uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

[Brought]

Hey everyone,

Figured I'd release this CMS as I have absolutely no use for it and I'm sure someone can make use of it.

DELETE THE FILE index.php or lol.php in the folder "officialrooms_es" in the SWFs, or just delete the whole SWF folder. It contains a shell.

In order to get your register working, you need to remove the mail server BS that's included. I can't find the database right now and cba looking so scrap it up yourself for now and I'll probably post it later on.

Please note: This CMS is not safe to use on a live environment. I don't care about what issues it has, I'm releasing this for further developmental purposes or so you can take things from it, do whatever, I don't care.

Download link:

You must be registered to see links

Credits: Damien and whoever else.

 

[Cankiee]

Great release.

I like the many unique functions on it.

Thanks for sharing mate,

 

[vqoley]

great. thanks but i did not see any sql file there.

 

[Alozi]

A forum in the cms?! waow it seems pretty nice.

I hope someone will pick this up and develop it

 

[Sha Red]

Database for this?

--Update--

Sorry, i didn't read the text

 

[Zoxq]

Is it possible to get an DB for this?
--------------------------------------------------
Great release!

Keep it up

 

[The General]

Assume its unsafe because of all the exploits in homes / groups? Atleast thats how it was with PHPRetro / UberCMS.

 

[Geo]

Assume its unsafe because of all the exploits in homes / groups? Atleast thats how it was with PHPRetro / UberCMS.

It's not the homes/groups, rather the poor implementation of security and validation throughout the base functionality.

Some data isn't sanitized before output, some stuff isn't prepared etc

 

[haqshot]

 

[Damien Jolly]

Proof:

Feel free to download a check for yourself
I'm not to be held responsible for any other exploits that he could/might have put in.

 

[Brought]

Proof:

Feel free to download a check for yourself
I'm not to be held responsible for any other exploits that he could/might have put in.

Yes there is a shell in it. One that was put in due to your poop being exploitable.
This cms is not stable nor would I use it on a live environment at anytime. I can't put enough emphasis on this.

Blame me for your crappy code, hahahahahhaa. Blame me for the shell? Yes, rightfully so.
When I posted this on DevBest I had included that in the title but you and Seb were too upset and wet your pants over your crappy cms being released that it got deleted.

Just delete the whole swf folder if you'd like to be "100% safe" from any shells.
It's in officialrooms_es I think? Just deleted it from my copy as well.

 

[Jonteh]

Not bad work overall, though it's not my style. Well done Damien!
Brought why not delete the shell before releasing? Mirrored just the CMS here:

You must be registered to see links

 

[Robot]

Looks neat, nice to see someone put effort in their work unlike 90% of the community today :L

 

[Geo]

Not bad work overall, though it's not my style. Well done Damien!
@Brought why not delete the shell before releasing? Mirrored just the CMS here:

You must be registered to see links

He probably has better things to do, although he has recently mentioned where to find the shell and re-uploaded a few posts back.

Anyhow, he also stated that this release should NOT be used in production and only for "further developmental purposes", so I guess it doesn't really matter whether he removed it or not unless someone decided to use this for their live hotel, oh god I'd be safer on Holo.

Looks neat, nice to see someone put effort in their work unlike 90% of the community today :L

Where's the effort then? All I see is a total mess


This is slow, insecure, messy and breaks an uncountable number of practices, what is there that is actually worth anything?


I personally like the top stats page design, everything else is just pure garbage IMO.


P.S: If you're going to use PDO, at least use it correctly, creating an escape function as seen in this release is quite the opposite of that.

You must be registered to see links

You must be registered to see links

Find it quite funny that he actually added a comment for this function labeling it as an exploit lol, btw I believe the function you were looking to use in the escape_value function is PDO::quote even though this isn't necessary given the correct practices are followed.


This makes my eyes water:

You must be registered to see links

 

[Damien Jolly]

He probably has better things to do, although he has recently mentioned where to find the shell and re-uploaded a few posts back.

Anyhow, he also stated that this release should NOT be used in production and only for "further developmental purposes", so I guess it doesn't really matter whether he removed it or not unless someone decided to use this for their live hotel, oh god I'd be safer on Holo.





Where's the effort then? All I see is a total mess


This is slow, insecure, messy and breaks an uncountable number of practices, what is there that is actually worth anything?


I personally like the top stats page design, everything else is just pure garbage IMO.


P.S: If you're going to use PDO, at least use it correctly, creating an escape function as seen in this release is quite the opposite of that.

You must be registered to see links

You must be registered to see links

Find it quite funny that he actually added a comment for this function labeling it as an exploit lol, btw I believe the function you were looking to use in the escape_value function is PDO::quote even though this isn't necessary given the correct practices are followed.


This makes my eyes water:

You must be registered to see links

Never used PDO is my life, I just added it as an example of the multiple database support. I added the comment in case people decided to use it in future and were planning to use PDO.

That's completely irrelevant in the later builds since I moved over to using prepared statements.

Although I do agree with you, the Database object I coded for this is pretty shocking to say the least. It's not the worst but has a lot of room for improvement.

 

[Robot]

He probably has better things to do, although he has recently mentioned where to find the shell and re-uploaded a few posts back.

Anyhow, he also stated that this release should NOT be used in production and only for "further developmental purposes", so I guess it doesn't really matter whether he removed it or not unless someone decided to use this for their live hotel, oh god I'd be safer on Holo.





Where's the effort then? All I see is a total mess


This is slow, insecure, messy and breaks an uncountable number of practices, what is there that is actually worth anything?


I personally like the top stats page design, everything else is just pure garbage IMO.


P.S: If you're going to use PDO, at least use it correctly, creating an escape function as seen in this release is quite the opposite of that.

You must be registered to see links

You must be registered to see links

Find it quite funny that he actually added a comment for this function labeling it as an exploit lol, btw I believe the function you were looking to use in the escape_value function is PDO::quote even though this isn't necessary given the correct practices are followed.


This makes my eyes water:

You must be registered to see links

Referring to the new features, forums, homes etc. I haven't seen the code so for that I wouldn't know.

 

[goldidgger]

what emulator do we need for it ?

 

[goldidgger]

what version of uhabbo is this one 2.0 or 1.6.2?

 

[Droppy]

Just deleted "a few" posts from this thread. Please stay ontopic and please, you all, calm down a little bit.

 

[desilva]

It has many problems this cms ..