Phpretro edit by rabbo (fixed install!)

[jordynegen11]

Hello ragezone!,
Today i rerelease my cms

test hotel: Rabbo-hotel.nl

It is working for iis but then you're groups,homes and housekeeping don't working.
It works perfect with xampp 1.7.3 or lower
or a webhost

Download: http://rabbo.servebeer.com/rabbocms2.rar

Included:
- Everything That's working on a normal phpretro

Not included:

-Belcredits shop
-EventShop

tut:
How I install this??

1. Import the database
2. Go to http://Site here/install/install.php
3. Follow the steps
4. Move the config.php from the install foler to the inlucudes folder
5. Delete the install map
6. Done, You're cms i ready for use!

credits:
- Jordynegen11
- hablux

[MentaL]

[iPlay]

./cache/ map is beschrijfbaar?
mislukt
U kunt CHMOD de directory./cache/ 777 of schakel alle cache features uit via housekeeping at the end of the instalation.
./install/ map is beschrijfbaar?
mislukt
Je config.php worden gecre�erd in deze map waarin u naar./includes/ na de instalatie. Graag CHMOD 777 ./install/ (geen beveiligings problemen zullen ontstaan omdat u deze map zal verwijderen na de installatie).

----------------
Install don't work on IIS

[Liam]

Does this support R63 clients, if not, then why release another PHPRetro edit. There's enough edits (if it's the normal CMS)

./cache/ map is beschrijfbaar?
mislukt
U kunt CHMOD de directory./cache/ 777 of schakel alle cache features uit via housekeeping at the end of the instalation.
./install/ map is beschrijfbaar?
mislukt
Je config.php worden gecre�erd in deze map waarin u naar./includes/ na de instalatie. Graag CHMOD 777 ./install/ (geen beveiligings problemen zullen ontstaan omdat u deze map zal verwijderen na de installatie).

----------------
Install don't work on IIS

I think it's because you have to CHMOD the directory to 777. And PHPRetro doesn't work on IIS, it was made for Apache servers.

[EvilCoder]

It can work on IIS. With an smart head you'll get it working.

There's something called .htaccess in your htdocs. You can also import it to your IIS. + You need to change some php.ini settings.

~ me.

Please make sure if you release something. Its protected and safe to use!

Code:

	Line 25: $var = $_GET['var1'];
	Line 26: $var2 = $_GET['var2'];

	Line 26: $archive = $_GET['archive'];  
	Line 27: $pagenum = $_GET['pageNumber']; 

Line 28: $key = $_GET['key'];
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");


	Line 25: $label = $_GET['label'];

219 Possible exploits found. Not patched.
Please fix this didn't even scan for $_POST stuff. This was enough.

Learn to protect php. although the website is nice build.
Thanks for this share!

---
ADD $_POST:
---

Code:

 C:\Users\Administrator\Desktop\Rabbohotel\Rabbocms\forgot.php (5 hits)
	Line 29: 	if(isset($_POST['actionForgot'])){
	Line 31: 		$forgot_name = $input->FilterText($_POST['forgottenpw-username']);
	Line 32: 		$forgot_mail = $input->FilterText($_POST['forgottenpw-email']);
	Line 61: 	}elseif(isset($_POST['actionList'])){
	Line 63: 		$forgot_mail = $_POST['ownerEmailAddress'];

[jordynegen11]

It can work on IIS. With an smart head you'll get it working.

There's something called .htaccess in your htdocs. You can also import it to your IIS. + You need to change some php.ini settings.

~ me.

Please make sure if you release something. Its protected and safe to use!

Code:

	Line 25: $var = $_GET['var1'];
	Line 26: $var2 = $_GET['var2'];

	Line 26: $archive = $_GET['archive'];  
	Line 27: $pagenum = $_GET['pageNumber']; 

Line 28: $key = $_GET['key'];
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");


	Line 25: $label = $_GET['label'];

219 Possible exploits found. Not patched.
Please fix this didn't even scan for $_POST stuff. This was enough.

Learn to protect php. although the website is nice build.
Thanks for this share!

