Exploit?

[danbenson93]

Hey guys, I changed my index and register yesterday morning and last night someone manages to get onto my account and change my name and my other managers name to 'Hacked'. I'm assuming as it hasn't happened before that there must be an exploit in my index/register?

I'm running Rev CMS and Phoenix 3.11.0 by neto373.

Can anyone please check through my index and register php code and tell me if there are any exploits that I need to patch up as I haven't got the slightest idea what I am looking for.

Index:

PHP Code:

<!DOCTYPE html><html lang="en"><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><title>{hotelName} - Login</title> <link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/global.css" type="text/css"><link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/index/base.css" type="text/css"></head><body><div class="BoxContainer"><div class="BoxHeader"><body background="{url}/app/tpl/skins/{skin}/index/bg.png"><img src="{url}/app/tpl/skins/habbo/images/logo.png" draggable="false" alt="MetroLogoM8" class="HotelLogo"></div><hr><div class="BackgroundContainer"><div class="LoginBox"><?php if(isset($template->form->error)) { echo '<div class="Message">'.$template->form->error.'</div>'; } error_reporting(0); ?><center><strong>Welcome to {hotelName}!</strong><p>Please login or register by pressing the button below!</p></center><form method="post"><b>Username</b> <input type="text" name="log_username" placeholder="Username..." id="us"><br><br><br><b>Password</b> <input type="password" name="log_password" placeholder="Password..." id="pw"><br><br><br><br><input type="submit" value="Login" name="login" style="margin-right:3px;"><input type="button" value="Register" onclick="location.href='{url}/register'"></form></div></div><hr><div id="footer" >            <?php include('includes/footer.php'); ?>            <?php include('includes/checktheban.php'); ?>        </div>  </body></html>

Register:

PHP Code:

<!DOCTYPE html><html lang="en"><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><title>{hotelName} - Login</title> <link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/styles/global.css" type="text/css"><link rel="stylesheet" href="{url}/app/tpl/skins/{skin}/index/base.css" type="text/css"></head><body><div class="BoxContainer"><div class="BoxHeader"><body background="{url}/app/tpl/skins/{skin}/index/bg.png"><img src="{url}/app/tpl/skins/habbo/images/logo.png" draggable="false" alt="MetroLogoM8" class="HotelLogo"></div><hr><div class="BackgroundContainer"><div class="LoginBox"><?php if(isset($template->form->error)) { echo '<div class="Message">'.$template->form->error.'</div>'; } error_reporting(0); ?><center><strong>Register on {hotelName}!</strong></center>                                <form method="post" id="phase-0-form">                                     <div id="error-messages-container"><?php if(isset($template->form->error)) { echo '<div class="error-messages-holder"><ul><li><p class="error-message">'.$template->form->error.'</p></li></ul></div>'; } ?></div>                                     <div id="name-field-container">                                         <div class="field field-habbo-name">                                             <label for="habbo-name"><b>Username</b></label>                                             <input type="text" id="habbo-name" size="35" value="<?php echo $template->form->reg_username; ?>" name="reg_username" class="text-field" maxlength="32">  
                                        </div>                                     </div>                                     <div class="field field-password">                                         <label for="password"><b>Password</b></label>                                         <input type="password" id="password" size="35" name="reg_password" value="" class="password-field" maxlength="32">                                     </div>                                    <div class="field field-password2">                                         <label for="password2"><b>Confirm Password</b></label>                                         <input type="password" id="password2" size="35" name="reg_rep_password" value="" class="password-field" maxlength="32">                                     </div>                                     <div class="field field-email">                                         <label for="email"><b>Email Address</b></label>                                         <input type="text" id="email" size="35" name="reg_email" value="<?php echo $template->form->reg_email; ?>" class="text-field" maxlength="48">                                     </div>                                    <br><br><br>                                    <input type="submit" value="Register" name="register">                                    <input type="button" value="Cancel" onclick="location.href='{url}/'" style="float:right;margin-right:12px;">                                </form> </div></div><hr><div id="footer" >            <?php include('includes/footer.php'); ?>            <?php include('includes/checktheban.php'); ?>        </div>  </body></div></html>

Thanks in advance for any help you can offer me :)

[MentaL]

[Nicolajhansen97]

Got the same problem yesterday, yesterday was a new hack tool released, there allow you too change username, i dunno how to fix it.

But i think its like the same like some time ago with passwords.



EDIT: With other words, i dont think its your index/register page.

[Gangnam]

Why is error reporting disabled?

Are you using a web-based MySQL client?

[MovieGuy]

Could you check if they used :Flagme in the cmdlogs? So we know if they got on your account first, or they changed the name first with an exploit

[Terrum]

To add to all the above, there's a nice search function that'll help you out with PHX and Rev's current exploits and how to fix them.

[ThisBoss]

I had this too last night.
Was a pain the bum, in the end I placed it on maintenance, closed the emu and reviewed the logs to no joy. My brother couldn't login, and my username was changed to "hacked" repeatedly before a news article appeared demanding $4 USD for it to stop. (abit low lol). In the end I ran a backup I took a few hours before this occured and changed the HK access so it's rank 14 only (owners only).

It seemed to do the trick for now as it's not been a problem since.

- - - Updated - - -

Edit: nevermind. It's still happening.

[FatalLulz]

What Rev theme do you use? Also what house keeping do you use?

Neto fixed Phoenix's backdoors and there were never any exploits in it. Only the possibility of having a bit of fun. So it will be your RevCMS.

[Taiga]

This is exactly why you don't need to blindlessly copy files and (re)place them into your server files. Just take regular back-ups of your database to reduce the loss of your data to a minimal. I will make a tutorial for it one of these days.

[danbenson93]

I used lewislol's RevCMS release build 3.2, I have totally removed the housekeeping for the time being in case it was that. Any help is muchly appreciated :)

[FatalLulz]

His bug reporting page was exploitable, delete it. The house keeping was GrapeFruit's, also exploitable, delete it as well.

He did post a fix for the bug reporting page in the Mercury EMU thread. As for a House Keeping, use The Generals one. Although it needs translation, it's safe. Both can be found with a little search

[UartigZone]

Got the same problem yesterday, yesterday was a new hack tool released, there allow you too change username, i dunno how to fix it.

But i think its like the same like some time ago with passwords.

EDIT: With other words, i dont think its your index/register page.

Same on my hotel. Everybody has the name "Anonymouse1"... Don't know what to do

[Terrum]

Same on my hotel. Everybody has the name "Anonymouse1"... Don't know what to do

Do what everyone else has been suggesting in this thread? (Finding exploitable scripts and removing them, such as HKs etc)

[UartigZone]

Do what everyone else has been suggesting in this thread? (Finding exploitable scripts and removing them, such as HKs etc)

I NEVER have a HK so don't know how it was possible.

[FatalLulz]

I NEVER have a HK so don't know how it was possible.

So try finding the exploit yourself. Rev theme's have exploits as well, so what theme do you use? And what index/register if it's from a seperate download..

[danbenson93]

Done what you said Fatal and all seems good so far, thanks very much :)