Illumina CMS [PHP, OOP, MySQLi, Uber 3]

Page 1 of 8 12345678 LastLast
Results 1 to 15 of 106
  1. #1
    Lurking around Clawed is offline
    True MemberRank
    Jun 2012 Join Date
    RaGEZONELocation
    792Posts

    Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Illumina CMS [PHP, OOP, MySQLi, Uber 3]
    Since Jonteh removed his main post in his thread, i thought i'd re-upload for you guys, seen as its a decent CMS.

    Features:
    Login
    Quick Register
    News System
    User Profile
    Account
    Password
    Badge Shop
    Staff
    PayPal IPN
    VIP

    Screenshots
    Spoiler:









    SQL Queries
    Code:
    DROP TABLE IF EXISTS `hk_fuses`;
    CREATE TABLE `hk_fuses` (
      `fuse` varchar(50) NOT NULL,
      `minrank` int(11) NOT NULL DEFAULT '1'
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
    
    
    INSERT INTO `hk_fuses` VALUES ('login', '9');
    INSERT INTO `hk_fuses` VALUES ('site_manage', '11');
    INSERT INTO `hk_fuses` VALUES ('pornban', '11');
    INSERT INTO `hk_fuses` VALUES ('adv_edit', '11');
    
    
    DROP TABLE IF EXISTS `profile_wall`;
    CREATE TABLE `profile_wall` (
      `id` int(11) NOT NULL AUTO_INCREMENT,
      `page_id` int(11) NOT NULL,
      `poster_id` int(11) NOT NULL,
      `message` text NOT NULL,
      `likes` int(11) NOT NULL DEFAULT '0',
      `owner_read` enum('0','1') NOT NULL DEFAULT '0',
      PRIMARY KEY (`id`)
    ) ENGINE=MyISAM AUTO_INCREMENT=1343 DEFAULT CHARSET=latin1;
    
    
    DROP TABLE IF EXISTS `site_hotcampaigns`;
    CREATE TABLE `site_hotcampaigns` (
      `id` int(11) NOT NULL AUTO_INCREMENT,
      `order_id` int(11) NOT NULL DEFAULT '1',
      `enabled` enum('0','1') NOT NULL DEFAULT '1',
      `image_url` text NOT NULL,
      `caption` text NOT NULL,
      `descr` text NOT NULL,
      `url` text NOT NULL,
      PRIMARY KEY (`id`)
    ) ENGINE=MyISAM AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;
    
    
    DROP TABLE IF EXISTS `site_news`;
    CREATE TABLE `site_news` (
      `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
      `seo_link` varchar(120) NOT NULL DEFAULT 'news-article',
      `title` text NOT NULL,
      `category_id` int(10) unsigned NOT NULL DEFAULT '1',
      `topstory_image` text NOT NULL,
      `body` text NOT NULL,
      `snippet` text NOT NULL,
      `datestr` varchar(50) NOT NULL,
      `timestamp` int(11) NOT NULL,
      PRIMARY KEY (`id`),
      KEY `datestr` (`datestr`) USING BTREE
    ) ENGINE=MyISAM AUTO_INCREMENT=512 DEFAULT CHARSET=latin1;
    
    
    DROP TABLE IF EXISTS `badge_shop`;
    CREATE TABLE `badge_shop` (
      `badge_id` varchar(12) NOT NULL,
      `cost` int(100) NOT NULL,
      KEY `badge_id` (`badge_id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
    
    ALTER TABLE `users` ADD `position` VARCHAR(30) NOT NULL;
    ALTER TABLE `users` ADD `acc_pornbanned` ENUM('0','1') NOT NULL DEFAULT '0';
    Download
    https://github.com/Clawed/Illumina/archive/master.zip

    Credits:
    Johteh


  2. #2
    Zephyr Studios PRIZM is offline
    Alpha MaleRank
    Feb 2012 Join Date
    DenmarkLocation
    2,302Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Clawed, thanks for re-releasing, this CMS might become handy for many peoples! :)

  3. #3
    4IT.BZ - Cheap VPS NOC is offline
    Gold SubscriberRank
    Sep 2011 Join Date
    826Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Clawed View Post
    Since Jonteh removed his main post in his thread, i thought i'd re-upload for you guys, seen as its a decent CMS.

