Today's Posts Follow Us On Twitter! TFL Members on Twitter  
Forum search: Advanced Search  
Navigation
Marketplace
  Members Login:
Lost password?
  Forum Statistics:
Forum Members: 24,254
Total Threads: 80,792
Total Posts: 566,471
There are 1528 users currently browsing (tf).
 
  Our Partners:
 
  TalkFreelance     Design and Development     Graphic Design, Multimedia and Photography     Web Design Resources :

My CMS please test it out

Thread title: My CMS please test it out
Reply  
Page 2 of 3 < 1 2 3 >
    Thread tools Search this thread Display Modes  
07-04-2009, 04:00 PM
#11
xeraphone is offline xeraphone
xeraphone's Avatar
Status: Junior Member
Join date: May 2009
Location: Jakarta
Expertise:
Software:
 
Posts: 42
iTrader: 0 / 0%
 

xeraphone is on a distinguished road

  Old

wohoo lots of homework for me to do.. I'll get back when its ready again thx Village & Immersion

Reply With Quote
07-04-2009, 04:01 PM
#12
Village Genius is offline Village Genius
Village Genius's Avatar
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
 
Posts: 6,894
iTrader: 18 / 100%
 

Village Genius will become famous soon enough

  Old

I edited my post with a little more example.

Reply With Quote
07-04-2009, 04:27 PM
#13
Immersion is offline Immersion
Status: Senior Member
Join date: Dec 2005
Location:
Expertise:
Software:
 
Posts: 918
iTrader: 5 / 100%
 

Immersion is on a distinguished road

  Old

And i was blind sql injections.

Code:
 http://cms.rodadewa.net/index.php?id=1 AND ASCII(SUBSTRING((SELECT admin_username FROM admin WHERE admin_id=1),1,1)) = 115
Where 115 is an ascii value. So obviously you can just go through the list of ascii codes til the page gets displayed. Then you know that letter of the username. Wouldn't take much for me to write a script that will loop through the url for each letter with the ascii values and store the value when the html reads what i expect it too. The same thing could be done for the password. Once you get to 32 characters you have the whole hashed password and if it were a dictionary word then a rainbow table could give me the password.

I would then be able to login to the admin.

Reply With Quote
07-05-2009, 10:16 AM
#14
xeraphone is offline xeraphone
xeraphone's Avatar
Status: Junior Member
Join date: May 2009
Location: Jakarta
Expertise:
Software:
 
Posts: 42
iTrader: 0 / 0%
 

xeraphone is on a distinguished road

  Old

OK thx Immersion and Village Genious, please try testing it again, see if I got it secured

Reply With Quote
07-09-2009, 11:20 AM
#15
hizuka007 is offline hizuka007
Status: I'm new around here
Join date: May 2009
Location:
Expertise:
Software:
 
Posts: 20
iTrader: 1 / 100%
 

hizuka007 is on a distinguished road

  Old

wow! you guys are genius!
ethical hacking is very useful in securities.

i wish i can catch up with you guys..

Reply With Quote
07-17-2009, 05:51 PM
#16
xeraphone is offline xeraphone
xeraphone's Avatar
Status: Junior Member
Join date: May 2009
Location: Jakarta
Expertise:
Software:
 
Posts: 42
iTrader: 0 / 0%
 

xeraphone is on a distinguished road

  Old  New Updated Version (and renamed)

Rodadewa CMS change its name to Xeraphim CMS
what's new on this version 0.2 :
  • Minor bug fixes in saving the sub-pages
  • Auto generation of RSS feeds intended to bring more traffic to your website.
  • Sidebar management. You now can enable / disable the sidebar, you can switch it to right or left, arrange the order of the sidebar boxes. You can insert codes, images, text (adsense, ads etc) in to your sidebar boxes.
  • The top menu can now be hide (disable) if you are just going to make a one page website.

visit http://cms.rodadewa.net for more information

Reply With Quote
07-17-2009, 08:59 PM
#17
mgandy is offline mgandy
Status: I'm new around here
Join date: Jul 2009
Location:
Expertise:
Software:
 
Posts: 9
iTrader: 0 / 0%
 

mgandy is on a distinguished road

  Old

Nice one, how much time did you put into creating this? Looks really good are you going to try and market this cms

Reply With Quote
07-17-2009, 09:18 PM
#18
xeraphone is offline xeraphone
xeraphone's Avatar
Status: Junior Member
Join date: May 2009
Location: Jakarta
Expertise:
Software:
 
Posts: 42
iTrader: 0 / 0%
 

xeraphone is on a distinguished road

  Old

thx mgandy, at the moment I let it be free to use, however there is a copyright footer link on the script which can only be remove using unique serial number and it can be bought for just $25 / domain installed. I made this script in about 3-4 weeks in my spare time and frankly it keeps on evolving / updating. feel free to try it out on your server

Reply With Quote
07-20-2009, 09:47 AM
#19
xeraphone is offline xeraphone
xeraphone's Avatar
Status: Junior Member
Join date: May 2009
Location: Jakarta
Expertise:
Software:
 
Posts: 42
iTrader: 0 / 0%
 

xeraphone is on a distinguished road

  Old

I've created a simple plugin on website, in which can also be developed by someone else. Plugins can be found on http://cms.rodadewa.net on download->plugins.

not much at the moment just contact form plugins, if anyone wants to contribute making the plugins you guys a free to do so

Reply With Quote
07-20-2009, 12:42 PM
#20
xeraphone is offline xeraphone
xeraphone's Avatar
Status: Junior Member
Join date: May 2009
Location: Jakarta
Expertise:
Software:
 
Posts: 42
iTrader: 0 / 0%
 

xeraphone is on a distinguished road

  Old

Live admin demo is now available on site

Reply With Quote
Reply  
Page 2 of 3 < 1 2 3 >


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

  Posting Rules  
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump:
 
  Contains New Posts Forum Contains New Posts   Contains No New Posts Forum Contains No New Posts   A Closed Forum Forum is Closed