LOGiN PANeL

«    August 2007    »
MoTuWeThFrSaSu
 12345
6789101112
13141516171819
20212223242526
2728293031 
PoLL





eBooks Tutorials Templates Plugins Scripts Applications GFX Collections WSO Stuff SCRiPTMAFiA.ORG
Support SCRiPTMAFiA.ORG
Support SCRiPTMAFiA.ORG
LaST oN NULLeD.org
Dont Forget I Love You 2021 1080p WEBRip x264-RARBG Dont Forget I Love You 2021 ...
Death of a Telemarketer 2020 1080p WEBRip x264-RARBG Death of a Telemarketer 2020 ...

RSS

FRiENDS
Nulled.org Software 8TM URL Shortener




Category: ---

/////-------------------------------------------------------///
// Uploaded by Xtreme @ Scriptmafia.org ///
//--------Xtreme-Web.net------------------------- ///
/////-------------------------------------------------------///
/////----------------SCRIPT INFO.......---------------------------------------///

File Size:1.1 MB
Latest Release:12th July, 2007
Version:1.4.7
Price: $90.00
Demo Details
Demo Url: http://demos.kubelabs.com/kubelance/

Admin Url: http://demos.kubelabs.com/kubelance/adm/
Admin User: demo
Admin Pass: demo

/////-----------------------END SCRIPT INFO--------------------------------///
Create a site where buyers can post projects/jobs and providers can bid on them. You charge a fee for each project/job created.

Feature List

Easy to edit html template files
Simple wizard installation
Charge a fee for each project and job
Plugin payment system (allows for additional payment methods to be installed easily)
Supports Paypal and NoChex
Easy to edit language files
No need to setup a cronjob
Powerful Admin panel for controlling your site
1 year of upgrades

/////----------------------END DESCRIPTION----------------------------------///
/////--------------END ALL----------------------------------------------------------///


Download Post Comment [5]
  • 60



Vendor Site: http://ugamela.com
Download: http://itablackhawk.altervista.org/ogameclone.rar <- do copy/paste with this link otherwise the system will give you a 404 error
Type: Login Bypass
Severity: Hight
Patch: You can patch all manually by reading the last part of the advisory


Vuln Explanation:

The authentication check of this script doesn't work properly:

//checkeamos que el usuario este logueado y que tenga los permisos de admin
if(!check_user()){ header("Location: ./../login.php"); }
if($user['authlevel']!="3"&&$user['authlevel']!="1"){ header("Location: ../login.php");}


the use of the header function do not stop the execution of the code, so an attacker may build a special script to send command to the site without even have a registered account.
I think that even the official site might be vulnerable, even if it is working with the 0.6 version of the script.
I'll try to contact the authors to get the last version of the script and check.
If so, you'll find it nearly on this pages. ;)


Solution: The only way to solve this problem is changing the previously lines in all admin files with this lines:

//checkeamos que el usuario este logueado y que tenga los permisos de admin
if(!check_user()){ header("Location: ./../login.php"); exit;}
if($user['authlevel']!="3"&&$user['authlevel']!="1"){ header("Location: ../login.php");exit;}



Download Post Comment [3]
  • 80



/////-------------------------------------------------------///
// Uploaded by Xtreme @ Scriptmafia.org ///
//--------Xtreme-Web.net------------------------- ///
/////-------------------------------------------------------///
/////----------------SCRIPT INFO.......---------------------------------------///

- Script Name : Rayzz - Youtube Clone Script

Youtube clone, Metacafe clone, Myspace clone, Vidilife Clone

A community style clone of youtube, myspace like profile customization, fun stuff like vidilife,
functions like metacafe, so the net result you get an all in one product which is amazing

////----------------------------------------------------------------------------------------------------------///


Download Post Comment [6]
  • 60