---
ADD $_POST:
---

Code:

 C:\Users\Administrator\Desktop\Rabbohotel\Rabbocms\forgot.php (5 hits)
	Line 29: 	if(isset($_POST['actionForgot'])){
	Line 31: 		$forgot_name = $input->FilterText($_POST['forgottenpw-username']);
	Line 32: 		$forgot_mail = $input->FilterText($_POST['forgottenpw-email']);
	Line 61: 	}elseif(isset($_POST['actionList'])){
	Line 63: 		$forgot_mail = $_POST['ownerEmailAddress'];

there is a filter for the exploits

[Zak©]

You see that Quick register. Would it work for the normal PHPRetro?

It would i need to modify somthing in there.

[jordynegen11]

You see that Quick register. Would it work for the normal PHPRetro?

It would i need to modify somthing in there.

no, You need to change the mysql stuff

[Squard]

Like the style yea!

[jordynegen11]

Why did you release your damn exploit cms?
Look at your hotel, being hacked by a lot of guys that hates you! =/
Army of Death mwha <3

ok where you see an exploit??? say it nuub

Like the style yea!

thx :p

[Joopie]

ok where you see an exploit??? say it nuub


thx :p

That's one:

PHP Code:

        $forgot_mail = $_POST['ownerEmailAddress'];
        if($serverdb->num_rows($serverdb->query("SELECT name FROM ".PREFIX."users WHERE email = '".$forgot_mail."'")) > 0){ 


Add: nice habfly logo by your register ??

[Tenkash]

That's one:

Code:

Line 63: 		$forgot_mail = $_POST['ownerEmailAddress'];

Add: nice habfly logo by your register ??

Damn why did you say that =[ you're bad!!!!

[Tenkash]

Cookie?!

Ofcourse cookie! with snoop pleas

ok where you see an exploit??? say it nuub


thx :p

Where i see a exploit?

1). includes/core.php
2). includes/classes.php
3). your register
4). more

Again rabbo hacked.

Preview:

<?php

/*================================================================+\

|| # PHPRetro - An extendable virtual hotel site and management

|+==================================================================

|| # Copyright (C) 2009 Yifan Lu. All rights reserved.

|| # Yifan Lu

|| # Parts Copyright (C) 2009 Meth0d. All rights reserved.

|| # Meth0d.org

|| # All images, scripts, and layouts

|| # Copyright (C) 2009 Sulake Ltd. All rights reserved.

|+==================================================================

|| # PHPRetro is provided "as is" and comes without

|| # warrenty of any kind. PHPRetro is free software!

|| # License: GNU Public License 3.0

|| # GNU General Public License Versions | Open Source Initiative

\+================================================================*/



/*-------------------------------------------------------*\

| ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |

+---------------------------------------------------------+

| If you get any errors while attempting to connect to |

| MySQL, you will need to email your webhost because we |

| cannot tell you the correct values for the variables |

| in this file. |

\*-------------------------------------------------------*/



// ****** MASTER DATABASE SETTINGS ******

// These are the settings required to connect to your Database.

$conn['main']['prefix'] = "cms_";

$conn['main']['server'] = "mysql"; //mysql, pgsql, sqlite, or mssql

$conn['main']['host'] = "localhost"; //filename for SQLite

$conn['main']['port'] = "3306";

$conn['main']['username'] = "rabbolip";

$conn['main']['password'] = "rabboguy2345";

$conn['main']['database'] = "rabbohot_48959";



// ****** HOTEL DATABASE SETTINGS ******

// EXPERIMENTAL!! Only turn this on if you know what to do. Please submit all

// bugs and your fix for them (if possible) to Google Project Hosting

// These are the settings required to connect to your hotel database Database.

