[SECURITY] PHPretro "Security"! [MUST READ]

Ello RaGEZONE!

Today im going to tell you about PHPretro and it's "Security".

You don't realize how many Exploits that Nillus has left in PHPretro. Their is loads, But only Nillus, Yifan Lu & Oni know about them. I found out about these because Nillus hacked my Retro a while back, Then i contacted him and he proved it was him. He showed me a few Exploits, I patched a few from the Files I used SuperCMS but theirs still like 7 or 8 more. He left these because he thought people would edit his Source etc.. So he left exploits in the Files he coded incase someone edited it, Changed the Footer/Copyrights, and say if this was being used on a Hotel. Nillus would hack it because of that. I respect what he's doing because it's rightfully His, Yifan Lu's and Oni's work.

------------Copied from a thread i recently Posted on RZ------------

So i suggest Finding these Exploits and Patch them up before Hackers find the Exploits.

Regards,
Sphinx aka ePixeL

Thanks For The Information. But didnt know theres alot o.O I learned something today.My head hurts :(

No problem. Just making sure the Habbo Retro Community is safe. ;D

Posting more Information about UberCMS, PHPretro and HoloCMS very soon!

Thanks for the update, although most of us dont know/how to find the exploits, meaning we dont know how to patch it...

Most of those exploits are right in front of your eyes. Just have to look properly.
And I was happy when he hacked people retro for editing their shit that they took time to code and you just used it like it was yours.

yea, i agree, ppl hav no right to edit the credits or anything showing the rightful owners/creators, and um im only a C# coder and tbh i kno i wont be able to find any of these xploits, little help please?

Its because you know a little bit of C#, and the exploits are usually within in the CMS.

yea ikno the xploits are in the cms, which is why i stated im a c# coder, and ikno quite alot of c# (well i think i do) xD and amma stop posting before i go totally offtopic

Everyone is a C# coder, so is my niece (sh is 4).
Rastas CMS edit had exploit in there where you could buy V.I.P with coins.

He released a patch for this a long time ago.

Yes because I told him about some people knowing it.

Its a webdav exploit ;) PHPRetro is made up of OOP.. aka very secure.

Quote:

---

Originally Posted by winterpartys

Its a webdav exploit ;) PHPRetro is made up of OOP.. aka very secure.

---

i second that most of the exploits are in xampp not phpretro

As winter stated, most of them are the webdav, Because that's how you can hack into XAMPP (apache), You'd have to dis-able web-dav, and then delete the webdav directory.

EDIT: Nillus, never touched PHPRetro, or HoloCMS he was the one who started the Emulator, then later on HoloCMS the fagable and exploitable CMS was released.

- Condah.

Still Loads of exploits in the emulator..
and some basic ones in the cms.
my word dont use xampp. i used a premium webhost and it was secure.

for xampp users use oni patch on xampp and just remove the webdav from it.

Well, this is kind of old news isn't it? These kind of 'booby traps' have been placed in software for a very long time. Heck, even Microsoft did such a thing with Windows in cooperation with the American government to spy on other governments. ;)

Thanks for the update.

Some of the Exploits are in the CMS, But alot of the Exploits are in the XAMPP itself.

---------- Post added at 05:18 PM ---------- Previous post was at 05:17 PM ----------

Quote:

---

Originally Posted by sisija

Well, this is kind of old news isn't it? These kind of 'booby traps' have been placed in software for a very long time. Heck, even Microsoft did such a thing with Windows in cooperation with the American government to spy on other governments. ;)

---

Wow. Microsoft are really smart but have to do that?

I didn't know this. I'm actually quite surprised.

Winter is Correct, PHPRetro is very secure compared to HoloCMS, HoloCMS contains almost all of the exploits in PHPRetro and alot more, I'm not sure if UberCMS contains exploits, It does but I'm not sure how bad they are, I haven't really looked yet, But my opinion, I doubt there will be another CMS for Habbo, Most of us cannot be bothered to do it any more or even see a point (I can't see a point in developing one, releasing it, ect) As it will just get a Name change, ect.

Quote:

---

Originally Posted by -Jordan-

Winter is Correct, PHPRetro is very secure compared to HoloCMS, HoloCMS contains almost all of the exploits in PHPRetro and alot more, I'm not sure if UberCMS contains exploits, It does but I'm not sure how bad they are, I haven't really looked yet, But my opinion, I doubt there will be another CMS for Habbo, Most of us cannot be bothered to do it any more or even see a point (I can't see a point in developing one, releasing it, ect) As it will just get a Name change, ect.

---

PHPretro has like 1 or 2 less Exploits than HoloCMS but PHPretro was HoloCMS based. UberCMS has so many Exploits, thats why most Flash Hotels get Hacked.

Quote:

---

Originally Posted by Sphinx

PHPretro has like 1 or 2 less Exploits than HoloCMS but PHPretro was HoloCMS based. UberCMS has so many Exploits, thats why most Flash Hotels get Hacked.

---

PHPRetro is alot more secure than HoloCMS i think its alot more than 1 or 2 less exploits, Yifan was a decent coder, Shame at the first sign of trouble he had to leave, by Now PHPRetro would be really good if he stayed.

Quote:

---

Originally Posted by -Jordan-

PHPRetro is alot more secure than HoloCMS i think its alot more than 1 or 2 less exploits, Yifan was a decent coder, Shame at the first sign of trouble he had to leave, by Now PHPRetro would be really good if he stayed.

---

Alot of people continued his work Un-Officially. By basically edit the CMS and claiming it as their own.

When i made SuperCMS I gave Yifan Lu, Oni & Meth0d Credits because I used some part from PHPretro and UberCMS. But if people just edit the Footer and it basically is PHPretro then he will have to Hack the Hotel through those Exploits.

Version(s):
4.0.8 = A few.
4.0.9 = Unstable.
4.1.1 = Oni fixed quite alot of Exploits.

Good update 9/10. But I favor Xampp being the biggest problem when your retro is hacked not so much as PHPRetro itself.

Quote:

---

Originally Posted by iConnor

Good update 9/10. But I favor Xampp being the biggest problem when your retro is hacked not so much as PHPRetro itself.

---

WebDAV makes XAMPP Exploitable, But PHPretro also contains some Exploits so that's why i started this Thread.

Quote:

---

Originally Posted by Sphinx

WebDAV makes XAMPP Exploitable, But PHPretro also contains some Exploits so that's why i started this Thread.

---

Could you please list the locations of these exploits?