Welcome to AC Web.
Page 54 of 54 FirstFirst ... 444525354
Results 796 to 808 of 808

Thread: Azer CMS V3.0

  1. #796
    FusionGEN | Archeum

    Join Date
    Nov 2011
    Location
    https://archeum.eu
    Posts
    2,713

    REGISTER! (FREE)
    Registered members see less ads
    and also gain access to other great features.
    Quote Originally Posted by sh1z0 View Post
    I got a problem ..
    Table 'auth.characters' doesn't exist

    I got 2 databases for my WoW server ... its not only one the accounts are in one the charachters are in other what can i do :/
    Table Characters is not in auth. It's in the DB which usually is named characters

  2. #797
    CAN I ASK ? Why i dont receive the items from the shop ? it says its successful but i dont get them in game mail ? SEcond question why i donate with donation system it takes the money all its good but it odesnt add donation points in my profile.

    And from where i can find soap username and password ? Because only the console is gmlvel 4 ?
    Last edited by sh1z0; 02-13-2019 at 02:05 PM.

  3. #798
    I wouldn't recommend to use this in production. This code is garbage.

    First of all there is sql injection vulnerabilities. You can't use preg_replace and think you are safe. even preg_match would be better.
    But prepared statement should be used everywhere you access the database.

    If you use preg_replace to match only characters and numbers you can still do injections with hexadecimal string. I just accidentally deleted my friends world database on the second try.

    That made me go though the code. And after just 10 minutes I found even more vulnerabilites.

    When you are using explode() function without parsing the string from the user first the site will open to null byte injection. You can also crash the whole website using Buffer overflow attack.

    never trust user input.

    Also if this is running on linux systems you can view hidden files in the linux system with the file_get_contents that are used for the paging system. Even if the code preg_replace users input to only characters, numbers and underscore. There is a word you can use as alternative to ../

    Hope you take my feedback and make improvements to the security.

  4. #799
    Quote Originally Posted by arexs View Post
    I wouldn't recommend to use this in production. This code is garbage.

    First of all there is sql injection vulnerabilities. You can't use preg_replace and think you are safe. even preg_match would be better.
    But prepared statement should be used everywhere you access the database.

    If you use preg_replace to match only characters and numbers you can still do injections with hexadecimal string. I just accidentally deleted my friends world database on the second try.

    That made me go though the code. And after just 10 minutes I found even more vulnerabilites.

    When you are using explode() function without parsing the string from the user first the site will open to null byte injection. You can also crash the whole website using Buffer overflow attack.

    never trust user input.

    Also if this is running on linux systems you can view hidden files in the linux system with the file_get_contents that are used for the paging system. Even if the code preg_replace users input to only characters, numbers and underscore. There is a word you can use as alternative to ../

    Hope you take my feedback and make improvements to the security.
    Are you serious? I do not have much security knowledge for websites. I thought this site was safe.

  5. #800
    I wish I could tell you that I am not serious. But there was a reason why I didn't post example on how to do it. Cause if I do all the people who are not in the webdevelopment business would abuse the servers that use azercms right now.

    There is one very good thing with this site. It is free.

    Never think that any site is safe until it is proved even google has holes.

  6. #801
    RealmStatus are bugged. Server still online ports open but "Offline"

  7. #802


    Join Date
    Apr 2008
    Location
    Security supervisor
    Posts
    974
    Quote Originally Posted by CoC View Post
    RealmStatus are bugged. Server still online ports open but "Offline"
    It is not bugged. It's just you who messed up the configuration. It works just fine on latest version. Go through your configuration again.

    This is on default theme. Could also be your theme.
    Last edited by Mallor; 02-26-2019 at 02:38 PM.

  8. #803
    Quote Originally Posted by arexs View Post
    I wouldn't recommend to use this in production. This code is garbage.

    First of all there is sql injection vulnerabilities. You can't use preg_replace and think you are safe. even preg_match would be better.
    But prepared statement should be used everywhere you access the database.

    If you use preg_replace to match only characters and numbers you can still do injections with hexadecimal string. I just accidentally deleted my friends world database on the second try.

    That made me go though the code. And after just 10 minutes I found even more vulnerabilites.

    When you are using explode() function without parsing the string from the user first the site will open to null byte injection. You can also crash the whole website using Buffer overflow attack.

    never trust user input.

    Also if this is running on linux systems you can view hidden files in the linux system with the file_get_contents that are used for the paging system. Even if the code preg_replace users input to only characters, numbers and underscore. There is a word you can use as alternative to ../

    Hope you take my feedback and make improvements to the security.

    With all the bots and cyberattacks out there no site is safe.... I would trust what he says here and NOT USE this as your website else you will be vulnerable to attacks. Just put it up and check your apache log and see how many bots visit your site and how many of them are coming from China and other odd locations. Clearly those are not people looking to sign up for your server. They are looking for a way to breach and obtain information and/or hack the site.

    So many of these templates are so old, I would be weary about setting up any of them these days.

  9. #804
    Project Avatholme-WoW

    Join Date
    Jun 2013
    Location
    PrivateWoW-TopServers.com
    Posts
    1,652
    Is the Azer-CMS project closed/shutdown?

  10. #805
    Quote Originally Posted by Troya View Post
    Is the Azer-CMS project closed/shutdown?
    So great
    Last edited by Ikorana; 11-26-2019 at 09:43 AM.

  11. #806
    Quote Originally Posted by Ikorana View Post
    So great
    It was shitty coded tbh

  12. #807

  13. #808

    REGISTER! (FREE)
    Registered members see less ads
    and also gain access to other great features.
    Project dead?

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •