[IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix

[Delici0us]

Hello People!

Earlier today Jonty posted a new release (strange, thought he had left). In his fix he claimed it improved on speed and so forth, however it was nothing more than a secret bug fix. In his previous versions he had left a critical security flaw that needed patching.

The flaw allowed users to pass information thought GET data that would execute in a MySQL query. Trying to avoid tarnishing his ego he released a new version so he could try and ‘help’ people without them knowing.

If you are running any version of Jontehs Uber edit you need to download this file. Failure to do so will leave your hotel open to being raped.

For your convenience here is the new AllSeeingEye (taken from the 2.0.2 update). Just replace this on your webserver and you’ll be safe.

allseeingeye.rar

P.S

Don’t even bother asking me to tell you where the exploit is, I am many things but a heartless asshole is not one of them. A handful of people know of the exploit so PLEASE UPDATE your CMS or get hacked. If you don't trust my link, feel free to download the 2.0.2 update and replace the allseeingeye from there.

[MentaL]

[Zyntix]

Wasn't this already releases by Jonteh?

[PRIZM]

Me no trust Jonty anymore :-/!
But thanks! When i'm home i will set it up.

[Delici0us]

Wasn't this already releases by Jonteh?

He released it as an entire new sub-revision when in-fact the only thing that was changed was the AllSeeingEye. He only discovered the exploit today because somebody warned him. Instead of owning up to the fact it was shit, he tried to make you all think the new changes were in-there when in-fact it was just a patch.

I know from experience, it’s easier on a hotel owner to change a non-important part of the site than to re-upload the entire site again.

Me no trust Jonty anymore :-/!
But thanks! When i'm home i will set it up.

I don’t think he ever knew it was there, himself. By the way, link me to your hotel :D

[PRIZM]

I don’t think he ever knew it was there, himself. By the way, link me to your hotel :D

I am not home, i'm in Copenhagen on my iPad. I am buying Dedi or VPS and domain tomorrow maybe :)

[Zyntix]

Thanks for this.
Maybe I am gonna use UberCMS.

[NoBrain]

I have a feeling I know who told him, a good friend of mine who asked for his msn because he had found a critical exploit U2.

Thanks for the patch, should of helped a lot of people!

[Caustik]

Thanks for the patch, good of you to release this.
Although I think Jonty left it in their purposely (he wants to be like his idol MIRanda).

[Delici0us]

I have a feeling I know who told him, a good friend of mine who asked for his msn because he had found a critical exploit U2.

Thanks for the patch, should of helped a lot of people!

A couple of people know of the exploit.

Thanks for the patch, good of you to release this.
Although I think Jonty left it in their purposely (he wants to be like his idol MIRanda).

I have to say, it’s quite funny that a couple of the ‘bigger’ hotels haven’t even patched there shit yet. It’s going to end so badly for them, when others find out how to do it.

[Andrew]

I've known him for 5 years, he puts backdoors in everything. Now he has turned on me and treats me like shit even though i funded Zap's servers for a few months when he couldnt.

Well done on releasing this - I host THC Hotel and found this in the apache access logs today when the customer came running to me complaining his site was deleted :(

Respect.

[AresCJ]

I've known him for 5 years, he puts backdoors in everything. Now he has turned on me and treats me like shit even though i funded Zap's servers for a few months when he couldnt.

Well done on releasing this - I host THC Hotel and found this in the apache access logs today when the customer came running to me complaining his site was deleted :(

Respect.

Hey Andrew,

I need to speak with you, and I agree he has turned on people who really cared about him and his hotel, but it's okay.

[Andrew]

Hey Andrew,

I need to speak with you, and I agree he has turned on people who really cared about him and his hotel, but it's okay.

Feel free to PM me here, on dotXen forums or hit me up on email andrew@dotxia.com

[salah-salah]

Very nice from you man, but can you upload the link again? Or make it public

[SubZ]

This is why im on novacms now :)

[Delici0us]

Very nice from you man, but can you upload the link again? Or make it public

I deleted the download link because you need to use this patch, http://forum.ragezone.com/f353/updat...er-2-x-862043/