Also , I found out the exploit , it's a xss vulnerability. Unfortunately I don't have the home.php code of the mentioned home.php , if not i would have shared it.
Also , I found out the exploit , it's a xss vulnerability. Unfortunately I don't have the home.php code of the mentioned home.php , if not i would have shared it.
Last edited by Shoelace; 28-07-15 at 12:15 PM.
I LOVE the header, it's so creative!
I have a few suggestions:
You could use user_id as FK column in user_home instead of username, it's a good practice to always use an id column as FK if one is available. Also you seem to be using a different parameter in your queries each time while you're actually inserting a username every time. You could use :username as a parameter every time to make it more neat. The last thing is you're querying the user_home column two times, while you seem to be needing all the columns at the second time. You could select all the columns the first time and use those results twice. It will gain some miliseconds of speed! You're also making a connection to the database twice, that wouldn't be necessary.
This piece of code contains XSS leaks:
Always use htmlentities or htmlspecialchars if you're outputting data out of the database.Code:<div class="comment"> <IMG class="commentImg" SRC="http://www.habbo.nl/habbo-imaging/avatarimage?figure=<?php echo $look; ?>&direction=2&head_direction=3&gesture=sml&size=1" ALT="picture of a pumpkin"> <div class="commentText"> <h1 style=" font-weight: bold; text-shadow: 2px 0px 11px #6E6E6E;"><a href="?url=home&user=<?php echo $username; ?>"><span <?php if($rank == '3' || $rank == '4' || $rank == '5') echo 'class="staffText"'; ?> style="color: <?php echo $color; ?>; background-image: url('{url}/app/tpl/skins/Habbo/images/<?php if ($rank == '4' || $rank == '5') { echo 'staff.gif'; } else if ($rank == '2') { echo 'vip.gif'; } else if ($rank == '3') { echo 'rank3.gif'; } ?>');"><?php echo $username; ?></span></a> </h1> <p class="rank"><?php echo $rankName; ?></p> <p><?php echo $comment['comment']; ?></p> </div> <div class="reset">f</div> <hr>
Same goes for:
andCode:<div id="column2" class="column"> <div class="habblet-container guestBook about"> <div class="cbb clearfix yellow"> <h2 class="title">About <?php echo $user['username']; ?></h2> <?php if ($_SESSION['user']['id'] != null && $_SESSION['user']['id'] == $user['id']) { ?> <textarea class="long_desc" id="long_desc" rows="4" cols="39" name="long_description" form="long_description"><?php echo $home['long_description']; ?></textarea> <form id="long_description" action="" method="POST"> <input style="margin: 8px; float: right;" type="submit" value="Save"/> </form> <?php } else { ?> <p style="min-height: 80px;"><?php echo $home['long_description']; ?></p> <?php } ?> </div> </div> </div>
AndCode:<div class="friend"> <IMG class="friendIMG" SRC="http://www.habbo.nl/habbo-imaging/avatarimage?figure=<?php echo $friend['look']; ?>&direction=2&head_direction=3&gesture=sml&size=1" ALT="picture of a pumpkin"> <div class="friendText"> <a style="display: table;" href="?url=home&user=<?php echo $friend['username']; ?>"><h1 class="friendName <?php if($rank == '3' || $rank == '4' || $rank == '5') echo 'staffText'; ?>" style="display: table; color: <?php echo $color; ?>!important;background-image: url('{url}/app/tpl/skins/Habbo/images/<?php if ($rank == '4' || $rank == '5') { echo 'staff.gif'; } else if ($rank == '2') { echo 'vip.gif'; } else if ($rank == '3') { echo 'rank3.gif'; } ?>');"><?php echo $friend['username']; ?></h1> </a> <p>Motto: <?php echo $friend['motto']; ?></p> </div> <br> <br> <br> </div> <hr>
Never trust your enduser!Code:<div id="column1" class="column"> <div class="habblet-container guestBook friends"> <div class="cbb clearfix red"> <h2 class="title"><?php echo $user['username']; ?>'s Status</h2> <p style="padding: 8px;"><?php echo $user['username']; ?> is currently <?php if ($user['online'] == 1) { ?><span style="color: green;">Online</span> <?php } else { ?> <span style="color: red;">Offline</span> <?php } ?></p> </div> </div> </div>
Sorry, I don't like this. We're in 2015 and not in 2012 anymore. People need to step off this things. It's looks very old :/ Why are people still using revcms? I get sick of all this useless releases. There must be an apart sub section for rev cms shit, would be awesome!
The layout for posting an new comment looks to classic, it doesn't make any progress. It looks like time stands still. Also the code if I see above looks a mess and need more security filtering. You're echoing data without checking for XSS? Don't do that!! If you think everyone on the internet gonna brave use your website with no abuse you're wrong. There are always people that have an hobby to hack other people their website. Idk if you filter the POST data, that's also needed for Mysql injection. I don't saw the code, if I saw above I saw enough for not downloading it.
Last edited by streamhotel; 28-07-15 at 12:20 AM.
We use htmlentities when the user inserts the information to the database so that shouldn't be a problem.Originally Posted by Derpina
- - - Updated - - -
As I said we are using htmlentities when we INSERT the information to the database so the only way this can be used as an XSS exploit is if the hacker modify the database directly, and if he can do that he already have full admin access......
You shouldn't use htmlentities when you put something in the database, but when you echo it from the database. Also somebodys username could contain XSS, you don't have any control over that atm.
DOsn't really matter when I use htmlentities since It gets the same result? And true that with the username. I didn't actually think of that. I just presumed that the register function was clearing the data.
Thank you for your comments though! :)
Last edited by Vezel; 28-07-15 at 12:33 AM.
Re: RevCMS Habbo Skin Home/Profile Page + Guestbook + Visitor Count
Hello, is it possible that u code a "search for user" thing {Box with button} and this search leads to this home page. Thank you.
We've already did that in homes v2 :) just havnt updated the progress yet
I lik this release but ...
Only these homes are so many times released ..
Can you not release a original home as PHPRetro?
I get this error : Screenshot by Lightshot can you help me?
Go to youhotel.com/index.php?url=home&user=youname
And its works.
Even when I go to that still shows the first user in my database.. lol
Could you release the revcms minimail? Most of us wanted it for revcms.
It's still under development , currently added a report system where users can report minimails that are offensive to the hotel owners and so that the staff can view them and take action. Staff minimail is rather different though , they don't have the option to report , but they can view conversations from a certain user to another.
Also , I don't see anybody requesting for the minimails :P We are still thinking to release or not to
Just an idea, What do you think about trying to create a work filter for it too? Because I presume that people will use it to advertise,
So maybe you could do a check of some sort to check the mail, Using the banned_words table?
Anyway the project is looking great!
Reply With Quote