IlluminaCMS Edit (Used on xenhotel.co)

Hello Ragezone,


As you know I recently owned Xen Hotel. The CMS was asked to be released by a few people over the weeks we had been open, since I closed Xen and moved to Paradise I thought I should release the CMS!


We checked the CMS over and didn't find any exploits, if you do find any then please point them out in the thread.


You can use any database such as Phoenix and Butterfly with this CMS, just make sure you run these queries; IlluminaCMS Edit Queries - Pastebin.com

Download:

https://mega.co.nz/#!IspyDLZA!HPo1QA...z4YsgPdJWs_bdM


Screenies:


Index;
http://gyazo.com/939faae540569b50357dd4e8d5ba51e5


Me1;
http://gyazo.com/42b152e9b086e21211bf84963cf303b1


Me2;
http://gyazo.com/d921f8c2095fef124a7112c8bf1ed4fb


Rules;
http://gyazo.com/2ea67ad3263f1450ba023da1c876a2e2


ROTW Submit;
http://gyazo.com/c79da298e0c6d3966b43ede6901d857e


Staff;
http://gyazo.com/3c36e7f1cd06c05707e0b33b6ffdc02a


Online;
http://gyazo.com/f05928a49f45263631e1a68f7964f6df


Badge Shop;
http://gyazo.com/b5436664624231e405c0fdd76bde9177


Maintenance;
http://gyazo.com/97988aee3fe9cdd08addd92c22da1e99

Ohh, I can smell them exploits.

I soo wanna use it but I was told it has exploits ._.

This cms has no exploits for me LOL. I fixed a few, there was like err 2. Esaily fixed :)

If you go to localhost and it takes you to another hotel do this open up
C:\xampp\htdocs\thehabbos_api\config and open config.php
'http://localhost/index.php?novote'; //Where do we send the user after vote.
$CONFIG['API_Redirect2'] = 'http://localhost/me'; //Where do we send the user after voting on me page. // Not in use.
$CONFIG['API_Redirect3'] = 'http://www.xenhotel.co/client?novote'; //Where do we send the user after voting on client.
$CONFIG['API_Redirect4'] = 'http://www.xenhotel.co/maintenance.php?novote
change these links to localhost:)!

Quote:

---

Originally Posted by theStew

This cms has no exploits for me LOL. I fixed a few, there was like err 2. Esaily fixed :)

If you go to localhost and it takes you to another hotel do this open up
C:\xampp\htdocs\thehabbos_api\config and open config.php
'http://localhost/index.php?novote'; //Where do we send the user after vote.
$CONFIG['API_Redirect2'] = 'http://localhost/me'; //Where do we send the user after voting on me page. // Not in use.
$CONFIG['API_Redirect3'] = 'http://www.xenhotel.co/client?novote'; //Where do we send the user after voting on client.
$CONFIG['API_Redirect4'] = 'http://www.xenhotel.co/maintenance.php?novote
change these links to localhost:)!

---

They're not exploits btw.

Quote:

---

Originally Posted by vLukeH

They're not exploits btw.

---

That's what I'm saying, he just copied and pasted all the links that need to be re-directed.

This gave me a whole white page, how do I fix this?

Nice release. I wouldn't trust this at all but it looks great.

Exploits.
Exploits.
Exploits.
Exploits.
Exploits.
Exploits.

JHEEZE aka Chris hacked into the HK when I had this edit and was running XenHotel.co. haha

the design looks cool, but... Need to check about exploits how everyone say, I will post if there are too many like people said...

Basic design and features, nothing really special. But thanks for sharing!

Seriously!? It’s as if nobody ever fucking learns from the material provided to them. This CMS is filled to the brim with shoddy coding, exploits and multiple XSS vulnerabilities and every time it gets re-released nobody seems to fix anything apart from adding more useless junk into the “CMS”.

Before re-releasing something so shit and infected how about you take a step back and think… “You know what I’ll actually learn something from this and not just re-release it so people like my post”.

But alas nobody will because nobody seems to actually care about the stuff they are using anymore. People claiming to be server administrators when they can’t even fix basic exploits, people claiming to be highly skilled developers when they can’t even use the exit statement correctly.

Instead of complaining "Dont use this shit it has exploits"
Why not take a little time (10 minutes max) and remove them?

Please point out some exploits instead of saying exploits everywhere.

The fact of the matter is, If it has exploits, Then so be it. If u wont use it due to the exploits, Then don't post. I personally like the effort to contribute to the community, Considering 99.9% of those on rz don't do anything yet still flame, But who's complaining. This is decent but not exactly what I would use.
I also do agree, I do not like the multiple addons. I prefer a simple cms with profiles, me page, staff page, account settings, and maybe group homes. But I just dont see a point in a cms to look 'crowded' etc. Lol

Thank you for sharing though bud ;P

Quote:

---

Originally Posted by tdid

Instead of complaining "Dont use this shit it has exploits"
Why not take a little time (10 minutes max) and remove them?

Please point out some exploits instead of saying exploits everywhere.

