Why would you use something from someone with one post?
Printable View
Why would you use something from someone with one post?
Pretty sure there's an exploit.
Hint: Something to do with rooms. ;)
I know this because the Habtoon.com guy paid me to fix it. :P:
Exactly what I thought, there is always exploits. :):Quote:
Originally Posted by Leon
Here's the exploit.
Go into /room.php
and go to line 48.
Very pro!PHP Code:<?php
if(!empty($_GET['roomId'])){
$ROOMSQL = mysql_query("SELECT * FROM rooms WHERE id = '".$_GET['roomId']."'");
$ROOMSQL_RESULT = mysql_fetch_assoc($ROOMSQL);
$ROOMSQL_RESULTNUM = mysql_num_rows($ROOMSQL);
}
I bet there's wayyy more, I just cba looking.
Ima get Havij out and try my luck at being a 12-year old script kiddy faggot :]
Now I just need a phoenix license^^
lol, another holocms EDIT. Don't call it your own cms then. get to bed.
I've looked in the source for a bit and found a file that seems to have some exploits, not really sure as i am still a beginner with php.
File: Roomshop
The Register don't work? ._.
Attachment 118131
I also fixed that for someone, make sure you give things in the users table default values, or turn off strict in your MySQL.ini. :P:Quote:
Originally Posted by Syndr0m
Register.php:
<?php $r = $_GET['r']; ?>
<?php $sql = mysql_query("SELECT * FROM users WHERE ip_last='$_SERVER[REMOTE_ADDR]'");
Exploit?
Does it work it butterfly? what about butterstorm?
Hi, i'm new, so sorry for this 'maybe awfull' question.
Client works, everything works... But when i go to the navigator and clicks on ´Me´ or ´My rooms´ i only get Loading...
And my emu looks like this:
Attachment 118136
Can anybody help me, please?
thanks alot, :blush:
Would just advise people do not waste your time and bandwidth of this cms, heap of crap full of exploits, very buggy as for translated maybe visible text but none of the holocms has been translated
What CMS should I use then?Quote:
Originally Posted by Johno
