UberCMS Potential SQL exploit patch (housekeeping)

Page 1 of 2 12 LastLast
Results 1 to 25 of 40
  1. #1
    No, Just no. Matthew is offline
    MemberRank
    Jul 2008 Join Date
    United KingdomLocation
    1,408Posts

    UberCMS Potential SQL exploit patch (housekeeping)

    I'm not sure why I should do this. This community has done nothing for me besides for a few individuals. Anyways, I'm not going to bitch. I'll keep this simple.

    After coding an extra feature into the UberCMS housekeeping I noticed that when I opened login.php (in /manage/pages) I found that the variable $password was unfiltered. Now, whilst I'm not sure if you can exploit this due to it being hashed right after it still could potentially be one (hence the title).

    So to tighten up security and possibly evade a MySQL injection we can easily patch it by:

    1) Open login.php in /manage/pages
    2) Find
    PHP Code:
     $password $core->uberHash($_POST['pwd']); 
    3) Add the filter tags around it filter() like so:
    PHP Code:
    $password filter($core->uberHash($_POST['pwd'])); 
    And there you go. A potential exploit fixed.

    Just to add: If you do not understand this don't post. And if some one does ask a question on how to set this up/put it in don't answer them. It's clear as day so don't ease their stupidity.

    thx


  2. #2
    Learning C# - Developer wy479 is offline
    MemberRank
    Nov 2010 Join Date
    :O You PERVERT!Location
    1,132Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Kk thx

  3. #3
    Developer Quackster is offline
    DeveloperRank
    Dec 2010 Join Date
    AustraliaLocation
    3,483Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    I wish I knew about this sooner. No one uses uberCMS now.

    Anyway nice notice there Matt. Thanks.

  4. #4
    Learning C# - Developer wy479 is offline
    MemberRank
    Nov 2010 Join Date
    :O You PERVERT!Location
    1,132Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Whats something besides Uber and pheonix that is good?

  5. #5
    No, Just no. Matthew is offline
    MemberRank
    Jul 2008 Join Date
    United KingdomLocation
    1,408Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by Quackster View Post
    I wish I knew about this sooner. No one uses uberCMS now.

    Anyway nice notice there Matt. Thanks.
    Yeah. It's quite sad. Everyone is using shitty Phoenix CMS now.

  6. #6
    prjRev.com Kryptos is offline
    MemberRank
    Feb 2010 Join Date
    Planet EarthLocation
    579Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    This isn't an exploit, you don't have to filter it as it is hashed and pretty much impossible to exploit. A way to check if it is an exploit is to actually exploit it, you know. I bet you haven't done that.

    I congratulate you for trying to contribute though, you should release some of your stuff someday, it seems you're not a complete idiot like others.

  7. #7
    Member Multi is offline
    MemberRank
    Jul 2011 Join Date
    85Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by Quackster View Post
    I wish I knew about this sooner. No one uses uberCMS now.

    Anyway nice notice there Matt. Thanks.
    I use UberCMS, and I'm always looking for exploits to patch :)

    -----
    So you're saying, this will patch it? (Possibly) ?? Or does it completely fuck it up?

    ---------- Post added at 02:41 PM ---------- Previous post was at 02:37 PM ----------

    When I edited it, I noticed that the user names are filtered as well :P

  8. #8
    Account Upgraded | Title Enabled! Ma Ma is offline
    MemberRank
    Jan 2011 Join Date
    home.phpLocation
    580Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    as mathew said just let me zip my mouth close and just don't say nothing to multi but good patch , you always must be sure of something instead of leaving it and thinking its hashed so its impossible to exploit it

  9. #9
    No, Just no. Matthew is offline
    MemberRank
    Jul 2008 Join Date
    United KingdomLocation
    1,408Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by Kryptos View Post
    This isn't an exploit, you don't have to filter it as it is hashed and pretty much impossible to exploit. A way to check if it is an exploit is to actually exploit it, you know. I bet you haven't done that.

    I congratulate you for trying to contribute though, you should release some of your stuff someday, it seems you're not a complete idiot like others.
    That's what I was thinking also. Although this isn't really needed it's still a good security practice. Despite it being virtually impossible to send an exploit through a hash you never know. Maybe quotes and such? Better to be safe than sorry :)

    But, that is why I did mark is a potential rather than critical.
    Last edited by Matthew; 17-07-11 at 07:05 AM.

  10. #10
    What about no. Davidaap is offline
    MemberRank
    Nov 2009 Join Date
    773Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by Quackster View Post
    I wish I knew about this sooner. No one uses uberCMS now.

    Anyway nice notice there Matt. Thanks.
    i use my own ubercmes edit


    there are more exploits in ubercms where sql injection is possible

  11. #11
    No, Just no. Matthew is offline
    MemberRank
    Jul 2008 Join Date
    United KingdomLocation
    1,408Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by davidaap View Post
    i use my own ubercmes edit


    there are more exploits in ubercms where sql injection is possible
    Same. Could you tell me some? You don't have to here. In PM?

