Phpretro edit by rabbo (fixed install!)

Results 1 to 14 of 14
  1. #1
    Right here, right now.. jordynegen11 is offline
    MemberRank
    Jul 2009 Join Date
    NetherlandsLocation
    398Posts

    Phpretro edit by rabbo (fixed install!)

    Hello ragezone!,
    Today i rerelease my cms

    test hotel: Rabbo-hotel.nl

    It is working for iis but then you're groups,homes and housekeeping don't working.
    It works perfect with xampp 1.7.3 or lower
    or a webhost

    Download: http://rabbo.servebeer.com/rabbocms2.rar

    Included:
    - Everything That's working on a normal phpretro

    Not included:


    -Belcredits shop
    -EventShop

    tut:
    How I install this??

    1. Import the database
    2. Go to http://Site here/install/install.php
    3. Follow the steps
    4. Move the config.php from the install foler to the inlucudes folder
    5. Delete the install map
    6. Done, You're cms i ready for use!

    credits:
    - Jordynegen11
    - hablux
    Last edited by jordynegen11; 15-01-12 at 11:20 AM.


  2. #2
    Enthusiast iPlay is offline
    MemberRank
    May 2011 Join Date
    41Posts

    Re: Phpretro edit by rabbo (fixed install!)

    ./cache/ map is beschrijfbaar?
    mislukt
    U kunt CHMOD de directory./cache/ 777 of schakel alle cache features uit via housekeeping at the end of the instalation.
    ./install/ map is beschrijfbaar?
    mislukt
    Je config.php worden gecre�erd in deze map waarin u naar./includes/ na de instalatie. Graag CHMOD 777 ./install/ (geen beveiligings problemen zullen ontstaan omdat u deze map zal verwijderen na de installatie).

    ----------------
    Install don't work on IIS

  3. #3
    Gamma Spamma Liam is offline
    MemberRank
    Dec 2011 Join Date
    Down UnderLocation
    2,946Posts

    Re: Phpretro edit by rabbo (fixed install!)

    Does this support R63 clients, if not, then why release another PHPRetro edit. There's enough edits (if it's the normal CMS)

    Quote Originally Posted by iPlay View Post
    ./cache/ map is beschrijfbaar?
    mislukt
    U kunt CHMOD de directory./cache/ 777 of schakel alle cache features uit via housekeeping at the end of the instalation.
    ./install/ map is beschrijfbaar?
    mislukt
    Je config.php worden gecre�erd in deze map waarin u naar./includes/ na de instalatie. Graag CHMOD 777 ./install/ (geen beveiligings problemen zullen ontstaan omdat u deze map zal verwijderen na de installatie).

    ----------------
    Install don't work on IIS
    I think it's because you have to CHMOD the directory to 777. And PHPRetro doesn't work on IIS, it was made for Apache servers.

  4. #4
    1 + 3 + 3 = 7 EvilCoder is offline
    MemberRank
    Jul 2009 Join Date
    /home/mvdworpLocation
    334Posts

    Re: Phpretro edit by rabbo (fixed install!)

    It can work on IIS. With an smart head you'll get it working.

    There's something called .htaccess in your htdocs. You can also import it to your IIS. + You need to change some php.ini settings.

    ~ me.

    Please make sure if you release something. Its protected and safe to use!

    Code:
    	Line 25: $var = $_GET['var1'];
    	Line 26: $var2 = $_GET['var2'];
    
    	Line 26: $archive = $_GET['archive'];  
    	Line 27: $pagenum = $_GET['pageNumber']; 
    
    Line 28: $key = $_GET['key'];
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    
    
    	Line 25: $label = $_GET['label'];

    219 Possible exploits found. Not patched.
    Please fix this didn't even scan for $_POST stuff. This was enough.

    Learn to protect php. although the website is nice build.
    Thanks for this share!