    Features:
    Login
    Quick Register
    News System
    User Profile
    Account
    Password
    Badge Shop
    Staff
    PayPal IPN
    VIP

    Screenshots
    Spoiler:









    SQL Queries
    Code:
    DROP TABLE IF EXISTS `hk_fuses`;
    CREATE TABLE `hk_fuses` (
      `fuse` varchar(50) NOT NULL,
      `minrank` int(11) NOT NULL DEFAULT '1'
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
    
    
    INSERT INTO `hk_fuses` VALUES ('login', '9');
    INSERT INTO `hk_fuses` VALUES ('site_manage', '11');
    INSERT INTO `hk_fuses` VALUES ('pornban', '11');
    INSERT INTO `hk_fuses` VALUES ('adv_edit', '11');
    
    
    DROP TABLE IF EXISTS `profile_wall`;
    CREATE TABLE `profile_wall` (
      `id` int(11) NOT NULL AUTO_INCREMENT,
      `page_id` int(11) NOT NULL,
      `poster_id` int(11) NOT NULL,
      `message` text NOT NULL,
      `likes` int(11) NOT NULL DEFAULT '0',
      `owner_read` enum('0','1') NOT NULL DEFAULT '0',
      PRIMARY KEY (`id`)
    ) ENGINE=MyISAM AUTO_INCREMENT=1343 DEFAULT CHARSET=latin1;
    
    
    DROP TABLE IF EXISTS `site_hotcampaigns`;
    CREATE TABLE `site_hotcampaigns` (
      `id` int(11) NOT NULL AUTO_INCREMENT,
      `order_id` int(11) NOT NULL DEFAULT '1',
      `enabled` enum('0','1') NOT NULL DEFAULT '1',
      `image_url` text NOT NULL,
      `caption` text NOT NULL,
      `descr` text NOT NULL,
      `url` text NOT NULL,
      PRIMARY KEY (`id`)
    ) ENGINE=MyISAM AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;
    
    
    DROP TABLE IF EXISTS `site_news`;
    CREATE TABLE `site_news` (
      `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
      `seo_link` varchar(120) NOT NULL DEFAULT 'news-article',
      `title` text NOT NULL,
      `category_id` int(10) unsigned NOT NULL DEFAULT '1',
      `topstory_image` text NOT NULL,
      `body` text NOT NULL,
      `snippet` text NOT NULL,
      `datestr` varchar(50) NOT NULL,
      `timestamp` int(11) NOT NULL,
      PRIMARY KEY (`id`),
      KEY `datestr` (`datestr`) USING BTREE
    ) ENGINE=MyISAM AUTO_INCREMENT=512 DEFAULT CHARSET=latin1;
    
    
    DROP TABLE IF EXISTS `badge_shop`;
    CREATE TABLE `badge_shop` (
      `badge_id` varchar(12) NOT NULL,
      `cost` int(100) NOT NULL,
      KEY `badge_id` (`badge_id`)
    ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
    
    ALTER TABLE `users` ADD `position` VARCHAR(30) NOT NULL;
    ALTER TABLE `users` ADD `acc_pornbanned` ENUM('0','1') NOT NULL DEFAULT '0';
    Download
    https://github.com/Clawed/Illumina/archive/master.zip

    Credits:
    Johteh

    before re-releasing did you patch the exploits ?

  4. #4
    The one and only! Hejula is offline
    GammaRank
    Nov 2008 Join Date
    4,148Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    You have to be fucking kidding me man, this is not decent at all. I'll post this now so you all know what we were doing to fuck your hotels over.

    In IlluminaCMS Jonty was stupid enough to do things like this:

    admin/index.php
    PHP Code:
    if(!isLogged()) {
        
    header ("Location: login.php");

    client.php
    PHP Code:
    else if($light->pin_enabled == true && !isset($_SESSION["Pincode_Passed"]) && $users->userVar(USERNAME'rank') >= 6) {
        
    header ("Location: " WWW "/client_denied");

    The top one is for the housekeeping and the bottom one is for bypassing the staff pin.

    What does this mean, you ask? After the 302 redirect is sent to the browser there is no exit; which
    means that should you for whatever reason disable 302 redirects in your browser the page in question whether it be client.php or admin/index.php will continue loading which obviously bypasses any protections such as housekeeping login and client staff pin.

