ds111 Posted November 29, 2008 Share Posted November 29, 2008 I've built my own PHP/MySQL Blog and News Content Management System. Its open-source, and free. http://www.mzbservices.com Available for download, currently at v1.0.5, took about a month or so to develop. I constantly update with new releases, and always look forward to making grow and become more and more a professional piece of software. I've just released 1.0.5, which is a really big major update. Take a look and tell me what you think! (Not many people use it yet tho ) Link to comment Share on other sites More sharing options...
ds111 Posted November 29, 2008 Author Share Posted November 29, 2008 Kk, i see my post was moved to Beta Test. So if possible, can anyone download the CMS and beta test it on their server? you can always beta test it on my site as well Thanks so much! Link to comment Share on other sites More sharing options...
Coreye Posted November 29, 2008 Share Posted November 29, 2008 Cross Site Scripting(XSS): You can register with ">code in your username and it will execute after logging in. Cross Site Scripting(XSS): You can post news comments with ">code. Cross Site Scripting(XSS): http://www.mzbservices.com/search.php?s="><marquee><h1>Test Cross Site Scripting(XSS): http://www.mzbservices.com/search.php?cat="><marquee><h1>Test Link to comment Share on other sites More sharing options...
ShiloVir Posted November 29, 2008 Share Posted November 29, 2008 Sorry, did I break your site? http://www.mzbservices.com/show_post.php?id=46 Link to comment Share on other sites More sharing options...
ShiloVir Posted November 29, 2008 Share Posted November 29, 2008 Sorry, did I break your site? http://www.mzbservices.com/show_post.php?id=46 Im really sorry about that dude. Just clear the MySQL table and you should be fine. Thats what u get when u ask people to test out your site. lol. But seriously. u gotta disable HTML from that site dude. Link to comment Share on other sites More sharing options...
ds111 Posted November 29, 2008 Author Share Posted November 29, 2008 please please, im a web developer this is awesome that you've broken it! Can you give me some tips on how to disable the HTML? how exactly would i do that in php? would that just us the function htmlspecialchars? thanks so much for breaking it! Now i can release a security update that resolves all of this. Thanks again!! Link to comment Share on other sites More sharing options...
ds111 Posted November 29, 2008 Author Share Posted November 29, 2008 oh one more thing...was anyone able to get into admin CP? its in http://www.mzbservices.com/admin Thanks again so much for testing it! Link to comment Share on other sites More sharing options...
ds111 Posted November 29, 2008 Author Share Posted November 29, 2008 I've fixed all the vulnerabilities everyone has found, I think. If anyone wants to test more, Feel free and please tell me whats wrong and how to fix it. Tanks! Link to comment Share on other sites More sharing options...
ShiloVir Posted November 29, 2008 Share Posted November 29, 2008 Okay. I tried breaking it again with no sucess. Very good work fixing the bug. I couldnt access the admin panel myself. Altho when u post a message you shouldnt have the option to choose a name because anyone can wrote "Admin" under the name field and make it look like you are the one posting the message. Link to comment Share on other sites More sharing options...
ShiloVir Posted November 29, 2008 Share Posted November 29, 2008 I discovered a new bug. You can press the "Login" button without entering any information and it will automatically log you in. Link to comment Share on other sites More sharing options...
corbin Posted November 29, 2008 Share Posted November 29, 2008 So uh... I hope you never plan on separating the content from logic. Just looked at the source, and it's all just mashed together. Guess it would be fairly difficult to separate them though. Link to comment Share on other sites More sharing options...
ds111 Posted November 29, 2008 Author Share Posted November 29, 2008 Okay. I tried breaking it again with no sucess. Very good work fixing the bug. I couldnt access the admin panel myself. Altho when u post a message you shouldnt have the option to choose a name because anyone can wrote "Admin" under the name field and make it look like you are the one posting the message. Yay, Sweet. I don't know how to not allow to pick a name. Any suggestions on this? I discovered a new bug. You can press the "Login" button without entering any information and it will automatically log you in. I dont see that. When i log in without any info, then it gives me Username or Password is incorrect. can u explain a bit better? Thanks Link to comment Share on other sites More sharing options...
darkfreaks Posted November 29, 2008 Share Posted November 29, 2008 yes it gives you that error but you still are logged in can edit your profile etc Link to comment Share on other sites More sharing options...
