-
MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Downloads:
http://www.sendspace.com/file/c0x57u
RapidShare: 1-Click Webhosting
What have been changed?
- index.php
- modules/user.php
- modules/user/uploadscreen.php
- modules/user/mail.php
- logs.php
- includes/web_modules.php
- includes/mail_functions.php
- includes/admin_functions.php
- modules/user/request.php
problems solved:- mail - fixed.
- xss -fixed.
- php injection - fixed.
- lfi - fixed.
notice:
i fixed the shell i left there http://www.muweb.org/images/smilies/biggrin.gif thx all
Credits
- MadCodeX & = Master =
enjoy!
:drinks_no
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Approved, use this at your own risk.
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Thanks for posting here:jester:
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Can you plss Share only the Code for Index PHP so we dont need to edit Our Index from Sratch...
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
MuWeb=0% Securiti Can Be Injected Can Be Hacked from Profile.php User Gallery.php and more
muweb have good templates but bad protection in a forum i see 300 user ho get sql inject in 1 day with muweb 0.8 :poster_ss
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
thanks , nice nice ^^.
10/10
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
MadCodeX from lasthopemu hacked alot of other mu site..
don't trust him!!!!
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
nice update i have instaled this muweb and today they deleted my "MuOnline" database and "Ranking"...
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Quote:
Originally Posted by
Dorin1
nice update i have instaled this muweb and today they deleted my "MuOnline" database and "Ranking"...
read my post from 2 rows top.
madcodex is a hacker.
he will put redirec sites to lashopemu in your server.
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
lets see will =Master= approve this
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Quote:
Originally Posted by
gum12345
MadCodeX from lasthopemu hacked alot of other mu site..
don't trust him!!!!
we all trust =Master= and master trust him
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Quote:
Originally Posted by
Fant0ma
MuWeb=0% Securiti Can Be Injected Can Be Hacked from Profile.php User Gallery.php and more
muweb have good templates but bad protection in a forum i see 300 user ho get sql inject in 1 day with muweb 0.8 :poster_ss
true,true,true ......
Its damn true.... in my dabase was delete .. those tables :
1.Character
2.Memb_info
Without those the server its down.....
I whant help with this injections.... (If some one know more about PHP)
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
hmm i've tested this and it really works ... no hack for the moment ... so i can say that it works and it's aproved by Master ...
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Quote:
Originally Posted by
baitzashul
true,true,true ......
Its damn true.... in my dabase was delete .. those tables :
1.Character
2.Memb_info
Without those the server its down.....
I whant help with this injections.... (If some one know more about PHP)
Yep, me too.
Someone just delete the Char and Memb_info table...
Had to restore but I had backup lol.
A lot of servers got this problem in the past week ...
What's happening?:juggle:
Not cool...
Only fcking guys... :poster_ss
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
=Master= = Noob
MuWeb= 0% Protection
Result A Noob Coder+A Noob Web trust me u will have all problems with hakers use mutoolz peopel trust me :poster_ss
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
and why you use his scripts? :)) master is not noob,you are.Try to do what master do(mu web 0.1-0.8) and after you can say master is noob.
I dont think hi did this "security" upgrade,why he dont post it here?In his forum is posted a upgrade like this but nobody complains problems!
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Quote:
Originally Posted by
Jumeirah
Yep, me too.
Someone just delete the Char and Memb_info table...
Had to restore but I had backup lol.
A lot of servers got this problem in the past week ...
What's happening?:juggle:
Not cool...
Only fcking guys... :poster_ss
ready for some nightmare..
ppl asking why rollback..... >_< and you can't restore only 2 those.
or it will not allowed new registrations.
must do full restore.
i got charater+mem_info delete. 2 time....... not this script but my fix one. with fix hacked.
i think it;s a new hold in muweb..
watch out!!!!
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
index.php is still unsecure!!!
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
can u show us some protection??
and topmu got nice WEB.!
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
well then post here what other bugs has muweb so we can fix them
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Maybe better to make a guide "How to protect webserver" because even if the website is 101% secure, the webserver can still be hacked... ?
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
it seems secured... and approved by Master ... so don't worry ;) use it ...
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
i don`t aprove this thread, i don`t have time to check all files
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Quote:
Originally Posted by
Fant0ma
=Master= = Noob
MuWeb= 0% Protection
Result A Noob Coder+A Noob Web trust me u will have all problems with hakers use mutoolz peopel trust me :poster_ss
what a little poor kid like u, 13 years old know about PHP? wtf this is a fuc** free project no one pay me to do this, i reserv all my rights on this, want a good webie? fine rent a coder and get out of here.
more of this it might be ur fault, all of you donwload from mirror links that have been posted by xxx users, that mirror with download might contains worms inside files and etc...
