*edit:Thanks i solved my problem! :)
[RELEASE] Dekaron CMS (DKCMS)
02/03/2010 20:40
vikitooo#16
02/04/2010 00:31
*JayKay*#17
very good janvier worked
02/04/2010 05:46
[GM]USA#18
Hey janvier think you can add a forum already built in it?
Anyways good work i got it working 100%
Anyways good work i got it working 100%
02/04/2010 06:02
-8gX#19
No templating support? Are we supposed to portal bits and pieces of this to our clients homepage? Not being rude.. But is this ONLY for admins? Cause judging by the ticket system it isnt. A templating system would be the only reason I would use this; the code on the other hand looks clean so if I was to use this it would be pulling bits of code out and throwing it into a custom template.
02/04/2010 09:27
janvier123#20
converting a forums would be hard to do, but its possible to add a simple forum into it, ill see what i can do, maybe get a mysql version of dkcmsQuote:
Hey janvier think you can add a forum already built in it?
Anyways good work i got it working 100%
its for users, gms and adminsQuote:
yes templates are supported, just add then in styles, go to admin and change it there, its still my first release, but i can work on it later
it would be nice of other members write code for it and share it
02/04/2010 09:51
pieter#21
nice work janvier.
I've just editted your latest osds and added my own features to it _O-
but this is a nice setup-and-go release!
if u need any help on mssql query's let me know (it's my proffession lol)
I've just editted your latest osds and added my own features to it _O-
but this is a nice setup-and-go release!
if u need any help on mssql query's let me know (it's my proffession lol)
02/04/2010 11:05
vikitooo#22
I have this error when i try to register from DKcms:
Warning: mssql_query() [function.mssql-query]: message: Invalid column name 'style'. (severity 16) in D:\GAMES\P-Server\appache\xampp\htdocs\dkcms\modules\public\r egister.php on line 242
Warning: mssql_query() [function.mssql-query]: Query failed in D:\GAMES\P-Server\appache\xampp\htdocs\dkcms\modules\public\r egister.php on line 242
:confused:
#edit: I solved it ...
Warning: mssql_query() [function.mssql-query]: message: Invalid column name 'style'. (severity 16) in D:\GAMES\P-Server\appache\xampp\htdocs\dkcms\modules\public\r egister.php on line 242
Warning: mssql_query() [function.mssql-query]: Query failed in D:\GAMES\P-Server\appache\xampp\htdocs\dkcms\modules\public\r egister.php on line 242
:confused:
#edit: I solved it ...
02/04/2010 11:30
janvier123#23
ive seen it pieter, thx
ye a space between register.php
ye a space between register.php
02/04/2010 16:06
dbed#24
TKX janvier123, testing...
02/05/2010 10:26
janvier123#25
Analysing URL [dkcms/V0.1/?dkcms=main]
[+] working on dkcms
[+] Method: MS-SQL error message
[+] Method: SQL error message
[+] Method: MySQL comment injection
[+] Method: SQL Blind Statement Injection
[+] Method: SQL Blind String Injection
--- No results here means that SQLiX found no injection point ---
--- Now sqlmap will test your url ---
[*] starting at: 09:21:09
[09:21:09] [INFO] testing connection to the target url
[09:21:10] [INFO] testing if the url is stable, wait a few seconds
[09:21:14] [INFO] url is stable
[09:21:14] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
[09:21:15] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
[09:21:15] [INFO] testing if Cookie parameter 'PHPSESSID' is dynamic
[09:21:16] [WARNING] Cookie parameter 'PHPSESSID' is not dynamic
[09:21:16] [INFO] testing if GET parameter 'dkcms' is dynamic
[09:21:18] [INFO] confirming that GET parameter 'dkcms' is dynamic
[09:21:20] [INFO] GET parameter 'dkcms' is dynamic
[09:21:20] [INFO] testing sql injection on GET parameter 'dkcms' with 0 parenthesis
[09:21:20] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:21] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:21] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:22] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:22] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:24] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:24] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:25] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:25] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:26] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:26] [INFO] GET parameter 'dkcms' is not injectable with 0 parenthesis
[09:21:26] [INFO] testing sql injection on GET parameter 'dkcms' with 1 parenthesis
[09:21:26] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:27] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:27] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:29] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:29] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:30] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:30] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:31] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:31] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:32] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:32] [INFO] GET parameter 'dkcms' is not injectable with 1 parenthesis
[09:21:32] [INFO] testing sql injection on GET parameter 'dkcms' with 2 parenthesis
[09:21:32] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:34] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:34] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:35] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:35] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:36] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:36] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:37] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:37] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:38] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:38] [INFO] GET parameter 'dkcms' is not injectable with 2 parenthesis
