[RELEASE] Dekaron CMS (DKCMS)

[vikitooo]

*edit:Thanks i solved my problem!

[*JayKay*]

very good janvier worked

[[GM]USA]

Hey janvier think you can add a forum already built in it?
Anyways good work i got it working 100%

[-8gX]

No templating support? Are we supposed to portal bits and pieces of this to our clients homepage? Not being rude.. But is this ONLY for admins? Cause judging by the ticket system it isnt. A templating system would be the only reason I would use this; the code on the other hand looks clean so if I was to use this it would be pulling bits of code out and throwing it into a custom template.

[janvier123]

Quote:

Originally Posted by [GM]USA

Hey janvier think you can add a forum already built in it?
Anyways good work i got it working 100%

converting a forums would be hard to do, but its possible to add a simple forum into it, ill see what i can do, maybe get a mysql version of dkcms

Quote:

Originally Posted by -8gX

No templating support? Are we supposed to portal bits and pieces of this to our clients homepage? Not being rude.. But is this ONLY for admins? Cause judging by the ticket system it isnt. A templating system would be the only reason I would use this; the code on the other hand looks clean so if I was to use this it would be pulling bits of code out and throwing it into a custom template.

its for users, gms and admins
yes templates are supported, just add then in styles, go to admin and change it there, its still my first release, but i can work on it later
it would be nice of other members write code for it and share it

[pieter]

nice work janvier.
I've just editted your latest osds and added my own features to it _O-
but this is a nice setup-and-go release!

if u need any help on mssql query's let me know (it's my proffession lol)

[vikitooo]

I have this error when i try to register from DKcms:

Warning: mssql_query() [function.mssql-query]: message: Invalid column name 'style'. (severity 16) in D:\GAMES\P-Server\appache\xampp\htdocs\dkcms\modules\public\r egister.php on line 242

Warning: mssql_query() [function.mssql-query]: Query failed in D:\GAMES\P-Server\appache\xampp\htdocs\dkcms\modules\public\r egister.php on line 242

#edit: I solved it ...

[janvier123]

ive seen it pieter, thx
ye a space between register.php

[dbed]

TKX janvier123, testing...

[janvier123]

Analysing URL [dkcms/V0.1/?dkcms=main]
[+] working on dkcms
[+] Method: MS-SQL error message
[+] Method: SQL error message
[+] Method: MySQL comment injection
[+] Method: SQL Blind Statement Injection
[+] Method: SQL Blind String Injection
--- No results here means that SQLiX found no injection point ---


--- Now sqlmap will test your url ---

[*] starting at: 09:21:09

[09:21:09] [INFO] testing connection to the target url
[09:21:10] [INFO] testing if the url is stable, wait a few seconds
[09:21:14] [INFO] url is stable
[09:21:14] [INFO] testing if User-Agent parameter 'User-Agent' is dynamic
[09:21:15] [WARNING] User-Agent parameter 'User-Agent' is not dynamic
[09:21:15] [INFO] testing if Cookie parameter 'PHPSESSID' is dynamic
[09:21:16] [WARNING] Cookie parameter 'PHPSESSID' is not dynamic
[09:21:16] [INFO] testing if GET parameter 'dkcms' is dynamic
[09:21:18] [INFO] confirming that GET parameter 'dkcms' is dynamic
[09:21:20] [INFO] GET parameter 'dkcms' is dynamic
[09:21:20] [INFO] testing sql injection on GET parameter 'dkcms' with 0 parenthesis
[09:21:20] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:21] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:21] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:22] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:22] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:24] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:24] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:25] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:25] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:26] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:26] [INFO] GET parameter 'dkcms' is not injectable with 0 parenthesis
[09:21:26] [INFO] testing sql injection on GET parameter 'dkcms' with 1 parenthesis
[09:21:26] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:27] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:27] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:29] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:29] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:30] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:30] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:31] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:31] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:32] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:32] [INFO] GET parameter 'dkcms' is not injectable with 1 parenthesis
[09:21:32] [INFO] testing sql injection on GET parameter 'dkcms' with 2 parenthesis
[09:21:32] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:34] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:34] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:35] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:35] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:36] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:36] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:37] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:37] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:38] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:38] [INFO] GET parameter 'dkcms' is not injectable with 2 parenthesis
[09:21:38] [INFO] testing sql injection on GET parameter 'dkcms' with 3 parenthesis
[09:21:38] [INFO] testing unescaped numeric injection on GET parameter 'dkcms'
[09:21:40] [INFO] GET parameter 'dkcms' is not unescaped numeric injectable
[09:21:40] [INFO] testing single quoted string injection on GET parameter 'dkcms'
[09:21:41] [INFO] GET parameter 'dkcms' is not single quoted string injectable
[09:21:41] [INFO] testing LIKE single quoted string injection on GET parameter 'dkcms'
[09:21:42] [INFO] GET parameter 'dkcms' is not LIKE single quoted string injectable
[09:21:42] [INFO] testing double quoted string injection on GET parameter 'dkcms'
[09:21:43] [INFO] GET parameter 'dkcms' is not double quoted string injectable
[09:21:43] [INFO] testing LIKE double quoted string injection on GET parameter 'dkcms'
[09:21:45] [INFO] GET parameter 'dkcms' is not LIKE double quoted string injectable
[09:21:45] [INFO] GET parameter 'dkcms' is not injectable with 3 parenthesis
[09:21:45] [WARNING] GET parameter 'dkcms' is not injectable

SQL Inject fixed

[EliteWarrior]

Nice work,good thing you fixed the injection.

[janvier123]

well i need some good hackers to test it out for me, now iam waiting for zombe ans see what he can do

[EliteWarrior]

IF some has a live site using DKCMS i can test if its vurlnable to sql injection.

[l2zeo]

Thx..
good release.!!
shall I change design and use? :-)

[janvier123]

Quote:

Originally Posted by l2zeo

Thx..
good release.!!
shall I change design and use? :-)

look in dkcms/styles/ for themplates