Illumina CMS [PHP, OOP, MySQLi, Uber 3]

Page 4 of 8 FirstFirst 12345678 LastLast
Results 46 to 60 of 106
  1. #46
    I'm-a ruin you, cunt! Delici0us is offline
    MemberRank
    Apr 2008 Join Date
    IsraelLocation
    731Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by PRIZM View Post
    Yes, and why aren't you showing it to us?
    Because that is the problem with this community! You all expect to be spoon-fed. If you checked the source yourself I am sure you will find it in a breeze.

  2. #47
    Apprentice eckostylez is offline
    MemberRank
    Jun 2013 Join Date
    8Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by PRIZM View Post
    Yes, and why aren't you showing it to us?
    I didn't realize it was my job to show you something so obvious to anyone who looked at the source. There's an XSS exploit on the user profiles. Take a look at Jonteh's profile on his hotel and you will see it (until it is removed).



    There are a few others, but I'm not going to spoon feed people who should know how to spot these themselves if they intend on using it.

  3. #48
    The one and only! Hejula is offline
    MemberRank
    Nov 2008 Join Date
    4,128Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    eckostylez is right, there is too much being given it is probably about time that hotel owners start learning these skills themselves.

  4. #49
    "(still lacks brains)" NoBrain is offline
    MemberRank
    Sep 2011 Join Date
    United KingdomLocation
    2,658Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by eckostylez View Post
    I didn't realize it was my job to show you something so obvious to anyone who looked at the source. There's an XSS exploit on the user profiles. Take a look at Jonteh's profile on his hotel and you will see it (until it is removed).



    There are a few others, but I'm not going to spoon feed people who should know how to spot these themselves if they intend on using it.
    And that's why I don't like Jonty. He puts exploits in everything lol.

  5. #50
    Apprentice eckostylez is offline
    MemberRank
    Jun 2013 Join Date
    8Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by ησвяαιη View Post
    And that's why I don't like Jonty. He puts exploits in everything lol.
    I don't know if it's intentional. From what I've seen he is an inefficient coder, and if I wanted to, I could have done a lot worse things to his hotel.

  6. #51
    Hakuna Matata Matata is offline
    MemberRank
    Sep 2012 Join Date
    DenmarkLocation
    807Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    I'm actually shocked about the amount of exploits.
    I knew that there were a XSS in the motto on userprofile and community and I also knew that the isAllowed function was unsecure.
    But I would've NEVER thought that anything as simple as NoRedirct would bypass every single login on the site.

    And I'm the happy owner of Illumina CMS on my hotel! Hopefully, there's no more exploits. Glad no one didn't abuse the NoRedirct one on my hotel.

  7. #52
    I'm-a ruin you, cunt! Delici0us is offline
    MemberRank
    Apr 2008 Join Date
    IsraelLocation
    731Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Matata View Post
    I'm actually shocked about the amount of exploits.
    I knew that there were a XSS in the motto on userprofile and community and I also knew that the isAllowed function was unsecure.
    But I would've NEVER thought that anything as simple as NoRedirct would bypass every single login on the site.

    And I'm the happy owner of Illumina CMS on my hotel! Hopefully, there's no more exploits. Glad no one didn't abuse the NoRedirct one on my hotel.
    Can you not actually see all of the hints being given in this thread alone? Get rid of this CMS from your hotel if you want to actually run something that is safe and not full of exploits.

    Quote Originally Posted by ησвяαιη View Post
    And that's why I don't like Jonty. He puts exploits in everything lol.
    Doubt it’s intentional on his behalf. He’s not retarded enough to leave pre-built backdoors in his own personal copy.

  8. #53
    The one and only! Hejula is offline
    MemberRank
    Nov 2008 Join Date
    4,128Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Delici0us View Post
    Doubt it’s intentional on his behalf. He’s not retarded enough to leave backdoors in his own personal copy.
    Well... Knowing Jonty I wouldn't be surprised!! Hahahaha

  9. #54
    I'm-a ruin you, cunt! Delici0us is offline
    MemberRank
    Apr 2008 Join Date
    IsraelLocation
    731Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Hejula View Post
    Well... Knowing Jonty I wouldn't be surprised!! Hahahaha
    Shockingly I would have to agree.

  10. #55
    Hakuna Matata Matata is offline
    MemberRank
    Sep 2012 Join Date
    DenmarkLocation
    807Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Delici0us View Post
    Can you not actually see all of the hints being given in this thread alone? Get rid of this CMS from your hotel if you want to actually run something that is safe and not full of exploits.
    If had the CMS way before this thread was made and I found the exploits myself and fixed them (except the NoRedirect). As a new member of RageZone and new into the retro developing scene, I didn't know which CMS I should choose. But after I fixed it up, I'm happy with it and I have no plans on changing at the moment.

  11. #56
    Apprentice eckostylez is offline
    MemberRank
    Jun 2013 Join Date
    8Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Matata View Post
    If had the CMS way before this thread was made and I found the exploits myself and fixed them (except the NoRedirect). As a new member of RageZone and new into the retro developing scene, I didn't know which CMS I should choose. But after I fixed it up, I'm happy with it and I have no plans on changing at the moment.
    Mind sharing a link to it live to test and see if you patched all the exploits?

  12. #57
    Lurking around Clawed is offline
    MemberRank
    Jun 2012 Join Date
    RaGEZONELocation
    785Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Just fixed a load of exploits, let me know if i missed any and i will fix it for you.

    https://github.com/Clawed/Illumina/c...40d0d030177390

  13. #58
    Apprentice eckostylez is offline
    MemberRank
    Jun 2013 Join Date
    8Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by Clawed View Post
    Just fixed a load of exploits, let me know if i missed any and i will fix it for you.

    https://github.com/Clawed/Illumina/c...40d0d030177390
    You missed the XSS vulnerability that is on the user profiles page

  14. #59
    Hakuna Matata Matata is offline
    MemberRank
    Sep 2012 Join Date
    DenmarkLocation
    807Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by eckostylez View Post
    Mind sharing a link to it live to test and see if you patched all the exploits?
    Habsin: Velkommen til Habsin Hotel!

  15. #60
    Lurking around Clawed is offline
    MemberRank
    Jun 2012 Join Date
    RaGEZONELocation
    785Posts

    Re: Illumina CMS [PHP, OOP, MySQLi, Uber 3]

    Quote Originally Posted by eckostylez View Post
    You missed the XSS vulnerability that is on the user profiles page
    Where, i don't see it.



Page 4 of 8 FirstFirst 12345678 LastLast

Advertisement