    --

    Obviously this was a mistake on Jonty's part and when you look through the CMS you can see that he has not terminated the script at any location where there is a 302 redirect (that I have seen) and you can bypass things such as maintenance and bans.

    Thanks from Hejula and Delici0us (mastermind)...

    Fixed Version: In a minute...

    https://mega.co.nz/#!UkJgBSiR!AKCZSx...ifLuHuoULw0EcM
    https://copy.com/9igtpfiyGfZ3
    http://www.mediafire.com/?dnd7xke5bp83s2e
    http://www.multiupload.nl/WOMZ638SGU
    Last edited by Hejula; 30-05-13 at 04:00 PM. Reason: Download links for fixed version

  5. #5
    4IT.BZ - Cheap VPS NOC is offline
    Gold SubscriberRank
    Sep 2011 Join Date
    826Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Hejula View Post
    You have to be fucking kidding me man, this is not decent at all. I'll post this now so you all know what we were doing to fuck your hotels over.

    In IlluminaCMS Jonty was stupid enough to do things like this:

    admin/index.php
    PHP Code:
    if(!isLogged()) {
        
    header ("Location: login.php");

    client.php
    PHP Code:
    else if($light->pin_enabled == true && !isset($_SESSION["Pincode_Passed"]) && $users->userVar(USERNAME'rank') >= 6) {
        
    header ("Location: " WWW "/client_denied");

    The top one is for the housekeeping and the bottom one is for bypassing the staff pin.

    What does this mean, you ask? After the 302 redirect is sent to the browser there is no exit; which
    means that should you for whatever reason disable 302 redirects in your browser the page in question whether it be client.php or admin/index.php will continue loading which obviously bypasses any protections such as housekeeping login and client staff pin.

    --

    Obviously this was a mistake on Jonty's part and when you look through the CMS you can see that he has not terminated the script at any location where there is a 302 redirect (that I have seen) and you can bypass things such as maintenance and bans.


    Fixed Version: In a minute...

    And instead of helping the community you hack sites using it you sad fuck

  6. #6
    The one and only! Hejula is offline
    GammaRank
    Nov 2008 Join Date
    4,148Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    -removed-

    Multiupload.nl - upload your files to multiple file hosting sites!

    List of discovered vulnerable hotels:
    • zaphotel.net / zaphotel.ca - Fixed (hk moved/removed)
    • dub.cm - Fixed (hk moved/removed)
    • habboon.com - Fixed (hk moved/removed)
    • habbohotel.biz - Fixed (hk moved/removed)
    • habball.co.uk - Fixed (hk moved/removed)
    • legithotel.org - Not Fixed
    • trickhotel.net - Fixed (hk moved/removed)
    • bamhotel.in - Fixed (hk moved/removed)
    • habbx-hotel.com - Not Fixed
    • techhotel.co.uk - Fixed (hk moved/removed)
    • hydro-hotel.com - Fixed (hk moved/removed)
    • ********** - Fixed (hk moved/removed)
    • habjam.com - Fixed (properly)
    • zabbo.bz - Fixed (500 error)
    • live-hotel.net - Fixed (hk moved/removed)
    • bobba.pro - Fixed (hk moved/removed)
    • habboland.net -Fixed (properly)
    • legionhotel.com - Not Fixed


    They are all the ones I could find, the majority are fixed. If you own one of those hotels you should think about applying the patch unless you have already fixed it. If you have fixed it make sure to check the staff pin and maintenance things as explained in post #4.

    Btw, if I have put fixed (hk moved/removed) next to the link you will still need to check (hotel owner) that people cannot bypass the staff pin and maintenance/ban pages as explained in post #4.
    Last edited by Hejula; 30-05-13 at 04:36 PM.

  7. #7
    No, Just no. Matthew is offline
    True MemberRank
    Jul 2008 Join Date
    United KingdomLocation
    1,410Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    So basically, what you did was install a chrome addon to ignore the redirect/header and the PHP script would continue to log you in? I have never looked at the source code of this CMS, but I would assume the core (would?) check if you are logged in no? just one page. I kind of understand what you did, but don't at the same time ? Would ignoring header ("Location: login.php"); redirect make the housekeeping continue to load?

    Also, mind telling me (for my own purposes of bug/exploit checking on my own projects) what you used to stop redirects/headers from executing ?
    Helping those who deserve to be helped.