ds111 Posted November 29, 2008 Author Share Posted November 29, 2008 Wierd. I will look into that. I've also further updated the software with integration of HTML Purifier. Try to hack that! Umm I've looked at it and I still cant reproduce the error. Are you entering a space for the username box or something? I've added an extra session_destroy() when you see that message. Hopefully that will work or maybe not. Try again. If you are still able to do this, please give me exact steps, as well as the browser you are using. Thanks! Link to comment Share on other sites More sharing options...
darkfreaks Posted November 29, 2008 Share Posted November 29, 2008 ok tried now i just get a blank page ??? Link to comment Share on other sites More sharing options...
ds111 Posted November 29, 2008 Author Share Posted November 29, 2008 what browser are you using? Link to comment Share on other sites More sharing options...
darkfreaks Posted November 30, 2008 Share Posted November 30, 2008 firefox Link to comment Share on other sites More sharing options...
ds111 Posted November 30, 2008 Author Share Posted November 30, 2008 I see now. I work on Mac OS X, and never noticed this before. Windows browsers can log in without a username or password. I will fix this in another security bulletin tomorrow. Thank you all for beta testing! If you are done beta testing and you have reached the conclusion that this software is fairly bug-free, please PM me to become one of the Beta Testers for the internal development team. Also it would be awesome if someone can go and download the current version and see if they have any problems setting it up (installation ~ 2 min!!) and tell me any new features, or improvements they would like to see in the new version. The current build branch is based on simplicity, but I hope that over the next few releases I can make the software more complex in architecture but to not sacrifice the ease of use. Link to comment Share on other sites More sharing options...
Adam Posted December 1, 2008 Share Posted December 1, 2008 To be honest with your next release I'd work on improving the code structure, as corbin said, it's all mushed together.. a nightmare for anyone wishing to mod it! Which I think is your biggest draw back. Also the "registry.php" file is very cluttered! Is it really necessary to include all the setup functions on every page? The look and feel of it all is great mind.. some of the links do look a little lost though! Adam Link to comment Share on other sites More sharing options...
ds111 Posted December 1, 2008 Author Share Posted December 1, 2008 Care to explain which links look a bit lost? I never include registry.php That would make the PHP File very long! I always use require, which basically only goes back to the file and runs a function only when that function is called. Is that wrong? If so, can you explain a better way? Also, there will be no need to edit the code when installing a mod. The following is a plan for v1.0.7, which is probably set to release sometime in February. It's called the Execution Point system: In the ACP, you set up a new "Execution Point." This is basically linking to a file with all the necessary functions/classes for that mod. Then you set up the file and line number of where you want that to execute. For example, if you want it to be executed to: show_post.php Line 54 then it will run your function right after the getPost() function is called. So basically all you need to do is: Upload the main function/class file Go to ACP -> Manage Execution Poins -> Add Execution Point and then you set the function/class origin file (where it should get it. for security purposes, it will not allow it to be run from registry.php), and it will edit that file with PHP and run the function name) Link to comment Share on other sites More sharing options...
