• Unfortunately, we have experienced significant hard drive damage that requires urgent maintenance and rebuilding. The forum will be a state of read only until we install our new drives and rebuild all the configurations needed. Please follow our Facebook page for updates, we will be back up shortly! (The forum could go offline at any given time due to the nature of the failed drives whilst awaiting the upgrades.) When you see an Incapsula error, you know we are in the process of migration.

RevCMS News Exploit?

U

uhHab

Junior Spellweaver
Joined
Nov 28, 2013
Messages
164
Reaction score
18
Hey guys, I'm having an issue with my Hotel & i'm not sure if it's to do with the CMS or housekeeping, but I've removed as many exploits as I can possibly find apart from one.

I'm having an issue where users can somehow write a news article on my hotel? Now, They can't access the HK nor log in, as I've tested this on a normal rank account. I'm not sure how this could be possible or how they could write news articles without the correct rank or permissions?

I'm currently using RevCMS with ShockCMS 2.2 and HubbASE Housekeeping.

If anyone knows of this issue or knows of a fix, I'd really appreciate any help. I've had to temporarily delete my Housekeeping to stop allowing users using this exploit. This means that staff on my hotel are not currently able to write news articles and such.

Thank you in advance for any help you guys may offer me.
 
Sort by date Sort by votes
BLuweesH

BLuweesH

Newbie Spellweaver
Joined
Jan 14, 2015
Messages
35
Reaction score
13
Use a pin system to access staff accounts, this fixes 99% of exploiting. Although, I would check over your RevCMS and ASE files, make sure there's checking on permissions etc.
 
Upvote 0
The Best DDoS Protected Servers
U

uhHab

Junior Spellweaver
Joined
Nov 28, 2013
Messages
164
Reaction score
18
BLuweesH said:
Use a pin system to access staff accounts, this fixes 99% of exploiting. Although, I would check over your RevCMS and ASE files, make sure there's checking on permissions etc.
Click to expand...

Thank you, I'll give that a try :).
 
Upvote 0
LeChris

LeChris

Typescript XOXO
500 Posts 10 Happy Years
Joined
Sep 10, 2011
Messages
778
Reaction score
138
Message me on Skype and I could look into this issue, chrismpettyjohn

It may be an issue with session checking, ie you may of testing if users could "login" on the housekeeping but they may just try to immediately access the dashboard or something else, which could be an issue in this case where the developer may of been lazy and not checked for rank when doing that
 
Upvote 0
B

BronzeSpider547

Junior Spellweaver
Joined
Dec 15, 2015
Messages
139
Reaction score
35
Why the hell do you still use Revision CMS? This is so damn outdated and bad. If you can't create your own CMS or PHP files to work with MySQL, then you can't make a retro. You don't make a retro if you just download files and open it up. That's not even a tutorial on how to make a retro, it's a tutorial on how to download files.
 
Upvote 0
BLuweesH

BLuweesH

Newbie Spellweaver
Joined
Jan 14, 2015
Messages
35
Reaction score
13
Hotels like Habboon still use RevCMS and credit the original owners; the engine is all there it's just about customizing it to how you like it. Look around at most hotels, they've always used good CMS releases such as HoloCMS, PHPRetro and RevCMS.
 
Upvote 0
Wuzix

Wuzix

Elite Diviner
10 Happy Years
Joined
Sep 17, 2013
Messages
403
Reaction score
58
BronzeSpider547 said:
Why the hell do you still use Revision CMS? This is so damn outdated and bad. If you can't create your own CMS or PHP files to work with MySQL, then you can't make a retro. You don't make a retro if you just download files and open it up. That's not even a tutorial on how to make a retro, it's a tutorial on how to download files.
Click to expand...

witch please, respect the newbies. You might be a newbie too, so respect the others.
 
Upvote 0
U

uhHab

Junior Spellweaver
Joined
Nov 28, 2013
Messages
164
Reaction score
18
LeChris said:
Message me on Skype and I could look into this issue, chrismpettyjohn

It may be an issue with session checking, ie you may of testing if users could "login" on the housekeeping but they may just try to immediately access the dashboard or something else, which could be an issue in this case where the developer may of been lazy and not checked for rank when doing that
Click to expand...

I'll add you on skype now, all help is gratefully appreciated.

BronzeSpider547 said:
Why the hell do you still use Revision CMS? This is so damn outdated and bad. If you can't create your own CMS or PHP files to work with MySQL, then you can't make a retro. You don't make a retro if you just download files and open it up. That's not even a tutorial on how to make a retro, it's a tutorial on how to download files.
Click to expand...

Just because I'm using RevCMS doesn't mean that I don't know how to make a Hotel. I know very basic php coding which I'm still learning as I go. I have no knowledge in making my own CMS, That still doesn't mean I don't know how to make a hotel? Like BluweesH said, Most of the big well known hotels use such CMS like RevCMS and such.
 
Upvote 0
BLuweesH

BLuweesH

Newbie Spellweaver
Joined
Jan 14, 2015
Messages
35
Reaction score
13
I just wanted to add that this is Habbo. You WILL get beginners here learning to do new things? As a young developer, starting to learn the basics can be important as it's quite advanced code (for a beginner anyway) getting to know the knowledge behind your own projects could potentially benefit you in the future and be open to more pathways when introduced to college/university.

We're not all top end experts and we don't all make our own CMS' :glare:
 
Upvote 0
LeChris

LeChris

Typescript XOXO
500 Posts 10 Happy Years
Joined
Sep 10, 2011
Messages
778
Reaction score
138
BronzeSpider547 said:
Why the hell do you still use Revision CMS? This is so damn outdated and bad. If you can't create your own CMS or PHP files to work with MySQL, then you can't make a retro. You don't make a retro if you just download files and open it up. That's not even a tutorial on how to make a retro, it's a tutorial on how to download files.
Click to expand...
RevolutionCMS *
Why use mysql? There is mysqli_, and pdo_, or a higher up language than PHP...
 
Upvote 0
You must log in or register to reply here.

About Us

RaGEZONE® is a website dedicated to the development of massively multiplayer online role-playing games (MMORPGs).

Online statistics

Members online
185
Guests online
11,972
Total visitors
12,157
Totals may include hidden visitors.

Forum statistics

Threads
429,198
Messages
4,590,913
Members
281,307
Latest member
ismodev
Most visitors online was 12720 , on 2 May 2024

RaGEZONE Sponsor

    HyperFilter
Back
Top