UberCMS Potential SQL exploit patch (housekeeping)

[Matthew]

I'm not sure why I should do this. This community has done nothing for me besides for a few individuals. Anyways, I'm not going to bitch. I'll keep this simple.

After coding an extra feature into the UberCMS housekeeping I noticed that when I opened login.php (in /manage/pages) I found that the variable $password was unfiltered. Now, whilst I'm not sure if you can exploit this due to it being hashed right after it still could potentially be one (hence the title).

So to tighten up security and possibly evade a MySQL injection we can easily patch it by:

1) Open login.php in /manage/pages
2) Find

PHP Code:

 $password = $core->uberHash($_POST['pwd']); 


3) Add the filter tags around it filter() like so:

PHP Code:

$password = filter($core->uberHash($_POST['pwd'])); 


And there you go. A potential exploit fixed.

Just to add: If you do not understand this don't post. And if some one does ask a question on how to set this up/put it in don't answer them. It's clear as day so don't ease their stupidity.

thx

[MentaL]

[wy479]

Kk thx

[Quackster]

I wish I knew about this sooner. No one uses uberCMS now.

Anyway nice notice there Matt. Thanks.

[wy479]

Whats something besides Uber and pheonix that is good?

[Matthew]

I wish I knew about this sooner. No one uses uberCMS now.

Anyway nice notice there Matt. Thanks.

Yeah. It's quite sad. Everyone is using shitty Phoenix CMS now.

[Kryptos]

This isn't an exploit, you don't have to filter it as it is hashed and pretty much impossible to exploit. A way to check if it is an exploit is to actually exploit it, you know. I bet you haven't done that.

I congratulate you for trying to contribute though, you should release some of your stuff someday, it seems you're not a complete idiot like others.

[Multi]

I wish I knew about this sooner. No one uses uberCMS now.

Anyway nice notice there Matt. Thanks.

I use UberCMS, and I'm always looking for exploits to patch :)

-----
So you're saying, this will patch it? (Possibly) ?? Or does it completely fuck it up?

---------- Post added at 02:41 PM ---------- Previous post was at 02:37 PM ----------

When I edited it, I noticed that the user names are filtered as well :P

[Ma Ma]

as mathew said just let me zip my mouth close and just don't say nothing to multi but good patch , you always must be sure of something instead of leaving it and thinking its hashed so its impossible to exploit it

[Matthew]

This isn't an exploit, you don't have to filter it as it is hashed and pretty much impossible to exploit. A way to check if it is an exploit is to actually exploit it, you know. I bet you haven't done that.

I congratulate you for trying to contribute though, you should release some of your stuff someday, it seems you're not a complete idiot like others.

That's what I was thinking also. Although this isn't really needed it's still a good security practice. Despite it being virtually impossible to send an exploit through a hash you never know. Maybe quotes and such? Better to be safe than sorry :)

But, that is why I did mark is a potential rather than critical.

[Davidaap]

I wish I knew about this sooner. No one uses uberCMS now.

Anyway nice notice there Matt. Thanks.

i use my own ubercmes edit


there are more exploits in ubercms where sql injection is possible

[Matthew]

i use my own ubercmes edit


there are more exploits in ubercms where sql injection is possible

Same. Could you tell me some? You don't have to here. In PM?

[Davidaap]

Same. Could you tell me some? You don't have to here. In PM?

i pm you :)

[skunken1]

i pm you :)

Pm me too :)

[jamieturner]

and me please, cheers.

[Davidaap]

no no and no :)

learn first to secure your website -,-

[Matthew]

Pm me too :)

What's the point in him PM'ing you anything about the exploits when you probably know nothing on the topic.

and me please, cheers.

Who are you asking? And to what ? (if me)

[Joopie]

Who are you asking? And to what ? (if me)

He ask if you'll add him xD

Btw, I think its useless to filter the password post.

Because:
The server get as response `' or '' = ''` (For example)

If you make a hash of it, you'll get something like: 08c0b7826294f319bdf2abf11b7af0fc

That's never a exploit? isn't?

[Matthew]

He ask if you'll add him xD

Btw, I think its useless to filter the password post.

Because:
The server get as response `' or '' = ''` (For example)

If you make a hash of it, you'll get something like: 08c0b7826294f319bdf2abf11b7af0fc

That's never a exploit? isn't?

Yeah I was thinking the same too but as said before I said potential for a reason. There *might* be a way of getting around the hash and executing a rogue query. We simply do not know. But it's better to be safe than sorry right? Like. If filtering is not going to change anything you may as well do it ? :)

[Joopie]

Yeah I was thinking the same too but as said before I said potential for a reason. There *might* be a way of getting around the hash and executing a rogue query. We simply do not know. But it's better to be safe than sorry right? Like. If filtering is not going to change anything you may as well do it ? :)

Uhm, Maby true :P, But I don't think it can xD

Btw, Change it also for the `index.php` i thought that one was also unfiltered

[RastaLulz]

This is not exploitable, as the value returned is a hash, and nothing more. You can not inject anything within the query as the value returned by uberHash will only be letters and numbers.

/facepalm

[Joopie]

This is not exploitable, as the value returned is a hash, and nothing more. You can not inject anything within the query as the value returned by uberHash will only be letters and numbers.

/facepalm

Thank you for repeating me?

[RastaLulz]

Thank you for repeating me?

Repeating you? I simply looked at the thread, and responded.

Also, thanks for repeating Kryptos.

[Hejula]

Thank you for repeating me?

You can't say that because you repeated what Kryptos said ;D

[Joopie]

You can't say that because you repeated what Kryptos said ;D

A, Yes, xD, I saw it wen RastaLulz posts his reaction xD, I always read the first post and the last few posts :P

[Roper]

Yeah. It's quite sad. Everyone is using shitty Phoenix CMS now.

Wrong, Habrockz and Luxo Hotel both use uberCMS but heavily modified.