[UPDATE][REQUIRED] Uber 2.x.x - SQL Injection & PHP Backdoor Patch (Another one).

[Delici0us]

Warning

If you choose not to update, then that is your fault. At the bottom of this page I have included the exploit and how you execute it (and where it is located). If you have been raped from this exploit you must also edit the me.php (and me tpl file) to remove the “Kill Staff” script that was also embedded in his previous release.

Uber 2.x.x - Top Level Patch
Another nail in Jonty’s coffin.

Yesterday as you may have seen Jonty came back to release an update for UberCMS. I later found out it was just an update for the ASE (All Seeing Eye) folder that had contained an important and crucial bug fix. The fix was in there, I even witnessed the fix in place.

After looking thought the source earlier, after hearing about someone’s misfortune because of it I found something quite intriguing – He had patched the exploit, but had included and revamped his previous one. This time he had coded a shell upload utility, which could be reached from within the ASE.

Take a look at this [Code from the Index.php]

Code:

if (!HK_LOGGED_IN && $_cmd != 'login' && $_cmd != 'heyk')
{
    header("Location: " . HK_WWW . "/index.php?_cmd=login");
    exit;
}

If you’re not into PHP or just don’t have a clue what that means in English, here it is. If the housekeeping session is not registered, and the command is not login or heyk redirect to the login page.

Well, what is ‘HeyK’ you may ask – It is the way he was activating the shell. When you look further down you can see how.

Code:

    case 'heyk';
        require_once 'pages/yessir.php';
    break;

The yessir.php page contained the upload script and that’s how some people got hacked.

The ASE also contained another little trick, where he could also pass information to TPL files and as such write his own code. I know some sites have had their entire staff list deleted because of this.

It also contained some other little tricks that he had embedded into other pages. I looked over most of the code, and because some of the things exist all the way back to when it was first released by him I have decided not to inform you of them.

Yesterday I released his ASE as a patch, because at first that’s what I believed it to be. I would like to take this time to apologise to anyone that was poorly affected by this and in future I will ensure I read and clean all of his code before I try and help. This was in-appropriate for him to do. And I sincerely hope nobody else gets attacked by him.

On one last note, if you download my previous ASE download and his release – You will see they are identical.

P.S - If you want to hate on me, or say I’m in the wrong… Please do! At least I came back to fix this shitty mess he made. Oh, and if you think I made all of this up? Why does he have the MySQL details for THC-Hotel?

Code:

    $config['MySQL']['hostname'] = "216.245.213.26";
    $config['MySQL']['username'] = "thc_web";
    $config['MySQL']['password'] = "*******";
    $config['MySQL']['database'] = "thchotel";

[MentaL]

[Hejula]

Wow, haha. Thanks for this, appreciated.

[PRIZM]

Oh i like, thanks Delici0us

[Delici0us]

Wow, haha. Thanks for this, appreciated.

Glad I could be of assistance. Hopefully people become more wary of the code he feeds them and they learn to update.

Oh i like, thanks Delici0us

My pleasure

Hopefully this is the last time I have to patch his work.

[Bloodraven]

Jonty really is a complete twat then...

[Delici0us]

Jonty really is a complete twat then...

Did you expect anything else from him? He has an ego the size of a small planet, in his eyes the only hotel that deserves existence is ZAP (give him some credit, it’s a nice hotel). Lots of hotels have built up from his code so he must have saw a loophole for rape.

[Frippe]

Thanks for this! :) (maybe my ubercms has been hacked sometimes by this?).

EDIT: What do you mean with: "If you have been raped from this exploit you must also edit the me.php (and me tpl file) to remove the “Kill Staff” script that was also embedded in his previous release."?

[Delici0us]

Thanks for this! :) (maybe my ubercms has been hacked sometimes by this?).

EDIT: What do you mean with: "If you have been raped from this exploit you must also edit the me.php (and me tpl file) to remove the “Kill Staff” script that was also embedded in his previous release."?

If your hotel has staff, but the staff list keeps getting reset then the kill code has been inserted into the me.tpl (or me.php) that resets all ranks back to 1 every time it’s loaded.

[Frippe]

If your hotel has staff, but the staff list keeps getting reset then the kill code has been inserted into the me.tpl (or me.php) that resets all ranks back to 1 every time it’s loaded.

Yes it has on my cms!! What do I do?! I've downloaded the patch so it is fine now? This is annoying!

[Nilenz]

Thanks for the Fix for Exploits and Backdoors
I will be used this

[Delici0us]

Lasse, ignore please?

Send me the link to your hotel in PM and I'll tell you if you have been infected. If you have I'll clean it for you.

[Frippe]

Send me the link to your hotel in PM and I'll tell you if you have been infected. If you have I'll clean it for you.

I think it's fixed now but I will send you a PM if I still have the problem.

[Zak©]

Lol serves you all right for trusting that twat again.

[djboetz]

As i said several times ago, a lot people did not believe me.
"Jonty put an exploit in every work he release FREE on Public", he have hacked my hotel as well some months ago.

[Liam]

Now, this is exactly why you don't always rely on fuck heads like Jonty for your hotel, it's always best of making your own edit, or learning PHP.. And hasn't anyone learnt from Jonty's past, how much of a faggot he is? No one ever listens to other members, and trust me, Jonty is just greedy..