Register.php:
<?php $r = $_GET['r']; ?>
<?php $sql = mysql_query("SELECT * FROM users WHERE ip_last='$_SERVER[REMOTE_ADDR]'");
Exploit?
Register.php:
<?php $r = $_GET['r']; ?>
<?php $sql = mysql_query("SELECT * FROM users WHERE ip_last='$_SERVER[REMOTE_ADDR]'");
Exploit?
Does it work it butterfly? what about butterstorm?
Would just advise people do not waste your time and bandwidth of this cms, heap of crap full of exploits, very buggy as for translated maybe visible text but none of the holocms has been translated
Serious stop, its all scam, sure fun and interesting for noobs or to laugh for us, lol. But not really useful so it's CRAP...
Just thought I'd let you know as the main owner of Habtoon which ran on this CMS. That Ace/Krypt has a backdoor in this release so later on he can fuck with hotels that use it. Remove: /templates/login/ses.php
Thank me later, I took the time to register here just to say that, lmao.
Skimmed through the code. Very insecure and inefficient CMS, on one page I counted 26 mysql queries. Also noted 'mysql_real_escape_string' is thrown around alot, which does not ensure security. There's several ways around that function its self.
If you want to use this CMS, my recommendation is too re-write every query to MySQLi or PDO and prepair every query where a user-entered value is required to be input into the database, and look into either memcached or APC. Both work. Or do the right thing, and simply not use it.
A question: how can a CMS be R63 Old crypto or new crypto? I thought only emulators had something like that.
Anyways, looking good.
Good release,
but where can i change with how many credits you start,
Sorry for my bad english.
My advise to users : If you want (Ace) dropping your hotels database then proceed to use this cms if you want your hotel to be safe I would suggest REVCMS it may have less features but its safter
Has lime fixed this yet? :O omg I hope so (Not)! I wanna take down my first retro ;]
Ug... Another holo edit.