---

Considering I owned "xenHotel 2.0," I'm pretty sure the reason why Xenon took over it is because I no longer wanted to deal with JHEEZE aka Chris from Para/Habjam making himself administrator and mass spamming credits and pixels along with 4 other people who joined him. No, the exploit wasn't the exit statement one either. This was in fact the CMS we used, Xenon just edited it.

Quote:

---

Originally Posted by PythoneX12

The fact of the matter is, If it has exploits, Then so be it. If u wont use it due to the exploits, Then don't post. I personally like the effort to contribute to the community, Considering 99.9% of those on rz don't do anything yet still flame, But who's complaining. This is decent but not exactly what I would use.
I also do agree, I do not like the multiple addons. I prefer a simple cms with profiles, me page, staff page, account settings, and maybe group homes. But I just dont see a point in a cms to look 'crowded' etc. Lol

Thank you for sharing though bud ;P

---

To both of you:

What do you mean "don't post?" Why not let the community be aware of the shit that is in here in which can allow someone to basically compromise your hotel in a blink of an eye. I'm sorry, but I'd like to know what the CMS is about and peoples reviews before downloading it. You say "take 10 minutes to remove them," why the hell would someone release exploited shit to the community to use to begin with? Okay, an exploit or two won't hurt, but come on.... 6+ is ridiculous and makes no sense. Yeah, let some beginners download a CMS full of exploits and have their hotel dropped within days of it being open; the awesome person you are!

Quote:

---

Originally Posted by Bow

What do you mean "don't post?" Why not let the community be aware of the shit that is in here in which can allow someone to basically compromise your hotel in a blink of an eye. I'm sorry, but I'd like to know what the CMS is about and peoples reviews before downloading it. You say "take 10 minutes to remove them," why the hell would someone release exploited shit to the community to use to begin with? Okay, an exploit or two won't hurt, but come on.... 6+ is ridiculous and makes no sense. Yeah, let some beginners download a CMS full of exploits and have their hotel dropped within days of it being open; the awesome person you are!

---

First off I never said dont post. Only said fix up the exploits or point em out. Second some people are retarded and think they can get more users by adding exploits into the CMS and hoping they can hack some other hotels. If you're aware of exploits in your CMS then just remove them.

If Xen0n really checked over the CMS and he finds no exploits then I dont get who's lying. People that complain exploits or Xen0n who says there are no exploits in it. Though he could be this dumb and dont even know what exploits are :$

EDIT: I dont know much about RFI Injection. Could someone check if admin/index.php is safe? $_GET['_page']

@ Bow

Not trying to flame but yeah you did own xenHotel 2.0, but just because you got hacked, I helped Xenon out with this and he never got hacked once. Oh and you keep saying there's exploits everywhere yet you haven't actually shown one? If there are exploits then fair enough point them out, but I know Xenon and I helped with this CMS and I know that there are no deliberate exploits in the CMS, he's just contributing which some of you may use, some may not. Oh and I don't re-call this being the exact edit you used? Because I don't see any edits that you did on there such as I think you did a top stats when you previously owned? Forgive me if I'm wrong but this is the edit Dylann released of Matty's with Xenon's personal edits.

@ Bow

Please explain to me and everyone where the exploits are then? As Luke said if you do find one then that's fair enough, this isn't the edit you did because this is Matty's edit.

I'm not a developer or anything, I'm just contributing something to the community.

Quote:

---

Originally Posted by Bow

Exploits.
Exploits.
Exploits.
Exploits.
Exploits.
Exploits.

JHEEZE aka Chris hacked into the HK when I had this edit and was running XenHotel.co. haha

---

Yeah, that's when you OWNED Xen, I wasn't even using your CMS edit.

Nice edit.

Quote:

---

Originally Posted by vLukeH

@ Bow

Not trying to flame but yeah you did own xenHotel 2.0, but just because you got hacked, I helped Xenon out with this and he never got hacked once. Oh and you keep saying there's exploits everywhere yet you haven't actually shown one? If there are exploits then fair enough point them out, but I know Xenon and I helped with this CMS and I know that there are no deliberate exploits in the CMS, he's just contributing which some of you may use, some may not. Oh and I don't re-call this being the exact edit you used? Because I don't see any edits that you did on there such as I think you did a top stats when you previously owned? Forgive me if I'm wrong but this is the edit Dylann released of Matty's with Xenon's personal edits.

---

Lulz when xenon owned it, it was opened for 5 days peaked at 5 users. No shit it didn't get hacked... & I don't need to show you anything. I'd assume Chris just didn't magically rank himself and 3 others and mass spam credits on the hotel. Also, I did contribute to this community, go look at all my threads.

Quote:

---

Originally Posted by Xen0nR

@ Bow

Please explain to me and everyone where the exploits are then? As Luke said if you do find one then that's fair enough, this isn't the edit you did because this is Matty's edit.

I'm not a developer or anything, I'm just contributing something to the community.



Yeah, that's when you OWNED Xen, I wasn't even using your CMS edit.

