Because that is the problem with this community! You all expect to be spoon-fed. If you checked the source yourself I am sure you will find it in a breeze.Originally Posted by PRIZM
Because that is the problem with this community! You all expect to be spoon-fed. If you checked the source yourself I am sure you will find it in a breeze.
I didn't realize it was my job to show you something so obvious to anyone who looked at the source. There's an XSS exploit on the user profiles. Take a look at Jonteh's profile on his hotel and you will see it (until it is removed).
There are a few others, but I'm not going to spoon feed people who should know how to spot these themselves if they intend on using it.
eckostylez is right, there is too much being given it is probably about time that hotel owners start learning these skills themselves.
And that's why I don't like Jonty. He puts exploits in everything lol.I didn't realize it was my job to show you something so obvious to anyone who looked at the source. There's an XSS exploit on the user profiles. Take a look at Jonteh's profile on his hotel and you will see it (until it is removed).
There are a few others, but I'm not going to spoon feed people who should know how to spot these themselves if they intend on using it.
I don't know if it's intentional. From what I've seen he is an inefficient coder, and if I wanted to, I could have done a lot worse things to his hotel.
I'm actually shocked about the amount of exploits.
I knew that there were a XSS in the motto on userprofile and community and I also knew that the isAllowed function was unsecure.
But I would've NEVER thought that anything as simple as NoRedirct would bypass every single login on the site.
And I'm the happy owner of Illumina CMS on my hotel! Hopefully, there's no more exploits. Glad no one didn't abuse the NoRedirct one on my hotel.
Can you not actually see all of the hints being given in this thread alone? Get rid of this CMS from your hotel if you want to actually run something that is safe and not full of exploits.
Doubt it’s intentional on his behalf. He’s not retarded enough to leave pre-built backdoors in his own personal copy.
Well... Knowing Jonty I wouldn't be surprised!! Hahahaha
Shockingly I would have to agree.
If had the CMS way before this thread was made and I found the exploits myself and fixed them (except the NoRedirect). As a new member of RageZone and new into the retro developing scene, I didn't know which CMS I should choose. But after I fixed it up, I'm happy with it and I have no plans on changing at the moment.
Mind sharing a link to it live to test and see if you patched all the exploits?
Just fixed a load of exploits, let me know if i missed any and i will fix it for you.
https://github.com/Clawed/Illumina/c...40d0d030177390
You missed the XSS vulnerability that is on the user profiles page
Habsin: Velkommen til Habsin Hotel!
Where, i don't see it.
