uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

Page 1 of 2 12 LastLast
Results 1 to 15 of 30
  1. #1
    iiiiiiiiiii Brought is offline
    True MemberRank
    Aug 2013 Join Date
    479Posts

    wink uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Hey everyone,

    Figured I'd release this CMS as I have absolutely no use for it and I'm sure someone can make use of it.

    DELETE THE FILE index.php or lol.php in the folder "officialrooms_es" in the SWFs, or just delete the whole SWF folder. It contains a shell.

    In order to get your register working, you need to remove the mail server BS that's included. I can't find the database right now and cba looking so scrap it up yourself for now and I'll probably post it later on.

    Please note: This CMS is not safe to use on a live environment. I don't care about what issues it has, I'm releasing this for further developmental purposes or so you can take things from it, do whatever, I don't care.

    Download link: https://mega.nz/#!NwEmCQaA!RG8Gns3mH...QnXyjnaWZqblEM

    Credits: Damien and whoever else.


    Last edited by Brought; 16-05-16 at 11:51 AM.



  2. #2
    #GoFuckYourself Cankiee is offline
    Indigo SubscriberRank
    May 2013 Join Date
    North KoreaLocation
    955Posts

    re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Great release.

    I like the many unique functions on it.

    Thanks for sharing mate,



  3. #3
    Registered vqoley is offline
    MemberRank
    Dec 2013 Join Date
    10Posts

    re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    great. thanks but i did not see any sql file there.

  4. #4
    Plis rash bi sait! Alozi is offline
    True MemberRank
    Nov 2014 Join Date
    SwedenLocation
    456Posts

    re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    A forum in the cms?! waow it seems pretty nice.

    I hope someone will pick this up and develop it

  5. #5
    Newbie Sha Red is offline
    MemberRank
    Dec 2015 Join Date
    2Posts

    re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Database for this?

    --Update--

    Sorry, i didn't read the text

  6. #6
    You looking at me? Zoxq is offline
    True MemberRank
    Dec 2015 Join Date
    330Posts

    re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Is it possible to get an DB for this?
    --------------------------------------------------
    Great release!

    Keep it up ;)
    Last edited by Zoxq; 14-05-16 at 11:20 PM.

  7. #7
    Death from above! The General is offline
    DeveloperRank
    Aug 2011 Join Date
    9,225Posts

    re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Assume its unsafe because of all the exploits in homes / groups? Atleast thats how it was with PHPRetro / UberCMS.
    Discord: TheGeneral#0063
    Join the Arcturus Discord server: https://discord.gg/eDr7FKQ (You can ask help here regarding Arcturus :love)

  8. #8
    Registered Geo is offline
    MemberRank
    May 2016 Join Date
    United KingdomLocation
    16Posts

    re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Quote Originally Posted by The General View Post
    Assume its unsafe because of all the exploits in homes / groups? Atleast thats how it was with PHPRetro / UberCMS.
    It's not the homes/groups, rather the poor implementation of security and validation throughout the base functionality.

    Some data isn't sanitized before output, some stuff isn't prepared etc

  9. #9
    Registered haqshot is offline
    MemberRank
    Feb 2016 Join Date
    16Posts

    Support Re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS


  10. #10
    Member Damien Jolly is offline
    MemberRank
    Apr 2014 Join Date
    93Posts

    Re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Proof:


    Feel free to download a check for yourself
    I'm not to be held responsible for any other exploits that he could/might have put in.

  11. #11
    iiiiiiiiiii Brought is offline
    True MemberRank
    Aug 2013 Join Date
    479Posts

    Re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Quote Originally Posted by Damien Jolly View Post
    Proof:


    Feel free to download a check for yourself
    I'm not to be held responsible for any other exploits that he could/might have put in.
    Yes there is a shell in it. One that was put in due to your shit being exploitable.
    This cms is not stable nor would I use it on a live environment at anytime. I can't put enough emphasis on this.

    Blame me for your shitty code, hahahahahhaa. Blame me for the shell? Yes, rightfully so.
    When I posted this on DevBest I had included that in the title but you and Seb were too upset and wet your pants over your shitty cms being released that it got deleted.