darkfreaks Posted December 2, 2008 Share Posted December 2, 2008 Fixed Delete.php: <?php require 'registry.php'; if(!isset($id)) { $id = ($_GET['post']); } $confirm = $_GET['confirm']; if($confirm == "no") { ?> <script> var answer = confirm("Are you sure you would like to delete this post?"); if(answer == true) { window.location="delete.php?post=<?php echo htmlspecialchars($id); ?>&id=<?php echo htmlspecialchars($id); ?>&confirm=yes"; } else { alert("Post has not been deleted."); window.location="show_post.php?id=<?php echo htmlspecialchars($id); ?>"; } </script> <?php } if(!isset($_GET['post'])) { ?> <script> window.location = "error_7.php"; </script> <?php } if($confirm == "yes"){ deletePost($id); } ?> Fixed Delete_comment.php: <?php require 'registry.php';checkLogin(); getRights(); $id = $_GET['id']; $postid = $_GET['postid']; $confirm = $_GET['confirm']; if($confirm == "no") { ?> <script> var answer = confirm("Are you sure you would like to delete this comment?"); if(answer) { window.location="delete_comment.php?postid=<?php echo htmlspecialchars($postid); ?>&id=<?php echo htmlspecialchars($id); ?>&confirm=yes"; } else { alert("Comment has not been deleted."); window.location="show_post.php?id=<?php echo htmlspecialchars($postid); ?>"; } </script> <?php } if($confirm == "yes") { deleteComment($id, $postid); } ?> Fixed edit.php: <?php require 'registry.php';if(!isset($i)) { $i = $_GET['post']; } if(!isset($_GET['post'])) { ?> <script> window.location="error_7.php"; </script> <?php } // Get vars from login form if(isset($_POST['submit'])) { $title = $_POST['title']; $article = $_POST['article']; $fullpost = $_POST['fullpost']; if(!editPost($i,$title, $article, $fullpost)) { ?> <script> window.location="edit.php?post=<?php echo htmlspecialchars($i); ?>&msg=fedit"; </script> <?php } } getSkinDirCache(); $skindir = $_SESSION['skindir']; include_once('skins/'.$skindir.'/header.php'); checkLogin(); getRightsNewsPoster(); startEditor(); ?> <div class="post"> <h1 class="title">Edit Post</h1> <div class="entry"> <?php _maxblogmessages_(); ?> <p>Fill out this form to edit your post.</p> <form id="form1" name="form1" method="post" action="edit.php?post=<?php echo htmlspecialchars($i); ?>"> <p>Title<br /> <label> <input type="text" size="30" value="<?php getEditData($i, "title"); ?>" name="title" id="title" /> </label> </p> <p>Short Text<br /> <textarea id="article" name="article"> <?php getEditData($i, "shortpost"); ?> </textarea> </p> <p>Full Text<br /> <textarea id="fullpost" name="fullpost"> <?php getEditData($i, "fullpost"); ?> </textarea> </p> <p> <label> <input type="submit" name="submit" id="submit" value="Edit" /> </label> </p> </form> </div> </div> <div class="post"> <div class="entry"></div> </div> </div> <!-- end #content --> <!-- sidebar --> <div id="sidebar"> <ul> <li> <?php showSidebarCache(); ?> <p> </p> </ul> </div> <!-- end #sidebar --> <div style="clear: both;"> </div> <?php include_once('skins/'.$skindir.'/footer.php'); ?> Link to comment Share on other sites More sharing options...
darkfreaks Posted December 2, 2008 Share Posted December 2, 2008 Fixed Search.php: <?php require 'registry.php'; if(isset($_GET['s'])) { $search = $_GET['s']; } if(isset($_GET['cat'])) { $cat = $_GET['cat']; } if(isset($_POST['confirm]'])) { $cat = $_GET['confirm']; } getSkinDirCache(); $skindir = $_SESSION['skindir']; include_once('skins/'.$skindir.'/header.php'); ?> <div class="post"> <h3>Search this Blog</h3> <form action="search.php" method="get"> <input type="text" name="s" id="s" size="25" /> <input type="submit" value="Submit"> </form> <?php if(isset($cat)) { echo '<Br /><div class="clean-ok">Viewing all posts in the category '.htmlspecialchars($cat).'.</div>';}?> <?php if(!isset($search) && !isset($cat)) { echo '</div>'; } if(isset($search)) { if($search != "") { $search = clean($search); getSearchResults($search); } else { echo '</div>'; echo '<div class="clean-error">Please enter a search term!</div>'; } } if(isset($cat)) { $cat = clean($cat); getCategoryResults($cat); } else { } ?></div> <!-- end #content --> <!-- sidebar --> <div id="sidebar"> <ul> <li> <?php showSidebarCache(); ?> <p> </p> </ul> </div> <!-- end #sidebar --> <div style="clear: both;"> </div> <?php include_once('skins/'.$skindir.'/footer.php'); ?> Fixed suggest.php: <?php include 'registry.php'; connect_db(); $query=$_GET["query"]; $sql = "SELECT * from users WHERE username LIKE '$query%' LIMIT 7"; $dosql = mysql_query($sql); $rows = mysql_num_rows($dosql); $i = 0; if($rows != 0) { while ($i != $rows) { $curuser = mysql_result($dosql, $i, "username"); $users[] = $curuser; $i++; } if (strlen($query) > 0) { $suggestions=""; for($i=0; $i<count($users); $i++) { if (strtolower($query)==strtolower(substr($users[$i],0,strlen($query)))) { if ($suggestions=="") { $suggestions=$users[$i]; } else { $suggestions=$suggestions." , ".$users[$i]; } } } } echo htmlspecialchars($suggestions); } ?> Link to comment Share on other sites More sharing options...