$conn['server']['enabled'] = false;

$conn['server']['server'] = "mysql"; //mysql, pgsql, sqlite, or mssql

$conn['server']['host'] = "localhost"; //filename for SQLite

$conn['server']['port'] = "3306";

$conn['server']['username'] = "rabbohot_48959";

$conn['server']['password'] = "nilzvuilefaggot2323";

$conn['server']['database'] = "rabbohot_48959";

?>

preview2

C:/inetpub/wwwroot/InfobusDBOpen.sql
C:/inetpub/wwwroot/Kernel\
C:/inetpub/wwwroot/Public\
C:/inetpub/wwwroot/account.php
C:/inetpub/wwwroot/all.js
C:/inetpub/wwwroot/aod.php
C:/inetpub/wwwroot/article.php
C:/inetpub/wwwroot/articles.php
C:/inetpub/wwwroot/belcr.php
C:/inetpub/wwwroot/belcr2.php
C:/inetpub/wwwroot/belcr3.php
C:/inetpub/wwwroot/bg.gif
C:/inetpub/wwwroot/bg.png
C:/inetpub/wwwroot/bgfooter.png
C:/inetpub/wwwroot/bgha.png
C:/inetpub/wwwroot/bigdump.php
C:/inetpub/wwwroot/blank.gif
C:/inetpub/wwwroot/body.png
C:/inetpub/wwwroot/box.png
C:/inetpub/wwwroot/brons.php
C:/inetpub/wwwroot/cache\
C:/inetpub/wwwroot/captcha\
C:/inetpub/wwwroot/char.png
C:/inetpub/wwwroot/clave.png
C:/inetpub/wwwroot/client.php
C:/inetpub/wwwroot/client.txt
C:/inetpub/wwwroot/client_header.php
C:/inetpub/wwwroot/clientutils.php
C:/inetpub/wwwroot/club.php
C:/inetpub/wwwroot/collectables.php
C:/inetpub/wwwroot/community.php
C:/inetpub/wwwroot/config.conf
C:/inetpub/wwwroot/content.png
C:/inetpub/wwwroot/content2.png
C:/inetpub/wwwroot/credits.php
C:/inetpub/wwwroot/datos.png
C:/inetpub/wwwroot/derechos.png
C:/inetpub/wwwroot/discussions.php
C:/inetpub/wwwroot/donateur.php
C:/inetpub/wwwroot/ds.php
C:/inetpub/wwwroot/ds2.php
C:/inetpub/wwwroot/email.php
C:/inetpub/wwwroot/enter.png
C:/inetpub/wwwroot/error.php
C:/inetpub/wwwroot/event.php
C:/inetpub/wwwroot/facebook.png
C:/inetpub/wwwroot/family\
C:/inetpub/wwwroot/favicon.ico
C:/inetpub/wwwroot/fecha.png
C:/inetpub/wwwroot/fhfghh.php
C:/inetpub/wwwroot/forgot.php
C:/inetpub/wwwroot/fp.css
C:/inetpub/wwwroot/gold.php
C:/inetpub/wwwroot/green_large.png
C:/inetpub/wwwroot/groups.php
C:/inetpub/wwwroot/habblet\
C:/inetpub/wwwroot/habbo-imaging\
C:/inetpub/wwwroot/habbos.png
C:/inetpub/wwwroot/header_sprite_24bit.png
C:/inetpub/wwwroot/headerbg.jpg
C:/inetpub/wwwroot/headerboven.gif
C:/inetpub/wwwroot/help.php
C:/inetpub/wwwroot/helper.gif
C:/inetpub/wwwroot/history.php
C:/inetpub/wwwroot/home.php
C:/inetpub/wwwroot/hotel.gif
C:/inetpub/wwwroot/housekeeping\
C:/inetpub/wwwroot/images\
C:/inetpub/wwwroot/includes\
C:/inetpub/wwwroot/index.css
C:/inetpub/wwwroot/index.php
C:/inetpub/wwwroot/indexscript.php
C:/inetpub/wwwroot/install\