    Just delete the whole swf folder if you'd like to be "100% safe" from any shells.
    It's in officialrooms_es I think? Just deleted it from my copy as well.


  12. #12
    https://zaphotel.net/ Jonteh is offline
    GammaRank
    Apr 2007 Join Date
    New ZealandLocation
    3,389Posts

    Re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Not bad work overall, though it's not my style. Well done Damien!
    @Brought why not delete the shell before releasing? Mirrored just the CMS here: https://archive.zaphotel.net/view/3
    Jonteh
    Habbo Retro Developer

    HabboFiles | Zap Hotel

  13. #13
    xHosts.uk Robot is offline
    True MemberRank
    Apr 2015 Join Date
    EnglandLocation
    728Posts

    Re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Looks neat, nice to see someone put effort in their work unlike 90% of the community today :L

    xHosts - Support Staff - Visit us today @ xhosts.uk

  14. #14
    Registered Geo is offline
    MemberRank
    May 2016 Join Date
    United KingdomLocation
    16Posts

    Re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Quote Originally Posted by Jonteh View Post
    Not bad work overall, though it's not my style. Well done Damien!
    @Brought why not delete the shell before releasing? Mirrored just the CMS here: https://archive.zaphotel.net/view/3
    He probably has better things to do, although he has recently mentioned where to find the shell and re-uploaded a few posts back.

    Anyhow, he also stated that this release should NOT be used in production and only for "further developmental purposes", so I guess it doesn't really matter whether he removed it or not unless someone decided to use this for their live hotel, oh god I'd be safer on Holo.



    Quote Originally Posted by Robot View Post
    Looks neat, nice to see someone put effort in their work unlike 90% of the community today :L
    Where's the effort then? All I see is a total mess


    This is slow, insecure, messy and breaks an uncountable number of practices, what is there that is actually worth anything?


    I personally like the top stats page design, everything else is just pure garbage IMO.


    P.S: If you're going to use PDO, at least use it correctly, creating an escape function as seen in this release is quite the opposite of that.

    https://i.imgur.com/XXH4i6c.png
    https://i.imgur.com/RDKzZKJ.png

    Find it quite funny that he actually added a comment for this function labeling it as an exploit lol, btw I believe the function you were looking to use in the escape_value function is PDO::quote even though this isn't necessary given the correct practices are followed.


    This makes my eyes water: https://i.imgur.com/sIGwgnc.png

  15. #15
    Member Damien Jolly is offline
    MemberRank
    Apr 2014 Join Date
    93Posts

    Re: uHabboCMS Release ~ Older Version ~ Forums ~ Avatar Selector ~ Custom CMS

    Quote Originally Posted by Geo View Post
    He probably has better things to do, although he has recently mentioned where to find the shell and re-uploaded a few posts back.

    Anyhow, he also stated that this release should NOT be used in production and only for "further developmental purposes", so I guess it doesn't really matter whether he removed it or not unless someone decided to use this for their live hotel, oh god I'd be safer on Holo.





    Where's the effort then? All I see is a total mess


    This is slow, insecure, messy and breaks an uncountable number of practices, what is there that is actually worth anything?


    I personally like the top stats page design, everything else is just pure garbage IMO.


    P.S: If you're going to use PDO, at least use it correctly, creating an escape function as seen in this release is quite the opposite of that.

    https://i.imgur.com/XXH4i6c.png
    https://i.imgur.com/RDKzZKJ.png

    Find it quite funny that he actually added a comment for this function labeling it as an exploit lol, btw I believe the function you were looking to use in the escape_value function is PDO::quote even though this isn't necessary given the correct practices are followed.


    This makes my eyes water: https://i.imgur.com/sIGwgnc.png
    Never used PDO is my life, I just added it as an example of the multiple database support. I added the comment in case people decided to use it in future and were planning to use PDO.

    That's completely irrelevant in the later builds since I moved over to using prepared statements.

    Although I do agree with you, the Database object I coded for this is pretty shocking to say the least. It's not the worst but has a lot of room for improvement.



Page 1 of 2 12 LastLast

Advertisement