ds111 Posted December 2, 2008 Author Share Posted December 2, 2008 thank you for those code improvements. i will apply the patches and dispatch another security release immediately. Thanks again! Link to comment Share on other sites More sharing options...
darkfreaks Posted December 3, 2008 Share Posted December 3, 2008 Fixed add_category.php <?php session_start(); $noload = true; $nomenu = false; $sidebar = true; ?> <?php include 'header.php'; validateSession("acp"); if(isset($_POST['submit'])) { if(isset($_POST['cat_name'])) { $catname = $_POST['cat_name']; $catname = addslashes($catname); addCategory($catname); } else { $error = '<div class="clean-error">Please enter a category name! </div>'; } } ?> <div id="colTwo"> <div class="bg2"> <h2><em>Add a</em> Category</h2> <form id="form1" name="form1" method="post" action="add_category.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>"> <?php if htmlspecialchars(isset($error))echo htmlspecialchars($error) ?> Category name: <label> <br /> <input type="text" name="cat_name" id="cat_name" /> <br /> <br /> <input type="submit" name="submit" id="submit" value="Submit" /> </label> </form> </div> </div> <?php include_once('footer.php'); ?> Fixed add_page.php <?php session_start(); $noload = true; $nomenu = false; $sidebar = true; include 'header.php'; validateSession("acp"); if(isset($_POST['title'])) { $title = $_POST['title']; $title = addslashes($title); $author = $_POST['article']; $author = addslashes($author); $redirect = $_POST['redirect']; $redirect = addslashes($redirect); if($redirect != "") { newRedirect($title, $redirect); } else { newPage($title, $author); } } startEditor(); ?> <div id="colTwo"> <div class="bg2"> <h2><em>Add a</em> Pages</h2> <?php _maxblogmessages_(); ?> <p>Fill out this form to add a page.</p> <form id="form1" name="form1" onSubmit="javascript:window.onbeforeunload=null;" method="post" action="add_page.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>"> <p>Title<br /> <label> <input type="text" size="30" name="title" id="title" /> </label> </p> <p>Redirect URL: <label> <input type="text" name="redirect" id="redirect" /> </label> </p> <p>Content<br /> <textarea id="article" name="article"></textarea> </p> <p> <label> <input type="submit" name="button" id="button" value="Post" /> </label> </p> </form> </div> </div> <?php include 'footer.php'; ?> Fixed admin.php <?php if(!isset($_GET['section'])) { header("Location: admin.php?section=admin&acpsession=".$_GET['acpsession']); } session_start(); $noload = true; $nomenu = false; $sidebar = true; include 'header.php'; validateSession("acp"); ?> <div id="colTwo"> <?php if($_GET['section'] == "manage") {?> <div class="bg2"> <?php _maxblogmessages_();?> <br /> <h2><em>Welcome</em> to the Management Panel!</h2> <p>In the Management Panel, you can manage all the settings of your blog!</p> </div> </div> <?php } ?> <?php if($_GET['section'] == "admin") {?> <div class="bg2"> <?php _maxblogmessages_();?> <h2><em>Welcome</em> to the Admin Control Panel!</h2> <p>In the Admin Control Panel, you can access all the panels and change the settings within them.</p> <h2><em>Blog</em> Updates</h2> You are currently running: Max.Blog <?php getVersionNumber("both");?> <br /><br /> <?php $ver = getVersionNumber("chversion"); ?> <iframe width="250px" frameborder="0" src="http://www.mzbservices.com/blog/getupdates.php?ver=<?php echo htmlspecialchars($ver); ?>"></iframe> </div> </div> <?php } ?> <?php if($_GET['section'] == "edit") {?> <div class="bg2"> <?php _maxblogmessages_();?> <h2><em>Welcome</em> to the Editing Panel!</h2> <p>In the Editing Panel, you can access all the panels and edit the values for them.</p> </div> </div> <?php } ?> <?php include 'footer.php'; ?> Fixed add_category.php <?php session_start(); $noload = true; $nomenu = false; $sidebar = true; if(isset($_GET['movecat'])) { $movecat = $_GET['movecat']; } if(isset($_POST['newcat'])) { $newcat = $_POST['newcat']; } include 'header.php'; validateSession("acp"); connect_db(); $catid = $_GET['cat']; if($_GET['godelete'] == "yes") { $query = "DELETE from categories WHERE id='$catid'"; $godelete = mysql_query($query); } if($_GET['makenew'] == "yes") { $cat = $_GET['catname']; $cat = addslashes($cat); mysql_query("INSERT into categories (categories) VALUES('$cat')"); ?