IlluminaCMS Edit (Used on xenhotel.co)

[Xen0nR]

Hello Ragezone,


As you know I recently owned Xen Hotel. The CMS was asked to be released by a few people over the weeks we had been open, since I closed Xen and moved to Paradise I thought I should release the CMS!


We checked the CMS over and didn't find any exploits, if you do find any then please point them out in the thread.


You can use any database such as Phoenix and Butterfly with this CMS, just make sure you run these queries; IlluminaCMS Edit Queries - Pastebin.com

Download:

https://mega.co.nz/#!IspyDLZA!HPo1QA...z4YsgPdJWs_bdM


Screenies:


Index;
http://gyazo.com/939faae540569b50357dd4e8d5ba51e5


Me1;
http://gyazo.com/42b152e9b086e21211bf84963cf303b1


Me2;
http://gyazo.com/d921f8c2095fef124a7112c8bf1ed4fb


Rules;
http://gyazo.com/2ea67ad3263f1450ba023da1c876a2e2


ROTW Submit;
http://gyazo.com/c79da298e0c6d3966b43ede6901d857e


Staff;
http://gyazo.com/3c36e7f1cd06c05707e0b33b6ffdc02a


Online;
http://gyazo.com/f05928a49f45263631e1a68f7964f6df


Badge Shop;
http://gyazo.com/b5436664624231e405c0fdd76bde9177


Maintenance;
http://gyazo.com/97988aee3fe9cdd08addd92c22da1e99

[MentaL]

[Exonize]

Ohh, I can smell them exploits.

[Kudzo]

I soo wanna use it but I was told it has exploits ._.

[theStew]

This cms has no exploits for me LOL. I fixed a few, there was like err 2. Esaily fixed :)

If you go to localhost and it takes you to another hotel do this open up
C:\xampp\htdocs\thehabbos_api\config and open config.php
'http://localhost/index.php?novote'; //Where do we send the user after vote.
$CONFIG['API_Redirect2'] = 'http://localhost/me'; //Where do we send the user after voting on me page. // Not in use.
$CONFIG['API_Redirect3'] = 'http://www.xenhotel.co/client?novote'; //Where do we send the user after voting on client.
$CONFIG['API_Redirect4'] = 'http://www.xenhotel.co/maintenance.php?novote
change these links to localhost:)!

[vLukeH]

This cms has no exploits for me LOL. I fixed a few, there was like err 2. Esaily fixed :)

If you go to localhost and it takes you to another hotel do this open up
C:\xampp\htdocs\thehabbos_api\config and open config.php
'http://localhost/index.php?novote'; //Where do we send the user after vote.
$CONFIG['API_Redirect2'] = 'http://localhost/me'; //Where do we send the user after voting on me page. // Not in use.
$CONFIG['API_Redirect3'] = 'http://www.xenhotel.co/client?novote'; //Where do we send the user after voting on client.
$CONFIG['API_Redirect4'] = 'http://www.xenhotel.co/maintenance.php?novote
change these links to localhost:)!

They're not exploits btw.

[Kudzo]

They're not exploits btw.

That's what I'm saying, he just copied and pasted all the links that need to be re-directed.

This gave me a whole white page, how do I fix this?

[TriDev]

Nice release. I wouldn't trust this at all but it looks great.

[Bow]

Exploits.
Exploits.
Exploits.
Exploits.
Exploits.
Exploits.

JHEEZE aka Chris hacked into the HK when I had this edit and was running XenHotel.co. haha

[Droppy]

the design looks cool, but... Need to check about exploits how everyone say, I will post if there are too many like people said...

[Eronisch]

Basic design and features, nothing really special. But thanks for sharing!

[Delici0us]

Seriously!? It’s as if nobody ever fucking learns from the material provided to them. This CMS is filled to the brim with shoddy coding, exploits and multiple XSS vulnerabilities and every time it gets re-released nobody seems to fix anything apart from adding more useless junk into the “CMS”.

Before re-releasing something so shit and infected how about you take a step back and think… “You know what I’ll actually learn something from this and not just re-release it so people like my post”.

But alas nobody will because nobody seems to actually care about the stuff they are using anymore. People claiming to be server administrators when they can’t even fix basic exploits, people claiming to be highly skilled developers when they can’t even use the exit statement correctly.

[The General]

Instead of complaining "Dont use this shit it has exploits"
Why not take a little time (10 minutes max) and remove them?

Please point out some exploits instead of saying exploits everywhere.

[PythoneX12]

The fact of the matter is, If it has exploits, Then so be it. If u wont use it due to the exploits, Then don't post. I personally like the effort to contribute to the community, Considering 99.9% of those on rz don't do anything yet still flame, But who's complaining. This is decent but not exactly what I would use.
I also do agree, I do not like the multiple addons. I prefer a simple cms with profiles, me page, staff page, account settings, and maybe group homes. But I just dont see a point in a cms to look 'crowded' etc. Lol

Thank you for sharing though bud ;P

[Bow]

Instead of complaining "Dont use this shit it has exploits"
Why not take a little time (10 minutes max) and remove them?

Please point out some exploits instead of saying exploits everywhere.

Considering I owned "xenHotel 2.0," I'm pretty sure the reason why Xenon took over it is because I no longer wanted to deal with JHEEZE aka Chris from Para/Habjam making himself administrator and mass spamming credits and pixels along with 4 other people who joined him. No, the exploit wasn't the exit statement one either. This was in fact the CMS we used, Xenon just edited it.

The fact of the matter is, If it has exploits, Then so be it. If u wont use it due to the exploits, Then don't post. I personally like the effort to contribute to the community, Considering 99.9% of those on rz don't do anything yet still flame, But who's complaining. This is decent but not exactly what I would use.
I also do agree, I do not like the multiple addons. I prefer a simple cms with profiles, me page, staff page, account settings, and maybe group homes. But I just dont see a point in a cms to look 'crowded' etc. Lol

Thank you for sharing though bud ;P

To both of you:

What do you mean "don't post?" Why not let the community be aware of the shit that is in here in which can allow someone to basically compromise your hotel in a blink of an eye. I'm sorry, but I'd like to know what the CMS is about and peoples reviews before downloading it. You say "take 10 minutes to remove them," why the hell would someone release exploited shit to the community to use to begin with? Okay, an exploit or two won't hurt, but come on.... 6+ is ridiculous and makes no sense. Yeah, let some beginners download a CMS full of exploits and have their hotel dropped within days of it being open; the awesome person you are!

[The General]

What do you mean "don't post?" Why not let the community be aware of the shit that is in here in which can allow someone to basically compromise your hotel in a blink of an eye. I'm sorry, but I'd like to know what the CMS is about and peoples reviews before downloading it. You say "take 10 minutes to remove them," why the hell would someone release exploited shit to the community to use to begin with? Okay, an exploit or two won't hurt, but come on.... 6+ is ridiculous and makes no sense. Yeah, let some beginners download a CMS full of exploits and have their hotel dropped within days of it being open; the awesome person you are!

First off I never said dont post. Only said fix up the exploits or point em out. Second some people are retarded and think they can get more users by adding exploits into the CMS and hoping they can hack some other hotels. If you're aware of exploits in your CMS then just remove them.

If Xen0n really checked over the CMS and he finds no exploits then I dont get who's lying. People that complain exploits or Xen0n who says there are no exploits in it. Though he could be this dumb and dont even know what exploits are :$

EDIT: I dont know much about RFI Injection. Could someone check if admin/index.php is safe? $_GET['_page']