[09:21:38] [INFO] testing sql injection on GET parameter 'dkcms' with 3 parenthesis
[09:21:38] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:40] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:40] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:41] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:41] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:42] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:42] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:43] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:43] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:45] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:45] [INFO] GET parameter 'dkcms' is not injectable with 3 parenthesis
[09:21:45] [WARNING] GET parameter 'dkcms' is not injectable
SQL Inject fixed
[+] working on dkcms
[+] Method: MS-SQL error message
[+] Method: SQL error message
[+] Method: MySQL comment injection
[+] Method: SQL Blind Statement Injection
[+] Method: SQL Blind String Injection
--- No results here means that SQLiX found no injection point ---
--- Now sqlmap will test your url ---
[*] starting at: 09:21:09
[09:21:09] [INFO] testing connection to the target url
[09:21:10] [INFO] testing if the url is stable, wait a few seconds
[09:21:14] [INFO] url is stable
[09:21:14] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
[09:21:15] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
[09:21:15] [INFO] testing if Cookie parameter 'PHPSESSID' is dynamic
[09:21:16] [WARNING] Cookie parameter 'PHPSESSID' is not dynamic
[09:21:16] [INFO] testing if GET parameter 'dkcms' is dynamic
[09:21:18] [INFO] confirming that GET parameter 'dkcms' is dynamic
[09:21:20] [INFO] GET parameter 'dkcms' is dynamic
[09:21:20] [INFO] testing sql injection on GET parameter 'dkcms' with 0 parenthesis
[09:21:20] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:21] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:21] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:22] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:22] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:24] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:24] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:25] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:25] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:26] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:26] [INFO] GET parameter 'dkcms' is not injectable with 0 parenthesis
[09:21:26] [INFO] testing sql injection on GET parameter 'dkcms' with 1 parenthesis
[09:21:26] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:27] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:27] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:29] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:29] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:30] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:30] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:31] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:31] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:32] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:32] [INFO] GET parameter 'dkcms' is not injectable with 1 parenthesis
[09:21:32] [INFO] testing sql injection on GET parameter 'dkcms' with 2 parenthesis
[09:21:32] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:34] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:34] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:35] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:35] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:36] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:36] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:37] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:37] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:38] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:38] [INFO] GET parameter 'dkcms' is not injectable with 2 parenthesis
[09:21:38] [INFO] testing sql injection on GET parameter 'dkcms' with 3 parenthesis
[09:21:38] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:40] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:40] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:41] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:41] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:42] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:42] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:43] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:43] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:45] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:45] [INFO] GET parameter 'dkcms' is not injectable with 3 parenthesis
[09:21:45] [WARNING] GET parameter 'dkcms' is not injectable
SQL Inject fixed
02/05/2010 16:01
EliteWarrior#26
Nice work,good thing you fixed the injection.
02/05/2010 17:18
janvier123#27
well i need some good hackers to test it out for me, now iam waiting for zombe ans see what he can do
02/05/2010 18:00
EliteWarrior#28
IF some has a live site using DKCMS i can test if its vurlnable to sql injection.
02/05/2010 19:05
l2zeo#29
Thx..
good release.!!
shall I change design and use? :-)
good release.!!
shall I change design and use? :-)
02/06/2010 08:30
janvier123#30
look in dkcms/styles/ for themplatesQuote:
good release.!!
shall I change design and use? :-)