    ---
    ADD $_POST:
    ---

    Code:
     C:\Users\Administrator\Desktop\Rabbohotel\Rabbocms\forgot.php (5 hits)
    	Line 29: 	if(isset($_POST['actionForgot'])){
    	Line 31: 		$forgot_name = $input->FilterText($_POST['forgottenpw-username']);
    	Line 32: 		$forgot_mail = $input->FilterText($_POST['forgottenpw-email']);
    	Line 61: 	}elseif(isset($_POST['actionList'])){
    	Line 63: 		$forgot_mail = $_POST['ownerEmailAddress'];

  5. #5
    Right here, right now.. jordynegen11 is offline
    MemberRank
    Jul 2009 Join Date
    NetherlandsLocation
    398Posts

    Re: Phpretro edit by rabbo (fixed install!)

    Quote Originally Posted by Mister. M View Post
    It can work on IIS. With an smart head you'll get it working.

    There's something called .htaccess in your htdocs. You can also import it to your IIS. + You need to change some php.ini settings.

    ~ me.

    Please make sure if you release something. Its protected and safe to use!

    Code:
    	Line 25: $var = $_GET['var1'];
    	Line 26: $var2 = $_GET['var2'];
    
    	Line 26: $archive = $_GET['archive'];  
    	Line 27: $pagenum = $_GET['pageNumber']; 
    
    Line 28: $key = $_GET['key'];
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    	Line 123: ('".$_SERVER["REMOTE_ADDR"]."','".$user->id."','".$_GET['error']."','".$_GET['os']."','".$_GET['error_id']."','".$_GET['hookerror']."','".$_GET['hookmsga']."','".$_GET['hookmsgb']."','".$_GET['lastexecute']."','".$_GET['lastmessage']."','".$_GET['server_errors']."','".$_GET['lastroom']."','".$_GET['mus_errorcode']."','".$_GET['client_process_list']."','".$_GET['client_errors']."','".$_GET['neterr_cast']."','".$_GET['neterr_res']."','".$_GET['client_uptime']."')");
    
    
    	Line 25: $label = $_GET['label'];

    219 Possible exploits found. Not patched.
    Please fix this didn't even scan for $_POST stuff. This was enough.

    Learn to protect php. although the website is nice build.
    Thanks for this share!

    ---
    ADD $_POST:
    ---

    Code:
     C:\Users\Administrator\Desktop\Rabbohotel\Rabbocms\forgot.php (5 hits)
    	Line 29: 	if(isset($_POST['actionForgot'])){
    	Line 31: 		$forgot_name = $input->FilterText($_POST['forgottenpw-username']);
    	Line 32: 		$forgot_mail = $input->FilterText($_POST['forgottenpw-email']);
    	Line 61: 	}elseif(isset($_POST['actionList'])){
    	Line 63: 		$forgot_mail = $_POST['ownerEmailAddress'];
    there is a filter for the exploits

  6. #6
    Alpha Member Zak© is offline
    MemberRank
    Oct 2007 Join Date
    2,693Posts

    Re: Phpretro edit by rabbo (fixed install!)

    You see that Quick register. Would it work for the normal PHPRetro?

    It would i need to modify somthing in there.

  7. #7
    Right here, right now.. jordynegen11 is offline
    MemberRank
    Jul 2009 Join Date
    NetherlandsLocation
    398Posts

    Re: Phpretro edit by rabbo (fixed install!)

    Quote Originally Posted by Zak© View Post
    You see that Quick register. Would it work for the normal PHPRetro?

    It would i need to modify somthing in there.
    no, You need to change the mysql stuff
    Last edited by jordynegen11; 15-01-12 at 06:13 PM.

  8. #8
    Proficient Member Squard is offline
    MemberRank
    Dec 2011 Join Date
    155Posts

    Re: Phpretro edit by rabbo (fixed install!)

    Like the style yea!

  9. #9
    Right here, right now.. jordynegen11 is offline
    MemberRank
    Jul 2009 Join Date
    NetherlandsLocation
    398Posts

    Re: Phpretro edit by rabbo (fixed install!)

    Quote Originally Posted by Tenkash View Post
    Why did you release your damn exploit cms?
    Look at your hotel, being hacked by a lot of guys that hates you! =/
    Army of Death mwha <3
    ok where you see an exploit??? say it nuub

    Quote Originally Posted by Squard View Post
    Like the style yea!
    thx :p

  10. #10
    Live Ocottish Sverlord Joopie is offline
    LegendRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,773Posts

    Re: Phpretro edit by rabbo (fixed install!)

