[UberCMS] UberCMS Edited

**Amiroslo** · 28-08-12

cmon guys? Im not joking! I need to remove that shit!!
I just want the user to get redicted to the index page after he is done registering and enter the client normally -.-

**HallaHotel** · 29-08-12

Its a normal UberCMS not a edit. What was edited?

**zMagenta** · 02-09-12

Originally Posted by HallaHotel

Its a normal UberCMS not a edit. What was edited?

If you actually read the thread, you'll see that it's a revised version of my old edit. Therefore, it an edit of the original UberCMS. So yeah, fuck off.

**Bloodraven** · 17-09-12

Sorry to bump...

Exploit: article.php
Line: 42

You did not filter it:

PHP Code:


$id = $bits[0];

You should filter it by doing this:

PHP Code:


$id = mysql_real_escape_string($bits[0]);

Or whatever, you could use filter instead of mysql_real_escape_string if you have problems with that, Anyway full patched article.php:

PHP Code:


<?php
/*=======================================================================
| UberCMS - Advanced Website and Content Management System for uberEmu
| #######################################################################
| Copyright (c) 2010, Roy 'Meth0d'
| http://www.meth0d.org
| #######################################################################
| This program is free software: you can redistribute it and/or modify
| it under the terms of the GNU General Public License as published by
| the Free Software Foundation, either version 3 of the License, or
| (at your option) any later version.
| #######################################################################
| This program is distributed in the hope that it will be useful,
| but WITHOUT ANY WARRANTY; without even the implied warranty of
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
| GNU General Public License for more details.
\======================================================================*/

define('TAB_ID', 5);
define('PAGE_ID', 17);

require_once "global.php";

$articleData = null;

if (isset($_GET['mostRecent']))
{
    $getData = dbquery("SELECT * FROM site_news ORDER BY timestamp DESC LIMIT 1");
    
    if (mysql_num_rows($getData) > 0)
    {
        $articleData = mysql_fetch_assoc($getData);
    }
}
else if (isset($_GET['rel']))
{
    $rel = $_GET['rel'];
    
    if (strrpos($rel, '-') >= 1)
    {
        $bits = explode('-', $rel);
        $id = mysql_real_escape_string($bits[0]);
        
        $getData = dbquery("SELECT * FROM site_news WHERE id = '" . $id . "' LIMIT 1");
        
        if (mysql_num_rows($getData) > 0)
        {
            $articleData = mysql_fetch_assoc($getData);
        }
    }
}

$tpl->Init();

$tpl->AddGeneric('head-init');
$tpl->AddIncludeSet('generic');
$tpl->WriteIncludeFiles();
$tpl->AddGeneric('head-overrides-generic');
$tpl->AddGeneric('head-bottom');
$tpl->AddGeneric('generic-top');
    
$tpl->Write('<div id="column1" class="column">');

$newslist = new Template('comp-newslist');

if (isset($_GET['archiveMode']))
{
    $newslist->SetParam('mode', 'archive');
}
else if (isset($_GET['category']) && is_numeric($_GET['category']))
{
    $newslist->SetParam('mode', 'category');
    $newslist->SetParam('category_id', $_GET['category']);
}
else
{
    $newslist->SetParam('mode', 'recent');
}

$tpl->AddTemplate($newslist);

$tpl->Write('</div>');

$tpl->Write('<div id="column2" class="column">');

$article = new Template('comp-newsarticle');

if ($articleData != null)
{
    $article->SetParam('news_article_id', $articleData['id']);
    $article->SetParam('news_article_title', clean($articleData['title']));
    $article->SetParam('news_article_date', 'Posted ' . clean($articleData['datestr']));
    $article->SetParam('news_category', '<a href="/articles/category/' . $articleData['category_id'] . '">' . clean(mysql_result(dbquery("SELECT caption FROM site_news_categories WHERE id = '" . $articleData['category_id'] . "' LIMIT 1"), 0)) . '</a>');
    $article->SetParam('news_article_summary', clean($articleData['snippet']));
    $article->SetParam('news_article_body', clean($articleData['body'], true));
    
    $tpl->SetParam('page_title', 'News - ' . clean($articleData['title']));
}
else
{
    $article->SetParam('news_article_id', 0);
    $article->SetParam('news_article_title', 'News article not found');
    $article->SetParam('news_article_date', '');
    $article->SetParam('news_category', '');
    $article->SetParam('news_article_summary', '');
    $article->SetParam('news_article_body', "The article you were looking for could not be retrieved. Please press the 'back' button on your browser to return to your previous page.");    
    
    $tpl->SetParam('page_title', 'News - News Article not found');
}

$tpl->AddTemplate($article);
$tpl->Write('</div>');

$tpl->AddGeneric('generic-column3');
$tpl->AddGeneric('footer');

$tpl->SetParam('body_id', 'news');

$tpl->Output();

?>

If I find more I will update this post or post a new one, Again sorry to bump but I think its needed.

**zMagenta** · 27-09-12

Originally Posted by zJordan

Sorry to bump...