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Quote:
Originally Posted by
Fant0ma
=Master= = Noob
MuWeb= 0% Protection
Result A Noob Coder+A Noob Web trust me u will have all problems with hakers use mutoolz peopel trust me :poster_ss
Eng: Fantoma you are a motherfucking bullshit rapist without future i fuck your mom in all 69 positions you fucking asshole. Show me what u did since u born u motherfucker, not in 100 years can u do what =Master= did! i fuck myself into your mum and all your gipsy family
Ro: Fantoma esti un futator de mama cacat impushcat violator fara viitor, ma fut in mata in toate 69 pozitii gaura in cur fututa ce esti. Arata-mi ce ai facut tu decand te-ai nascut futatorule de mama, nici in 100 de ani nu poti face ce a facut =Master=! ma fut in mata si in toata familia ta de tigani
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Quote:
Originally Posted by
LoveGod
Eng: Fantoma you are a motherfucking bullshit rapist without future i fuck your mom in all 69 positions you fucking asshole. Show me what u did since u born u motherfucker, not in 100 years can u do what =Master= did! i fuck myself into your mum and all your gipsy family
Ro: Fantoma esti un futator de mama cacat impushcat violator fara viitor, ma fut in mata in toate 69 pozitii gaura in cur fututa ce esti. Arata-mi ce ai facut tu decand te-ai nascut futatorule de mama, nici in 100 de ani nu poti face ce a facut =Master=! ma fut in mata si in toata familia ta de tigani
en: lol
ro: :))
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
EN: i think he have right :P (lovegod)
RO: cam are dreptate lovegod si master,fantoma fura lucrari si si le insuseste si ii mai si face noobi pe aia care le face cu adevarat,fantoma,dak master ii noob tu la ce stadiu esti,undeva pe la vierme ?
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Admins please delete this post ! It is evil ^^
P.S. Things are getting ugly lol ^^
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
working this inject index.php?news='';shutdown;-- ! please fix it! And woking others op what is selecting from DB. Thx!
FIXED:
I was need to change in web_modules.php this:
Code:
function modules(){
if(isset($_GET['op'])){
$op = $_GET['op'];
$g = chr(92);
$op = str_replace($g , "", $_GET['op']);
$op = str_replace("/" , "", $op);
$op = str_replace("%00" , "\0", $op);
$op = str_replace("?" , "", $op);
$op = htmlspecialchars($op);
if (is_file("modules/".$op.".php")) {
include("modules/".$op.".php");
} else {
require("config.php");
Echo ("<br>$warning_start Module $op Could Not Be Found By MuWeb! $warning_end<br>");
}
}
}
function user_modules(){
if($_GET['option']) {
$op=$_GET['option'] ;
$g = chr(92);
$op = str_replace($g , "", $_GET['op']);
$op = str_replace("/" , "", $op);
$op = str_replace("%00" , "\0", $op);
$op = str_replace("?" , "", $op);
$op = htmlspecialchars($op);
$adr='./modules/user/'.$op.'.php' ;
include($adr);
}
}
To this:
Code:
function modules(){
if(isset($_GET['op'])){
$op = $_GET['op'];
$g = chr(92);
$op = str_replace($g , "", $op);
$op = str_replace("/" , "", $op);
$op = str_replace("%00" , "\0", $op);
$op = str_replace("?" , "", $op);
$op = htmlspecialchars($op);
if (is_file("modules/".$op.".php")) {
include("modules/".$op.".php");
} else {
require("config.php");
Echo ("<br>$warning_start Module $op Could Not Be Found By MuWeb! $warning_end<br>");
}
}
}
function user_modules(){
if($_GET['option']) {
$op=$_GET['option'] ;
$g = chr(92);
$op = str_replace($g , "", $op);
$op = str_replace("/" , "", $op);
$op = str_replace("%00" , "\0", $op);
$op = str_replace("?" , "", $op);
$op = htmlspecialchars($op);
$adr='./modules/user/'.$op.'.php' ;
include($adr);
}
}
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Quote:
Originally Posted by
baitzashul
true,true,true ......
Its damn true.... in my dabase was delete .. those tables :
1.Character
2.Memb_info
Without those the server its down.....
I whant help with this injections.... (If some one know more about PHP)
They inject using your lostpassword and email through the registration if you remove those access points muweb 0.8 is fairly secure if you have an idea on how to read logs and check which modules are being used, my suggestion is continue using 0.8 but, do some reading up when it comes to infiltratition to your server.
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
Web vulnerability sql inject...
-
Re: [Release] MuWeb 0.8 (Hack Fixed, 21.04.2008) - updated
I have problems in administrator.php
Some hackers can edit account and chars :o((