    Quote Originally Posted by jordynegen11 View Post
    ok where you see an exploit??? say it nuub


    thx :p
    That's one:
    PHP Code:
            $forgot_mail $_POST['ownerEmailAddress'];
            if(
    $serverdb->num_rows($serverdb->query("SELECT name FROM ".PREFIX."users WHERE email = '".$forgot_mail."'")) > 0){ 
    Add: nice habfly logo by your register ??

  11. #11
    Apprentice Tenkash is offline
    MemberRank
    Jan 2012 Join Date
    6Posts

    Re: Phpretro edit by rabbo (fixed install!)

    Quote Originally Posted by joopie View Post
    That's one:
    Code:
    Line 63: 		$forgot_mail = $_POST['ownerEmailAddress'];
    Add: nice habfly logo by your register ??
    Damn why did you say that =[ you're bad!!!!

  12. #12
    Apprentice Tenkash is offline
    MemberRank
    Jan 2012 Join Date
    6Posts

    Re: Phpretro edit by rabbo (fixed install!)

    Quote Originally Posted by joopie View Post
    Cookie?!
    Ofcourse cookie! with snoop pleas

    Quote Originally Posted by jordynegen11 View Post
    ok where you see an exploit??? say it nuub


    thx :p
    Where i see a exploit?

    1). includes/core.php
    2). includes/classes.php
    3). your register
    4). more

    Again rabbo hacked.

    Preview:
    <?php

    /*================================================================+\

    || # PHPRetro - An extendable virtual hotel site and management

    |+==================================================================

    || # Copyright (C) 2009 Yifan Lu. All rights reserved.

    || # Yifan Lu

    || # Parts Copyright (C) 2009 Meth0d. All rights reserved.

    || # Meth0d.org

    || # All images, scripts, and layouts

    || # Copyright (C) 2009 Sulake Ltd. All rights reserved.

    |+==================================================================

    || # PHPRetro is provided "as is" and comes without

    || # warrenty of any kind. PHPRetro is free software!

    || # License: GNU Public License 3.0

    || # GNU General Public License Versions | Open Source Initiative

    \+================================================================*/



    /*-------------------------------------------------------*\

    | ****** NOTE REGARDING THE VARIABLES IN THIS FILE ****** |

    +---------------------------------------------------------+

    | If you get any errors while attempting to connect to |

    | MySQL, you will need to email your webhost because we |

    | cannot tell you the correct values for the variables |

    | in this file. |

    \*-------------------------------------------------------*/



    // ****** MASTER DATABASE SETTINGS ******

    // These are the settings required to connect to your Database.

    $conn['main']['prefix'] = "cms_";

    $conn['main']['server'] = "mysql"; //mysql, pgsql, sqlite, or mssql

    $conn['main']['host'] = "localhost"; //filename for SQLite

    $conn['main']['port'] = "3306";

    $conn['main']['username'] = "rabbolip";

    $conn['main']['password'] = "rabboguy2345";

    $conn['main']['database'] = "rabbohot_48959";



    // ****** HOTEL DATABASE SETTINGS ******

    // EXPERIMENTAL!! Only turn this on if you know what to do. Please submit all

    // bugs and your fix for them (if possible) to Google Project Hosting

    // These are the settings required to connect to your hotel database Database.

    $conn['server']['enabled'] = false;

    $conn['server']['server'] = "mysql"; //mysql, pgsql, sqlite, or mssql

    $conn['server']['host'] = "localhost"; //filename for SQLite

    $conn['server']['port'] = "3306";

    $conn['server']['username'] = "rabbohot_48959";

    $conn['server']['password'] = "nilzvuilefaggot2323";

    $conn['server']['database'] = "rabbohot_48959";

