UberCMS Potential SQL exploit patch (housekeeping)

[Makarov]

You can't say that because you repeated what Kryptos said ;D

You can't say that because you repeated what Habbo said ;D

[Jonteh]

Jonty, it wasn't aimed at you. I never claimed to be a professional. I could probably write a hole CMS if I really wanted to. I have an understanding of most things. But I couldn't write forum software like.. vBulletin. So, I'm kind of inbetween. I didn't know what to name my self so I thought novice might be the best one. Considering It's only been a few months, ya know? Or maybe a better word would be like.. 'standard'? I'm not sure now to measure coding knowledge.

Yeah, realised after I posted. Thought you quoted my post. Sorry.

Standard is a good word. I don't know what to class myself but after writing a few CMS systems I find it now rather quite easy to write a CMS - but that's probably not my skill just how used to it I am.

If you require any help feel free to ask me. Also - I might have scoped you out for a project I may start later if you're interested.

Jcat

[Davidaap]

I also use an uberCMS edit. However i've had my cms fully secured for a while now. That won't be an exploit in a password field cause it's hashed and it's not counted as real input? I'm not sure how it's processed.

Thanks though.

Jontycat

fully secured? :

Code:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''' LIMIT 1' at line 1

no not fully secured ;)

[RastaLulz]

'k. You're 3 posts late. This has been said already. Understand I'm a novice programmer (I've only being doing this a few months and im learning still) and that I'm not stupid. The mark 'Potential' in the title means I'm not sure if it is. I released something which *could* have been very beneficial to the community. Some one else could've found this out before me and gone around exploiting hotels have this not been a hash.

Three posts late? Sorry, I forgot that once a thread has been responded to with common sense that no one after that was allowed to respond, with additional common sense. I love how you take my post as an insult - it was simply telling you what the issue was, and how the code itself was not exploitable.


I don't care if you're learning or not - you shouldn't be releasing stuff that you haven't even bothered testing, or researching. That's like me coding a template purely in Notepad, and releasing it without checking it in my browser for issues within the code before I released it.

So, whilst the release its self as not useful. The thought of releasing a fix to release a *maybe* exploit is, imho.

Really? Because I know that when people run a web script, they never worry about exploits within the script itself; thank you for enlightening all of us on how to patch stuff that is already patched.

Also, you was once like me in terms of knowledge of programming so ending your post with "/facepalm" is hypercritical of you as you once make mistakes and didn't take things into account your self.

When I used "/facepalm", I was simply referring to your continuation of telling people that it could be possible for someone to exploit this, instead of listening to them, and learning from what they told you.

So shut the fuck up, all of you. I'm now aware and I was after Kyrptos' post

Then close the thread, as it is worthless.

[Matthew]

I love how you take my post as an insult - it was simply telling you what the issue was, and how the code itself was not exploitable.

Yes. But I realised that before, if you bothered to read. I didn't take your post as an insult. If people get insulted of what's wrote on the internet they are weak and stupid.

I don't care if you're learning or not - you shouldn't be releasing stuff that you haven't even bothered testing.

Fair enough. I did, but as stated before I don't know that much. Just enough. There might have been other possible ways. However I won't bother releasing the other patches in the future. The actual serious ones. (thanks David).

I just think there has been a miscommunication here that's all. So folks this isn't an exploit. I just thought it might have been with out realising what it does fully.

[donszeh]

Thanks for the patch amen.

[ThePeaul]

Finally. Thx mate

[XenoGFX]

The password is sha1'd it doesnt need to be filtered...........why would you filter a sha1 hash? since its hashed anything they enter will be hashed.

$not_secure = $_POST['password'];
$secure = $core->sha1thisbitch($_POST['password']);

[Inote]

The password is sha1'd it doesnt need to be filtered...........why would you filter a sha1 hash? since its hashed anything they enter will be hashed.

$not_secure = $_POST['password'];
$secure = $core->sha1thisbitch($_POST['password']);

And this has been mentioned in this thread like 10 times over, why do you feel the need too repeat everybody lol.
Posted via Mobile Device

[Muscab]

Atleast you bothered to throw in a contribution you should be getting thanked for attempting to.

Nice attempt ;)