE as $key => $value){
$_COOKIE[$key]=X($value);
}

[joopie]

Btw, You don't need to filter the session as it is server-side.
Only when you set the session with an value from the post/get/cookie (client-side) you need to filter it.

[leenster]

I knew joopie was here for a reason... :)
Posted via Mobile Device

[v00rp]

Are you the owner of sunniechat?

I'm the Co-owner / dev of sunniechat :-)
Next time use a better password for your hotel and databases, ktnxbye.

Also, Your cms is exploitabale like sh*t.


> Also.
Next time dont tell us that you are going to "hack" us, and put my name in your copyright.

>> Oh and

<?php
if($_SERVER['REMOTE_ADDR'] !== '127.0.0.1'){
header("Location: ../yousuckman!");
exit();
}
?>

Wont work if you are hosting it on a webhost.
:-)

[Mavec]

It has a nice design, me like Uber Design.

But this ''DeltaCMS'' has exploits, fix this in your second version for positive comments.
You are doin' well but it can be better, good luck!

[AmirZ]

Ohw I thought a simple post and get script would make it exploit free, I was wrong..