  12. #12
    What about no. Davidaap is offline
    MemberRank
    Nov 2009 Join Date
    773Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by Matthew View Post
    Same. Could you tell me some? You don't have to here. In PM?
    i pm you :)

  13. #13
    Member skunken1 is offline
    MemberRank
    Aug 2007 Join Date
    71Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by davidaap View Post
    i pm you :)
    Pm me too :)

  14. #14
    Account Upgraded | Title Enabled! jamieturner is offline
    MemberRank
    Oct 2010 Join Date
    United KingdomLocation
    359Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    and me please, cheers.

  15. #15
    What about no. Davidaap is offline
    MemberRank
    Nov 2009 Join Date
    773Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    no no and no :)

    learn first to secure your website -,-

  16. #16
    No, Just no. Matthew is offline
    MemberRank
    Jul 2008 Join Date
    United KingdomLocation
    1,408Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by skunken1 View Post
    Pm me too :)
    What's the point in him PM'ing you anything about the exploits when you probably know nothing on the topic.

    Quote Originally Posted by jamieturner View Post
    and me please, cheers.
    Who are you asking? And to what ? (if me)

  17. #17
    Live Ocottish Sverlord Joopie is offline
    LegendRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,773Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by Matthew View Post
    Who are you asking? And to what ? (if me)
    He ask if you'll add him xD

    Btw, I think its useless to filter the password post.

    Because:
    The server get as response `' or '' = ''` (For example)

    If you make a hash of it, you'll get something like: 08c0b7826294f319bdf2abf11b7af0fc

    That's never a exploit? isn't?

  18. #18
    No, Just no. Matthew is offline
    MemberRank
    Jul 2008 Join Date
    United KingdomLocation
    1,408Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by joopie View Post
    He ask if you'll add him xD

    Btw, I think its useless to filter the password post.

    Because:
    The server get as response `' or '' = ''` (For example)

    If you make a hash of it, you'll get something like: 08c0b7826294f319bdf2abf11b7af0fc

    That's never a exploit? isn't?
    Yeah I was thinking the same too but as said before I said potential for a reason. There *might* be a way of getting around the hash and executing a rogue query. We simply do not know. But it's better to be safe than sorry right? Like. If filtering is not going to change anything you may as well do it ? :)

  19. #19
    Live Ocottish Sverlord Joopie is offline
    LegendRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,773Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by Matthew View Post
    Yeah I was thinking the same too but as said before I said potential for a reason. There *might* be a way of getting around the hash and executing a rogue query. We simply do not know. But it's better to be safe than sorry right? Like. If filtering is not going to change anything you may as well do it ? :)
    Uhm, Maby true :P, But I don't think it can xD

    Btw, Change it also for the `index.php` i thought that one was also unfiltered

  20. #20
    Gamma RastaLulz is offline
    MemberRank
    Dec 2007 Join Date
    EarthLocation
    3,327Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    This is not exploitable, as the value returned is a hash, and nothing more. You can not inject anything within the query as the value returned by uberHash will only be letters and numbers.

    /facepalm

  21. #21
    Live Ocottish Sverlord Joopie is offline
    LegendRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,773Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by RastaLulz View Post
    This is not exploitable, as the value returned is a hash, and nothing more. You can not inject anything within the query as the value returned by uberHash will only be letters and numbers.

    /facepalm
    Thank you for repeating me?

  22. #22
    Gamma RastaLulz is offline
    MemberRank
    Dec 2007 Join Date
    EarthLocation
    3,327Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by joopie View Post
    Thank you for repeating me?
    Repeating you? I simply looked at the thread, and responded.

    Also, thanks for repeating Kryptos.

  23. #23
    The one and only! Hejula is offline
    MemberRank
    Nov 2008 Join Date
    4,128Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by joopie View Post
    Thank you for repeating me?
    You can't say that because you repeated what Kryptos said ;D

  24. #24
    Live Ocottish Sverlord Joopie is offline
    LegendRank
    Jun 2010 Join Date
    The NetherlandsLocation
    2,773Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by Hejula View Post
    You can't say that because you repeated what Kryptos said ;D
    A, Yes, xD, I saw it wen RastaLulz posts his reaction xD, I always read the first post and the last few posts :P

  25. #25
    hi i'm robbie Roper is offline
    MemberRank
    Oct 2008 Join Date
    /home/roperLocation
    2,283Posts

    Re: UberCMS Potential SQL exploit patch (housekeeping)

    Quote Originally Posted by Matthew View Post
    Yeah. It's quite sad. Everyone is using shitty Phoenix CMS now.
    Wrong, Habrockz and Luxo Hotel both use uberCMS but heavily modified.



Page 1 of 2 12 LastLast

Advertisement