---

"Your CMS edit." You mean, the one Bren and Hayden gave you to use for the hotel as well as me? Compare our edits and the only difference is the images. lolz

ANYWAYS, xenHotel.co was nothing without me.. so...

Quote:

---

Originally Posted by Bow

Lulz when xenon owned it, it was opened for 5 days peaked at 5 users. No shit it didn't get hacked... & I don't need to show you anything. I'd assume Chris just didn't magically rank himself and 3 others and mass spam credits on the hotel. Also, I did contribute to this community, go look at all my threads.



"Your CMS edit." You mean, the one Bren and Hayden gave you to use for the hotel as well as me? lolz

---

Hmm I'm pretty sure he had over 20 users quite a few times so I'm sure somebody would of hacked during that time. And well if you're gonna say there's exploits you should probably say where. And I never said you didn't contribute to the community, I appreciate your contributions.

Quote:

---

Originally Posted by Bow

Lulz when xenon owned it, it was opened for 5 days peaked at 5 users. No shit it didn't get hacked... & I don't need to show you anything. I'd assume Chris just didn't magically rank himself and 3 others and mass spam credits on the hotel. Also, I did contribute to this community, go look at all my threads.



"Your CMS edit." You mean, the one Bren and Hayden gave you to use for the hotel as well as me? lolz

---

Well, we was open for 1-2 week, which reached 20+ users daily and had 800+ registered users, but then I couldn't really be bothered owning a retro, then Bren offered me a job at Paradise so we re-directed Xen there. There's been a few people saying 'exploits' in the thread but I can't see anybody pointing out where? So why don't you find the 'exploits' and then we can put this to a fair point.

About the CMS, Bren didn't give me any kind of CMS. As said, Matty sent his, then I added more features.

Chris never touched Xen when I owned, guess there wasn't anything he could do really? As said, we checked for exploits and couldn't find any. But when you owned Xen it got hacked? Seems smart enough for you to say all this when you couldn't patch stuff yourself?

I'm still waiting for them 'exploits' you said, so please stop moaning and start showing.

Quote:

---

Originally Posted by Xen0nR

Well, we was open for 1-2 week, which reached 20+ users daily and had 800+ registered users, but then I couldn't really be bothered owning a retro, then Bren offered me a job at Paradise so we re-directed Xen there. There's been a few people saying 'exploits' in the thread but I can't see anybody pointing out where? So why don't you find the 'exploits' and then we can put this to a fair point.

About the CMS, Bren didn't give me any kind of CMS. As said, Matty sent his, then I added more features.

Chris never touched Xen when I owned, guess there wasn't anything he could do really? As said, we checked for exploits and couldn't find any. But when you owned Xen it got hacked? Seems smart enough for you to say all this when you couldn't patch stuff yourself?

I'm still waiting for them 'exploits' you said, so please stop moaning and start showing.

---

I apologize if it's a different edit but ours are very similar, maybe just images and small features changed around. Regardless, Illumina is shitty in general. How would you expect me to patch something that I don't know what he did to accomplish the exploit abuse. You can even ask Bren yourself if the issue is you don't believe me that it was hacked. That's the reason why you got to own it.

Like i said we looked for exploits, just you and others saying there's exploits which doesn't help without the fix.

Quote:

---

Originally Posted by Xen0nR

Like i said we looked for exploits, just you and others saying there's exploits which doesn't help without the fix.

---

Fair enough. My apologies if I falsely accused you two.

Quote:

---

Originally Posted by tdid

EDIT: I dont know much about RFI Injection. Could someone check if admin/index.php is safe? $_GET['_page']

---

... Not sure if serious...

The XSS exploits are still contained in this CMS. It was demonstrated being used in the original topic. On the CMS author's site no less.

It's easy to patch exploits,
unless you're a real noob.

When i register my user does not show on the users table.

Not trying to start an argument, but there is an XSS motto exploit in which I know of. I don't know how to patch it, but I know it works. Basically, I can put in a alert script in my motto and it'll pop up on the community page.

Quote:

---

Originally Posted by Bow

Not trying to start an argument, but there is an XSS motto exploit in which I know of. I don't know how to patch it, but I know it works. Basically, I can put in a alert script in my motto and it'll pop up on the community page.

---

htmlentities()

Quote:

---

Originally Posted by eckostylez

... Not sure if serious...

The XSS exploits are still contained in this CMS. It was demonstrated being used in the original topic. On the CMS author's site no less.

---

They are indeed still there. Exactly why i've actually sat down and learned proper security techniques to implement in my new CMS. Illumina is poorly coded, though i'd still recommend it over other systems as long as the problems are patched.

Quote:

---

Originally Posted by Jonteh

htmlentities()



They are indeed still there. Exactly why i've actually sat down and learned proper security techniques to implement in my new CMS. Illumina is poorly coded, though i'd still recommend it over other systems as long as the problems are patched.

---

Believe that when I see it :laugh:

Ill use this, but only local development purposes. (In-game)