Exploit: article.php
Line: 42

You did not filter it:

PHP Code:


$id = $bits[0];

You should filter it by doing this:

PHP Code:


$id = mysql_real_escape_string($bits[0]);

Or whatever, you could use filter instead of mysql_real_escape_string if you have problems with that, Anyway full patched article.php:

PHP Code:


<?php
/*=======================================================================
| UberCMS - Advanced Website and Content Management System for uberEmu
| #######################################################################
| Copyright (c) 2010, Roy 'Meth0d'
| http://www.meth0d.org
| #######################################################################
| This program is free software: you can redistribute it and/or modify
| it under the terms of the GNU General Public License as published by
| the Free Software Foundation, either version 3 of the License, or
| (at your option) any later version.
| #######################################################################
| This program is distributed in the hope that it will be useful,
| but WITHOUT ANY WARRANTY; without even the implied warranty of
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
| GNU General Public License for more details.
\======================================================================*/

define('TAB_ID', 5);
define('PAGE_ID', 17);

require_once "global.php";

$articleData = null;

if (isset($_GET['mostRecent']))
{
    $getData = dbquery("SELECT * FROM site_news ORDER BY timestamp DESC LIMIT 1");
    
    if (mysql_num_rows($getData) > 0)
    {
        $articleData = mysql_fetch_assoc($getData);
    }
}
else if (isset($_GET['rel']))
{
    $rel = $_GET['rel'];
    
    if (strrpos($rel, '-') >= 1)
    {
        $bits = explode('-', $rel);
        $id = mysql_real_escape_string($bits[0]);
        
        $getData = dbquery("SELECT * FROM site_news WHERE id = '" . $id . "' LIMIT 1");
        
        if (mysql_num_rows($getData) > 0)
        {
            $articleData = mysql_fetch_assoc($getData);
        }
    }
}

$tpl->Init();

$tpl->AddGeneric('head-init');
$tpl->AddIncludeSet('generic');
$tpl->WriteIncludeFiles();
$tpl->AddGeneric('head-overrides-generic');
$tpl->AddGeneric('head-bottom');
$tpl->AddGeneric('generic-top');
    
$tpl->Write('<div id="column1" class="column">');

$newslist = new Template('comp-newslist');

if (isset($_GET['archiveMode']))
{
    $newslist->SetParam('mode', 'archive');
}
else if (isset($_GET['category']) && is_numeric($_GET['category']))
{
    $newslist->SetParam('mode', 'category');
    $newslist->SetParam('category_id', $_GET['category']);
}
else
{
    $newslist->SetParam('mode', 'recent');
}

$tpl->AddTemplate($newslist);

$tpl->Write('</div>');

$tpl->Write('<div id="column2" class="column">');

$article = new Template('comp-newsarticle');

if ($articleData != null)
{
    $article->SetParam('news_article_id', $articleData['id']);
    $article->SetParam('news_article_title', clean($articleData['title']));
    $article->SetParam('news_article_date', 'Posted ' . clean($articleData['datestr']));
    $article->SetParam('news_category', '<a href="/articles/category/' . $articleData['category_id'] . '">' . clean(mysql_result(dbquery("SELECT caption FROM site_news_categories WHERE id = '" . $articleData['category_id'] . "' LIMIT 1"), 0)) . '</a>');
    $article->SetParam('news_article_summary', clean($articleData['snippet']));
    $article->SetParam('news_article_body', clean($articleData['body'], true));
    
    $tpl->SetParam('page_title', 'News - ' . clean($articleData['title']));
}
else
{
    $article->SetParam('news_article_id', 0);
    $article->SetParam('news_article_title', 'News article not found');
    $article->SetParam('news_article_date', '');
    $article->SetParam('news_category', '');
    $article->SetParam('news_article_summary', '');
    $article->SetParam('news_article_body', "The article you were looking for could not be retrieved. Please press the 'back' button on your browser to return to your previous page.");    
    
    $tpl->SetParam('page_title', 'News - News Article not found');
}

$tpl->AddTemplate($article);
$tpl->Write('</div>');

$tpl->AddGeneric('generic-column3');
$tpl->AddGeneric('footer');

$tpl->SetParam('body_id', 'news');

$tpl->Output();

?>

If I find more I will update this post or post a new one, Again sorry to bump but I think its needed.

Thanks very much. This has now been updated.

**Gangnam** · 27-09-12

Seeing as this is bumped, it won't matter if I say thanks. Logged on to find a copy of uber to look at the HTML for the tags habblet (and some other things), and first thing I saw was just what I need. xD

**zMagenta** · 29-09-12

Originally Posted by Gangnam

Seeing as this is bumped, it won't matter if I say thanks. Logged on to find a copy of uber to look at the HTML for the tags habblet (and some other things), and first thing I saw was just what I need. xD

Thanks mate. :)

**streamhotel** · 30-09-12

I've got this error by accesing some pages 'com-vip-support', how can i fix that?

**zMagenta** · 01-10-12

Originally Posted by streamhotel

I've got this error by accesing some pages 'com-vip-support', how can i fix that?

Get another uber edit and find the page 'comp-vip-support'

**Speedy141** · 21-10-12

I have this index and register, someone knows how to fix?

**azaidi** · 21-10-12

Update your webbuild.

[UberCMS] UberCMS Edited

Thread Tools

Re: [UberCMS] UberCMS Edited

Re: [UberCMS] UberCMS Edited

Re: [UberCMS] UberCMS Edited

Re: [UberCMS] UberCMS Edited

Re: [UberCMS] UberCMS Edited

Re: [UberCMS] UberCMS Edited

Re: [UberCMS] UberCMS Edited

Re: [UberCMS] UberCMS Edited

Re: [UberCMS] UberCMS Edited

Re: [UberCMS] UberCMS Edited

Re: [UberCMS] UberCMS Edited

Advertisement