> <div id="colTwo"> <div class="bg2"> <h2><em>Category</em> Added</h2> Successfully completed all operations! </div> </div> <?php include 'footer.php'; exit; } ?> <?php if($movecat != "yes") { ?> <script> history.back(1); </script> <?php } if($movecat == "yes") { if(!isset($_GET['chget'])) { ?> <div id="colTwo"> <div class="bg2"> <h2><em>Change</em> Categories</h2> <form name="form1" method="post" action="delete_cat.php?section=manage&movecat=yes&oldcat=<?php echo htmlspecialchars($_GET['oldcat']); ?>&catid=<?php echo htmlspecialchars($_GET['cat']); ?>&chget=yes&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>"> <br /> <input type="text" name="newcat" id="newcat"> <input type="submit" name="button" id="button" value="Submit" /> </form> </div></div> <?php } else { $catid = $_GET['catid']; $oldcat = $_GET['oldcat']; mysql_query("UPDATE posts SET category='$newcat' WHERE category='$oldcat'"); ?> <div id="colTwo"> <div class="bg2"> <h2><em>Categories</em> Changed</h2> All posts have been changed to <?php echo htmlspecialchars($newcat); ?><br /> <?php $chquer = "SELECT * from categories WHERE categories='$newcat'"; $runquery = mysql_query($chquer); $rows = mysql_num_rows($runquery); if($rows == 0) { ?> <br /> There is no category with this name. Make one? <br /><br /> <a href="delete_cat.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>&makenew=yes&catname=<?php echo htmlspecialchars($newcat); ?>">Yes</a> | <a href="admin.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>">No</a> <?php } } } ?> </div> </div> <?php include 'footer.php'; ?> Link to comment Share on other sites More sharing options...
darkfreaks Posted December 3, 2008 Share Posted December 3, 2008 sorry that last one was sposed to be delete_cat.php Fixed delete_page.php <?php session_start(); $noload = true; $nomenu = false; $sidebar = true; include 'header.php'; validateSession("acp"); $id = $_GET['id']; $confirm = $_GET['confirm']; if($confirm == "no") { ?> <script> var answer = confirm("Are you sure you would like to delete this page?"); if(answer) { window.location="delete_page.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']);?>&id=<?php echo htmlspecialchars($id); ?>&confirm=yes"; } else { alert("Page has not been deleted."); window.location="manage_pages.php?section=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>"; } </script> <?php } if($confirm == "yes") { deletePage($id); } ?> Fixed edit_page.php <?php session_start(); $noload = true; $nomenu = false; $sidebar = true; include 'header.php'; validateSession("acp"); if(!isset($id)) { $id = $_GET['id']; } if($_POST['url'] != "") { $title = $_POST['title']; $url = $_POST['url']; updateRedirect($title, $url, $id); exit; } if(isset($_POST['title'])) { $title = $_POST['title']; $article = $_POST['article']; $url = $_POST['url']; updatePage($title, $url, $article, $id); } startEditor(); ?> <div id="colTwo"> <div class="bg2"> <h2><em>Edit</em> Page</h2> <?php _maxblogmessages_(); ?> <p>Fill out this form to add a page.</p> <form id="form1" name="form1" method="post" action="edit_page.php?id=<?php echo htmlspecialchars($_GET['id']); ?>§ion=manage&acpsession=<?php echo htmlspecialchars($_GET['acpsession']); ?>"> <p>Title<br /> <label> <input type="text" size="30" value="<?php getPage("title", $id); ?>" name="title" id="title" /><br /> </label> Redirect URL: <input type="text" size="30" value="<?php getPage("url", $id); ?>" name="url" id="url"> </p> <p>Content<br /> <textarea id="article" name="article"> <?php getPage("content", $id); ?></textarea> </p> <p> <label> <input type="submit" name="button" id="button" value="Post" /> </label> </p> </form> </div> </div> <?php include 'footer.php'; ?> Link to comment Share on other sites More sharing options...
Recommended Posts