    ?>
    preview2
    C:/inetpub/wwwroot/InfobusDBOpen.sql
    C:/inetpub/wwwroot/Kernel\
    C:/inetpub/wwwroot/Public\
    C:/inetpub/wwwroot/account.php
    C:/inetpub/wwwroot/all.js
    C:/inetpub/wwwroot/aod.php
    C:/inetpub/wwwroot/article.php
    C:/inetpub/wwwroot/articles.php
    C:/inetpub/wwwroot/belcr.php
    C:/inetpub/wwwroot/belcr2.php
    C:/inetpub/wwwroot/belcr3.php
    C:/inetpub/wwwroot/bg.gif
    C:/inetpub/wwwroot/bg.png
    C:/inetpub/wwwroot/bgfooter.png
    C:/inetpub/wwwroot/bgha.png
    C:/inetpub/wwwroot/bigdump.php
    C:/inetpub/wwwroot/blank.gif
    C:/inetpub/wwwroot/body.png
    C:/inetpub/wwwroot/box.png
    C:/inetpub/wwwroot/brons.php
    C:/inetpub/wwwroot/cache\
    C:/inetpub/wwwroot/captcha\
    C:/inetpub/wwwroot/char.png
    C:/inetpub/wwwroot/clave.png
    C:/inetpub/wwwroot/client.php
    C:/inetpub/wwwroot/client.txt
    C:/inetpub/wwwroot/client_header.php
    C:/inetpub/wwwroot/clientutils.php
    C:/inetpub/wwwroot/club.php
    C:/inetpub/wwwroot/collectables.php
    C:/inetpub/wwwroot/community.php
    C:/inetpub/wwwroot/config.conf
    C:/inetpub/wwwroot/content.png
    C:/inetpub/wwwroot/content2.png
    C:/inetpub/wwwroot/credits.php
    C:/inetpub/wwwroot/datos.png
    C:/inetpub/wwwroot/derechos.png
    C:/inetpub/wwwroot/discussions.php
    C:/inetpub/wwwroot/donateur.php
    C:/inetpub/wwwroot/ds.php
    C:/inetpub/wwwroot/ds2.php
    C:/inetpub/wwwroot/email.php
    C:/inetpub/wwwroot/enter.png
    C:/inetpub/wwwroot/error.php
    C:/inetpub/wwwroot/event.php
    C:/inetpub/wwwroot/facebook.png
    C:/inetpub/wwwroot/family\
    C:/inetpub/wwwroot/favicon.ico
    C:/inetpub/wwwroot/fecha.png
    C:/inetpub/wwwroot/fhfghh.php
    C:/inetpub/wwwroot/forgot.php
    C:/inetpub/wwwroot/fp.css
    C:/inetpub/wwwroot/gold.php
    C:/inetpub/wwwroot/green_large.png
    C:/inetpub/wwwroot/groups.php
    C:/inetpub/wwwroot/habblet\
    C:/inetpub/wwwroot/habbo-imaging\
    C:/inetpub/wwwroot/habbos.png
    C:/inetpub/wwwroot/header_sprite_24bit.png
    C:/inetpub/wwwroot/headerbg.jpg
    C:/inetpub/wwwroot/headerboven.gif
    C:/inetpub/wwwroot/help.php
    C:/inetpub/wwwroot/helper.gif
    C:/inetpub/wwwroot/history.php
    C:/inetpub/wwwroot/home.php
    C:/inetpub/wwwroot/hotel.gif
    C:/inetpub/wwwroot/housekeeping\
    C:/inetpub/wwwroot/images\
    C:/inetpub/wwwroot/includes\
    C:/inetpub/wwwroot/index.css
    C:/inetpub/wwwroot/index.php
    C:/inetpub/wwwroot/indexscript.php
    C:/inetpub/wwwroot/install\
    C:/inetpub/wwwroot/intermediate.php
    C:/inetpub/wwwroot/iot.php
    C:/inetpub/wwwroot/klaar.php
    C:/inetpub/wwwroot/klaar2.php
    C:/inetpub/wwwroot/klaar3.php
    C:/inetpub/wwwroot/klaar4.php
    C:/inetpub/wwwroot/landing.php
    C:/inetpub/wwwroot/login_popup.php
    C:/inetpub/wwwroot/logo.jpg
    C:/inetpub/wwwroot/logo.png
    C:/inetpub/wwwroot/logout.php
    C:/inetpub/wwwroot/logout2.php