    Just because you can edit 2 lines of PHP code and change a variable does not mean you're a programmer. And just because you can follow a tutorial on how to set up IIS does not make you a server technician or manager.

  8. #8
    The one and only! Hejula is offline
    GammaRank
    Nov 2008 Join Date
    4,148Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Matthew View Post
    So basically, what you did was install a chrome addon to ignore the redirect/header and the PHP script would continue to log you in? I have never looked at the source code of this CMS, but I would assume the core (would?) check if you are logged in no? just one page. I kind of understand what you did, but don't at the same time ? Would ignoring header ("Location: login.php"); redirect make the housekeeping continue to load?

    Also, mind telling me (for my own purposes of bug/exploit checking on my own projects) what you used to stop redirects/headers from executing ?
    You'd have thought so, but for whatever reason it doesn't check that the housekeeping session is actually set before letting you in. You simply disable the 302 redirect and the page continues loading.

    This for example: Screenshot by Lightshot

    We used the addon "NoRedirect" for Firefox to disable redirections. The way we got into the owners accounts was simply by using the "Sign in as a user" function because rather stupidly there is no protection to check that someone is trying to login to an account with a higher rank than theirs.


    As you can see from "Welcome, HK_USERNAME" the system knows there is no housekeeping session set but there is nothing to stop the page from loading/script execution if that is the case.

  9. #9
    No, Just no. Matthew is offline
    True MemberRank
    Jul 2008 Join Date
    United KingdomLocation
    1,410Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    It's kind of sad the community is so trustworthy of people and will use their software without even checking. I see some of the biggest hotels in your list. You would've thought in that position, of having so many members that they would know how to code and make their own CMS instead of relying on ones like this and rev etc...

    Personally I would never use a CMS released in this section, they're all too poorly coded and too exploitable. Even though I don't use the CMS thanks for the release. At least it was you who found the exploit and not some one else, in the wrong hands you would've been seeing redirects left right and center, and a hotel owner would've got lots of members and very big, very quickly.

    Once again though, big hotels and big names using this software, their user bases, online counts and hotels could've been destroyed by 1 person very quickly. Learn to code and use your own shit. It's fun, free and you get to learn something. Stop using garbage.
    Helping those who deserve to be helped.

    Just because you can edit 2 lines of PHP code and change a variable does not mean you're a programmer. And just because you can follow a tutorial on how to set up IIS does not make you a server technician or manager.

  10. #10
    Account Inactive AluxH is offline
    InactiveRank
    Mar 2012 Join Date
    189Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Matthew View Post
    So basically, what you did was install a chrome addon to ignore the redirect/header and the PHP script would continue to log you in? I have never looked at the source code of this CMS, but I would assume the core (would?) check if you are logged in no? just one page. I kind of understand what you did, but don't at the same time ? Would ignoring header ("Location: login.php"); redirect make the housekeeping continue to load?
    It's something that happens surprisingly often when it's stupidly easy to fix. For example, if you disable redirects on this
    Code:
    $theCondition = false;
    if(!$theCondition) {
    header('Location: /');
    }
    echo 'hi!';
    it will echo hi. There are a few ways to deal with this that are really simple.
    Code:
    $theCondition = false;
    if(!$theCondition) {
    header('Location: /');
    exit();
    }
    echo 'hi!';
    Code:
    $theCondition = false;
    if(!$theCondition) {
    header('Location: /');
    die();
    }
    echo 'hi!';
    (same as above)
    Code:
    $theCondition = false;
    if(!$theCondition) {
    header('Location: /');
    } else {
    echo 'hi!';
    }
    Code:
    $theCondition = false;
    if($theCondition) {
    echo 'hi!';
    }

  11. #11
    Hakuna Matata Matata is offline
    True MemberRank
    Sep 2012 Join Date
    DenmarkLocation
    819Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Hejula View Post
    You'd have thought so, but for whatever reason it doesn't check that the housekeeping session is actually set before letting you in. You simply disable the 302 redirect and the page continues loading.

    This for example: Screenshot by Lightshot

    We used the addon "NoRedirect" for Firefox to disable redirections. The way we got into the owners accounts was simply by using the "Sign in as a user" function because rather stupidly there is no protection to check that someone is trying to login to an account with a higher rank than theirs.


