Illumina CMS [PHP, OOP, MySQLi, Uber 3]

I'm actually shocked about the amount of exploits.
I knew that there were a XSS in the motto on userprofile and community and I also knew that the isAllowed function was unsecure.
But I would've NEVER thought that anything as simple as NoRedirct would bypass every single login on the site.

And I'm the happy owner of Illumina CMS on my hotel! Hopefully, there's no more exploits. Glad no one didn't abuse the NoRedirct one on my hotel.

Quote:

---

Originally Posted by Matata

I'm actually shocked about the amount of exploits.
I knew that there were a XSS in the motto on userprofile and community and I also knew that the isAllowed function was unsecure.
But I would've NEVER thought that anything as simple as NoRedirct would bypass every single login on the site.

And I'm the happy owner of Illumina CMS on my hotel! Hopefully, there's no more exploits. Glad no one didn't abuse the NoRedirct one on my hotel.

---

Can you not actually see all of the hints being given in this thread alone? Get rid of this CMS from your hotel if you want to actually run something that is safe and not full of exploits.

Quote:

---

Originally Posted by ησвяαιη

And that's why I don't like Jonty. He puts exploits in everything lol.

---

Doubt it’s intentional on his behalf. He’s not retarded enough to leave pre-built backdoors in his own personal copy.

Quote:

---

Originally Posted by Delici0us

Doubt it’s intentional on his behalf. He’s not retarded enough to leave backdoors in his own personal copy.

---

Well... Knowing Jonty I wouldn't be surprised!! Hahahaha

Quote:

---

Originally Posted by Hejula

Well... Knowing Jonty I wouldn't be surprised!! Hahahaha

---

Shockingly I would have to agree. :lol:

Quote:

---

Originally Posted by Delici0us

Can you not actually see all of the hints being given in this thread alone? Get rid of this CMS from your hotel if you want to actually run something that is safe and not full of exploits.

---

If had the CMS way before this thread was made and I found the exploits myself and fixed them (except the NoRedirect). As a new member of RageZone and new into the retro developing scene, I didn't know which CMS I should choose. But after I fixed it up, I'm happy with it and I have no plans on changing at the moment.

Quote:

---

Originally Posted by Matata

If had the CMS way before this thread was made and I found the exploits myself and fixed them (except the NoRedirect). As a new member of RageZone and new into the retro developing scene, I didn't know which CMS I should choose. But after I fixed it up, I'm happy with it and I have no plans on changing at the moment.

---

Mind sharing a link to it live to test and see if you patched all the exploits?

Just fixed a load of exploits, let me know if i missed any and i will fix it for you.

https://github.com/Clawed/Illumina/c...40d0d030177390

Quote:

---

Originally Posted by Clawed

Just fixed a load of exploits, let me know if i missed any and i will fix it for you.

https://github.com/Clawed/Illumina/c...40d0d030177390

---

You missed the XSS vulnerability that is on the user profiles page

Quote:

---

Originally Posted by eckostylez

Mind sharing a link to it live to test and see if you patched all the exploits?

---

Habsin: Velkommen til Habsin Hotel!

Quote:

---

Originally Posted by eckostylez

You missed the XSS vulnerability that is on the user profiles page

---

Where, i don't see it.

Good job, I'd give you 9/10, the Staff page would be better if you put all staff together as other CMSs do. As for the HK, it's completely nice. Thank you for your effort, I like ;)

where can i download the datebase for this cms

Quote:

---

Originally Posted by Darinen

where can i download the datebase for this cms

---

It works with both Phoenix and BCStorm if I remember correctly. So just take a database from one of them emulators.

Quote:

---

Originally Posted by Darinen

where can i download the datebase for this cms

---

Quote:

---

Originally Posted by Delici0us

It works with both Phoenix and BCStorm if I remember correctly. So just take a database from one of them emulators.

---

Correct use any of them and just import the SQL queries in op.

Thanks, but i think that Uber is better. Even thanks for this, maybe im gonna make some more features x)

i got this fail can someone tell me how to fix it

Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Paris' for '2.0/DST' instead in C:\xampp\htdocs\userprofile.php on line 93

Quote:

---

Originally Posted by Darinen

i got this fail can someone tell me how to fix it

Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Paris' for '2.0/DST' instead in C:\xampp\htdocs\userprofile.php on line 93

---

Try adding this code in the file required.php

Add

Code:

---

date_default_timezone_set("Europe/Paris");

---

Above

Code:

---

require_once "engine/lightcms.php";

---

Backup download for this - Illumina-master.zip - The File Bay

Is this secure we know what jonty's exploits are like

Quote:

---

Originally Posted by mmaxwell

Is this secure we know what jonty's exploits are like

---

No, it's not.

I wonder if any of you have stopped and thought maybe Jonty didn't realize at the time they where exploits? I'm not having a dig, I know Jonty has been in the scene for years and should know what he's doing.. But there is always the possibility. Otherwise alright CMS, needs work to fix it though.

Thanks for this xoxo!

Quote:

---

Originally Posted by FatalLulz

I wonder if any of you have stopped and thought maybe Jonty didn't realize at the time they where exploits? I'm not having a dig, I know Jonty has been in the scene for years and should know what he's doing.. But there is always the possibility. Otherwise alright CMS, needs work to fix it though.

---

To be honest it’s obvious that the exploits were un-intentional, however for someone with an enormous ego it’s quite hilarious to watch the disaster he caused for himself with sloppy coding.

Quote:

---

Originally Posted by FatalLulz

I wonder if any of you have stopped and thought maybe Jonty didn't realize at the time they where exploits? I'm not having a dig, I know Jonty has been in the scene for years and should know what he's doing.. But there is always the possibility. Otherwise alright CMS, needs work to fix it though.

---

I believe he didn't know they were there but he has put exploits into every past CMS release. There are probably Jonty Exploits in this yet to be discovered.

I've been having fun with this CMS the past few days (;

Showing the values page on cms and in housekeeping.
Adding/Editing/Deleting rares via housekeeping.
hover over for popup of rare values.
Also added the ability to load categories, along with color, from the database
http://oi39.tinypic.com/ddyvir.jpg

http://oi41.tinypic.com/2zi58qr.jpg
http://oi41.tinypic.com/30tqhpl.jpg

http://oi39.tinypic.com/wrkxdv.jpg

Badge Shop, nothing special.
Housekeeping wasn't there so I made one :p
http://i43.tinypic.com/312e8lt.png

then a top stats
http://i39.tinypic.com/35bh5rk.png