[IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Hello People!
Earlier today Jonty posted a new release (strange, thought he had left). In his fix he claimed it improved on speed and so forth, however it was nothing more than a secret bug fix. In his previous versions he had left a critical security flaw that needed patching.
The flaw allowed users to pass information thought GET data that would execute in a MySQL query. Trying to avoid tarnishing his ego he released a new version so he could try and ‘help’ people without them knowing.
If you are running any version of Jontehs Uber edit you need to download this file. Failure to do so will leave your hotel open to being raped.
For your convenience here is the new AllSeeingEye (taken from the 2.0.2 update). Just replace this on your webserver and you’ll be safe.
allseeingeye.rar
P.S
Don’t even bother asking me to tell you where the exploit is, I am many things but a heartless asshole is not one of them. A handful of people know of the exploit so PLEASE UPDATE your CMS or get hacked. If you don't trust my link, feel free to download the 2.0.2 update and replace the allseeingeye from there.
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Wasn't this already releases by Jonteh?
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Me no trust Jonty anymore :-/!
But thanks! When i'm home i will set it up.
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Quote:
Originally Posted by
Zyntix
Wasn't this already releases by Jonteh?
He released it as an entire new sub-revision when in-fact the only thing that was changed was the AllSeeingEye. He only discovered the exploit today because somebody warned him. Instead of owning up to the fact it was shit, he tried to make you all think the new changes were in-there when in-fact it was just a patch.
I know from experience, it’s easier on a hotel owner to change a non-important part of the site than to re-upload the entire site again.
Quote:
Originally Posted by
Lasse
Me no trust Jonty anymore :-/!
But thanks! When i'm home i will set it up.
I don’t think he ever knew it was there, himself. By the way, link me to your hotel :D
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Quote:
Originally Posted by
Delici0us
I don’t think he ever knew it was there, himself. By the way, link me to your hotel :D
I am not home, i'm in Copenhagen on my iPad. I am buying Dedi or VPS and domain tomorrow maybe :)
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Thanks for this.
Maybe I am gonna use UberCMS.
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
I have a feeling I know who told him, a good friend of mine who asked for his msn because he had found a critical exploit U2.
Thanks for the patch, should of helped a lot of people!
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Thanks for the patch, good of you to release this.
Although I think Jonty left it in their purposely (he wants to be like his idol MIRanda).
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Quote:
Originally Posted by
ησвяαιη
I have a feeling I know who told him, a good friend of mine who asked for his msn because he had found a critical exploit U2.
Thanks for the patch, should of helped a lot of people!
A couple of people know of the exploit.
Quote:
Originally Posted by
Caustik
Thanks for the patch, good of you to release this.
Although I think Jonty left it in their purposely (he wants to be like his idol MIRanda).
I have to say, it’s quite funny that a couple of the ‘bigger’ hotels haven’t even patched there shit yet. It’s going to end so badly for them, when others find out how to do it.
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
I've known him for 5 years, he puts backdoors in everything. Now he has turned on me and treats me like shit even though i funded Zap's servers for a few months when he couldnt.
Well done on releasing this - I host THC Hotel and found this in the apache access logs today when the customer came running to me complaining his site was deleted :(
Respect.
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Quote:
Originally Posted by
Andrew
I've known him for 5 years, he puts backdoors in everything. Now he has turned on me and treats me like shit even though i funded Zap's servers for a few months when he couldnt.
Well done on releasing this - I host THC Hotel and found this in the apache access logs today when the customer came running to me complaining his site was deleted :(
Respect.
Hey Andrew,
I need to speak with you, and I agree he has turned on people who really cared about him and his hotel, but it's okay.
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Quote:
Originally Posted by
AresCJ
Hey Andrew,
I need to speak with you, and I agree he has turned on people who really cared about him and his hotel, but it's okay.
Feel free to PM me here, on dotXen forums or hit me up on email andrew@dotxia.com
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Very nice from you man, but can you upload the link again? Or make it public
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
This is why im on novacms now :)
Re: [IMPORTANT][CRITICAL] Uber 2.x.x - SQL Injection Fix
Quote:
Originally Posted by
salah-salah
Very nice from you man, but can you upload the link again? Or make it public
I deleted the download link because you need to use this patch, http://forum.ragezone.com/f353/updat...er-2-x-862043/
