UberCMS Potential SQL exploit patch (housekeeping)

[Matthew]

I'm not sure why I should do this. This community has done nothing for me besides for a few individuals. Anyways, I'm not going to bitch. I'll keep this simple.

After coding an extra feature into the UberCMS housekeeping I noticed that when I opened login.php (in /manage/pages) I found that the variable $password was unfiltered. Now, whilst I'm not sure if you can exploit this due to it being hashed right after it still could potentially be one (hence the title).

So to tighten up security and possibly evade a MySQL injection we can easily patch it by:

1) Open login.php in /manage/pages
2) Find

PHP Code:

 $password = $core->uberHash($_POST['pwd']); 


3) Add the filter tags around it filter() like so:

PHP Code:

$password = filter($core->uberHash($_POST['pwd'])); 


And there you go. A potential exploit fixed.

Just to add: If you do not understand this don't post. And if some one does ask a question on how to set this up/put it in don't answer them. It's clear as day so don't ease their stupidity.

thx

[MentaL]

[wy479]

Kk thx

[Quackster]

I wish I knew about this sooner. No one uses uberCMS now.

Anyway nice notice there Matt. Thanks.

[wy479]

Whats something besides Uber and pheonix that is good?

[Matthew]

I wish I knew about this sooner. No one uses uberCMS now.

Anyway nice notice there Matt. Thanks.

Yeah. It's quite sad. Everyone is using shitty Phoenix CMS now.

[Kryptos]

This isn't an exploit, you don't have to filter it as it is hashed and pretty much impossible to exploit. A way to check if it is an exploit is to actually exploit it, you know. I bet you haven't done that.

I congratulate you for trying to contribute though, you should release some of your stuff someday, it seems you're not a complete idiot like others.

[Multi]

I wish I knew about this sooner. No one uses uberCMS now.

Anyway nice notice there Matt. Thanks.

I use UberCMS, and I'm always looking for exploits to patch :)

-----
So you're saying, this will patch it? (Possibly) ?? Or does it completely fuck it up?

---------- Post added at 02:41 PM ---------- Previous post was at 02:37 PM ----------

When I edited it, I noticed that the user names are filtered as well :P

[Ma Ma]

as mathew said just let me zip my mouth close and just don't say nothing to multi but good patch , you always must be sure of something instead of leaving it and thinking its hashed so its impossible to exploit it

[Matthew]

This isn't an exploit, you don't have to filter it as it is hashed and pretty much impossible to exploit. A way to check if it is an exploit is to actually exploit it, you know. I bet you haven't done that.

I congratulate you for trying to contribute though, you should release some of your stuff someday, it seems you're not a complete idiot like others.

That's what I was thinking also. Although this isn't really needed it's still a good security practice. Despite it being virtually impossible to send an exploit through a hash you never know. Maybe quotes and such? Better to be safe than sorry :)

But, that is why I did mark is a potential rather than critical.

[Davidaap]

I wish I knew about this sooner. No one uses uberCMS now.

Anyway nice notice there Matt. Thanks.

i use my own ubercmes edit


there are more exploits in ubercms where sql injection is possible

[Matthew]

i use my own ubercmes edit


there are more exploits in ubercms where sql injection is possible

Same. Could you tell me some? You don't have to here. In PM?

[Davidaap]

Same. Could you tell me some? You don't have to here. In PM?

i pm you :)

[skunken1]

i pm you :)

Pm me too :)

[jamieturner]

and me please, cheers.

[Davidaap]

no no and no :)

learn first to secure your website -,-