Re: RevCMS Important Fix.
[QUOTE=DutchenL;8127345]Same here, anyone fix?
- - - Updated - - -
Ow lm methode 2 doesnt work because in the template that you use is the seckey not fully removed because it makes a md5("") hash
Just do methode 1 then... and stop spamming in the theard please!
==update @DutchenL uinder me Yeah its safe if you didnt make any exploit by yourself if you want it 100% then you need to use your brains and make a cms by your own :)
Re: RevCMS Important Fix.
I did method 1 but is it 100% safe now?
Re: RevCMS Important Fix.
It's clearly not safe because it's changing the Seckey once someone registers regardless because it's hash. You could fix this but it's a lot of work - changing seckey to not hash but you'd need to do it in the CMS as well.
- - - Updated - - -
Quote:
Originally Posted by
DutchenL
I did method 1 but is it 100% safe now?
Read ^
Re: RevCMS Important Fix.
Quote:
Originally Posted by
Gin0
It's clearly not safe because it's changing the Seckey once someone registers regardless because it's hash. You could fix this but it's a lot of work - changing seckey to not hash but you'd need to do it in the CMS as well.
- - - Updated - - -
Read ^
It is safe if you run that query once a time.
Re: RevCMS Important Fix.
If you wan't to play safe don't use PHP !
Re: RevCMS Important Fix.
Quote:
Originally Posted by
Spot Ify
Another easy fix is using this 2 query's:
PHP Code:
ALTER TABLE `users` MODIFY COLUMN `seckey` DEFAULT '1234';
Update users set seckey = '1';
if the first one is not working use this one:
ALTER TABLE `users`
MODIFY COLUMN `seckey` varchar(50) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL DEFAULT '1234' ;
PS YOU DONT NEED TO FIX THIS IF YOU HAVE A SECKEY! (Why number 1 because you never can hash something with md5 and get 1 as result :P md5 is always more as 10+ characters
Edit ---
updated the query's
Peaple just reaplace
Heres what you need to do to fix it with methode 1
search:
PHP Code:
final public function forgotten()
{
global $template, $_CONFIG, $core;
if(isset($_POST['forgot']))
{
$template->form->setData();
unset($template->form->error);
if($this->nameTaken($template->form->for_username))
{
if(strlen($template->form->for_password) > 6)
{
if($this->getInfo($this->getID($template->form->for_username), 'seckey') == $core->hashed($template->form->for_key))
{
$this->updateUser($this->getID($template->form->for_username), 'password', $core->hashed($template->form->for_password));
$template->form->error = 'Account recovered! Go <b><a href="index">here</a></b> to login!';
return;
}
else
{
$template->form->error = 'Secret key is incorrect';
return;
}
}
else
{
$template->form->error = 'Password must have more than 6 characters.';
return;
}
}
else
{
$template->form->error = 'Username does not exist';
return;
}
}
}
Replace it with:
PHP Code:
final public function forgotten()
{
}
thats the only thing <_< what you need to edit
maybe some rep for me and Jamal because we fixed it?
I don't call this fixing, i call it removing. Also looking at this peace of code... I figure the exploit is somewhere else located.. And you just disabled a form which is using one of the corrupted functions.. I think your login should also use the template->parse.. Someone should fix the template parsing part.. Easy... This is another reason why I don't use revCMS. lol'd
Re: RevCMS Important Fix.
Add a hidden <input> inside your register form for the seckey.
Re: RevCMS Important Fix.
Re: RevCMS Important Fix.
Does anyone here have contact with the RevCMS developers? Maybe they can have a look inside..
Re: RevCMS Important Fix.
Quote:
public function getRealIpAddress() {
if (!filter_var($_SERVER['REMOTE_ADDR'], FILTER_VALIDATE_IP)) {
return false;
}
return mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
}
Thanks to Marjolein
Read more
Re: RevCMS Important Fix.
Quote:
Originally Posted by
DutchenL
[SQL]ALTER TABLE `users` ADD `seckey` VARCHAR(999)
[Err] 1060 - Duplicate column name 'seckey'
Dude, you already have it.
Re: RevCMS Important Fix.
Quote:
Originally Posted by
EvilCoder
I don't call this fixing, i call it removing. Also looking at this peace of code... I figure the exploit is somewhere else located.. And you just disabled a form which is using one of the corrupted functions.. I think your login should also use the template->parse.. Someone should fix the template parsing part.. Easy... This is another reason why I don't use revCMS. lol'd
Removing the code of witch is an exploit is a fix?
Also there is from what i see nothing wrong with the log in sequence used on revCMS at all.
So if you think any different then please share? lol
Re: RevCMS Important Fix.
Quote:
Originally Posted by
Ryan
THIS IS TRUE!
Jamal hacks hotels through this exploit, fix this for your hotel first! Jamal knows the real exploit but don't put it here so he can take more hotels down ( making reclame for his own hotel ) .
I got hacked too by this "Sir Jamal"..
Thanks to Ryan.
Re: RevCMS Important Fix.
Quote:
Originally Posted by
Ryan
So THIS is the fix and not this thread?
Re: RevCMS Important Fix.
Quote:
Originally Posted by
DutchenL
So THIS is the fix and not this thread?
Yes, enjoy ;-)