C:/inetpub/wwwroot/intermediate.php
C:/inetpub/wwwroot/iot.php
C:/inetpub/wwwroot/klaar.php
C:/inetpub/wwwroot/klaar2.php
C:/inetpub/wwwroot/klaar3.php
C:/inetpub/wwwroot/klaar4.php
C:/inetpub/wwwroot/landing.php
C:/inetpub/wwwroot/login_popup.php
C:/inetpub/wwwroot/logo.jpg
C:/inetpub/wwwroot/logo.png
C:/inetpub/wwwroot/logout.php
C:/inetpub/wwwroot/logout2.php
C:/inetpub/wwwroot/mainbg.gif
C:/inetpub/wwwroot/maintenance.php
C:/inetpub/wwwroot/maintenance_new.php
C:/inetpub/wwwroot/maintenance_tekst.php
C:/inetpub/wwwroot/me.php
C:/inetpub/wwwroot/navbg.gif
C:/inetpub/wwwroot/papers.php
C:/inetpub/wwwroot/pixels.php
C:/inetpub/wwwroot/profile.php
C:/inetpub/wwwroot/quick_captcha.php
C:/inetpub/wwwroot/quick_duplicateEmailLogin.php
C:/inetpub/wwwroot/quick_email_password.php
C:/inetpub/wwwroot/quick_start.php
C:/inetpub/wwwroot/quickregister.php
C:/inetpub/wwwroot/rabbovip.php
C:/inetpub/wwwroot/rabbovipgold.php
C:/inetpub/wwwroot/rabbovipsilver.php
C:/inetpub/wwwroot/rabcmsv2.rar
C:/inetpub/wwwroot/reauthenticate.php
C:/inetpub/wwwroot/reg.png
C:/inetpub/wwwroot/reg_bt.png
C:/inetpub/wwwroot/regalo.png
C:/inetpub/wwwroot/register-bg.gif
C:/inetpub/wwwroot/register.php
C:/inetpub/wwwroot/registration_background_step1.png
C:/inetpub/wwwroot/security_check.php
C:/inetpub/wwwroot/shadow.png
C:/inetpub/wwwroot/shop.php
C:/inetpub/wwwroot/sidebar_begin.png
C:/inetpub/wwwroot/sidebar_end.png
C:/inetpub/wwwroot/silhouette_boy.png
C:/inetpub/wwwroot/silhouette_girl.png
C:/inetpub/wwwroot/silver.php
C:/inetpub/wwwroot/snow.js
C:/inetpub/wwwroot/special-offers-button.png
C:/inetpub/wwwroot/sprite.png
C:/inetpub/wwwroot/staff.php
C:/inetpub/wwwroot/step_habbo_logo.png
C:/inetpub/wwwroot/system\
C:/inetpub/wwwroot/tab_active_left.png
C:/inetpub/wwwroot/tab_active_right.png
C:/inetpub/wwwroot/tab_inactive_left.png
C:/inetpub/wwwroot/tab_inactive_right.png
C:/inetpub/wwwroot/tag.php
C:/inetpub/wwwroot/tags.php
C:/inetpub/wwwroot/templates\
C:/inetpub/wwwroot/test.php
C:/inetpub/wwwroot/tryout.php
C:/inetpub/wwwroot/twitter.png
C:/inetpub/wwwroot/user.png
C:/inetpub/wwwroot/web-gallery\
C:/inetpub/wwwroot/web.config
C:/inetpub/wwwroot/welcome.php
C:/inetpub/wwwroot/white_medium.png
C:/inetpub/wwwroot/wwwroot.rar
C:/inetpub/wwwroot/xml\

[Merijn]

Ofcourse cookie! with snoop pleas



Where i see a exploit?

1). includes/core.php
2). includes/classes.php
3). your register
4). more

Again rabbo hacked.

Preview:


preview2

/laugh

Look at that evidence smile on his face.

[jordynegen11]

Cookie?!

thanks ik gonna fix it