    C:/inetpub/wwwroot/mainbg.gif
    C:/inetpub/wwwroot/maintenance.php
    C:/inetpub/wwwroot/maintenance_new.php
    C:/inetpub/wwwroot/maintenance_tekst.php
    C:/inetpub/wwwroot/me.php
    C:/inetpub/wwwroot/navbg.gif
    C:/inetpub/wwwroot/papers.php
    C:/inetpub/wwwroot/pixels.php
    C:/inetpub/wwwroot/profile.php
    C:/inetpub/wwwroot/quick_captcha.php
    C:/inetpub/wwwroot/quick_duplicateEmailLogin.php
    C:/inetpub/wwwroot/quick_email_password.php
    C:/inetpub/wwwroot/quick_start.php
    C:/inetpub/wwwroot/quickregister.php
    C:/inetpub/wwwroot/rabbovip.php
    C:/inetpub/wwwroot/rabbovipgold.php
    C:/inetpub/wwwroot/rabbovipsilver.php
    C:/inetpub/wwwroot/rabcmsv2.rar
    C:/inetpub/wwwroot/reauthenticate.php
    C:/inetpub/wwwroot/reg.png
    C:/inetpub/wwwroot/reg_bt.png
    C:/inetpub/wwwroot/regalo.png
    C:/inetpub/wwwroot/register-bg.gif
    C:/inetpub/wwwroot/register.php
    C:/inetpub/wwwroot/registration_background_step1.png
    C:/inetpub/wwwroot/security_check.php
    C:/inetpub/wwwroot/shadow.png
    C:/inetpub/wwwroot/shop.php
    C:/inetpub/wwwroot/sidebar_begin.png
    C:/inetpub/wwwroot/sidebar_end.png
    C:/inetpub/wwwroot/silhouette_boy.png
    C:/inetpub/wwwroot/silhouette_girl.png
    C:/inetpub/wwwroot/silver.php
    C:/inetpub/wwwroot/snow.js
    C:/inetpub/wwwroot/special-offers-button.png
    C:/inetpub/wwwroot/sprite.png
    C:/inetpub/wwwroot/staff.php
    C:/inetpub/wwwroot/step_habbo_logo.png
    C:/inetpub/wwwroot/system\
    C:/inetpub/wwwroot/tab_active_left.png
    C:/inetpub/wwwroot/tab_active_right.png
    C:/inetpub/wwwroot/tab_inactive_left.png
    C:/inetpub/wwwroot/tab_inactive_right.png
    C:/inetpub/wwwroot/tag.php
    C:/inetpub/wwwroot/tags.php
    C:/inetpub/wwwroot/templates\
    C:/inetpub/wwwroot/test.php
    C:/inetpub/wwwroot/tryout.php
    C:/inetpub/wwwroot/twitter.png
    C:/inetpub/wwwroot/user.png
    C:/inetpub/wwwroot/web-gallery\
    C:/inetpub/wwwroot/web.config
    C:/inetpub/wwwroot/welcome.php
    C:/inetpub/wwwroot/white_medium.png
    C:/inetpub/wwwroot/wwwroot.rar
    C:/inetpub/wwwroot/xml\

  13. #13
    hoi ik ben cool Merijn is offline
    MemberRank
    Dec 2009 Join Date
    The NetherlandsLocation
    492Posts

    Re: Phpretro edit by rabbo (fixed install!)

    Quote Originally Posted by Tenkash View Post
    Ofcourse cookie! with snoop pleas



    Where i see a exploit?

    1). includes/core.php
    2). includes/classes.php
    3). your register
    4). more

    Again rabbo hacked.

    Preview:


    preview2
    /laugh

    Look at that evidence smile on his face.

  14. #14
    Right here, right now.. jordynegen11 is offline
    MemberRank
    Jul 2009 Join Date
    NetherlandsLocation
    398Posts

    Re: Phpretro edit by rabbo (fixed install!)

    Quote Originally Posted by joopie View Post
    Cookie?!
    thanks ik gonna fix it



Advertisement