    As you can see from "Welcome, HK_USERNAME" the system knows there is no housekeeping session set but there is nothing to stop the page from loading/script execution if that is the case.
    I have the normal release of IlluminaCMS from Jonteh and I tried this bypass, but it did not work on my hotel? But I'm still unsure if it's patched or not.

    Downloaded NoRedirect for Firefox.
    Navigated to http://myhotel.com/admin/index.php?_page=dashboard.
    Got redirected to login page.

    It might be possible that the plugin doesn't even work..

  12. #12
    Member Gin0 is offline
    MemberRank
    Apr 2013 Join Date
    37Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Matthew View Post
    At least it was you who found the exploit and not some one else, in the wrong hands you would've been seeing redirects left right and center, and a hotel owner would've got lots of members and very big, very quickly.
    Lol, are you dumb? Hejula hacked like 15 hotels with this exploit and redirected it to Dub, so clearly he's a cunt and NO it wasn't in the right hands. He didn't help the community, he simply fucked everyone over and then a week later posted the fix.

  13. #13
    Zephyr Studios PRIZM is offline
    Alpha MaleRank
    Feb 2012 Join Date
    DenmarkLocation
    2,302Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Hejula View Post
    -removed-

    Multiupload.nl - upload your files to multiple file hosting sites!

    List of discovered vulnerable hotels:
    • zaphotel.net / zaphotel.ca - Fixed (hk moved/removed)
    • dub.cm - Fixed (hk moved/removed)
    • habboon.com - Fixed (hk moved/removed)
    • habbohotel.biz - Fixed (hk moved/removed)
    • habball.co.uk - Fixed (hk moved/removed)
    • legithotel.org - Not Fixed
    • trickhotel.net - Fixed (hk moved/removed)
    • bamhotel.in - Fixed (hk moved/removed)
    • habbx-hotel.com - Not Fixed
    • techhotel.co.uk - Fixed (hk moved/removed)
    • hydro-hotel.com - Fixed (hk moved/removed)
    • ********** - Fixed (hk moved/removed)
    • habjam.com - Fixed (properly)
    • zabbo.bz - Fixed (500 error)
    • live-hotel.net - Fixed (hk moved/removed)
    • bobba.pro - Fixed (hk moved/removed)
    • habboland.net -Fixed (properly)
    • legionhotel.com - Not Fixed


    They are all the ones I could find, the majority are fixed. If you own one of those hotels you should think about applying the patch unless you have already fixed it. If you have fixed it make sure to check the staff pin and maintenance things as explained in post #4.

    Btw, if I have put fixed (hk moved/removed) next to the link you will still need to check (hotel owner) that people cannot bypass the staff pin and maintenance/ban pages as explained in post #4.
    Giant: Join the best hotel on the net Look at the top.. xD

  14. #14
    Ultimate Member KeineChance is offline
    MemberRank
    Aug 2012 Join Date
    174Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Hello,

    I need a Database for the cms.
    Can someone upload please???

  15. #15
    The one and only! Hejula is offline
    GammaRank
    Nov 2008 Join Date
    4,148Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Matata View Post
    I have the normal release of IlluminaCMS from Jonteh and I tried this bypass, but it did not work on my hotel? But I'm still unsure if it's patched or not.

    Downloaded NoRedirect for Firefox.
    Navigated to http://myhotel.com/admin/index.php?_page=dashboard.
    Got redirected to login page.

    It might be possible that the plugin doesn't even work..
    You have to configure the plugin to work with the specific website. It only blocks redirection on the websites in the configuration list. There will be documentation for the script somewhere.

    Quote Originally Posted by Gin0 View Post
    Lol, are you dumb? Hejula hacked like 15 hotels with this exploit and redirected it to Dub, so clearly he's a cunt and NO it wasn't in the right hands. He didn't help the community, he simply fucked everyone over and then a week later posted the fix.
    I was demonstration Jonty's incompetence :) It's amazing that people are still using his things, and the demonstration that I did merely proves that most hotel owners aren't fit for the job. There was probably only 2 hotels on that list that acted straight away (in terms of fixing the issue) and others simply restored backups and carried on. Something you should never do in the event of a security breach.

    It was also closer to 20 hotels and I would have carried on had it not been boring (just to prove a point of course).



Page 1 of 8 12345678 LastLast

Advertisement