Jump to content

Recommended Posts

Verification: http://goo.gl/yVLKm

 

Website: http://goo.gl/2aiey

 

Frontend Demo: http://goo.gl/UwHqS

 

Dashboard Demo: http://goo.gl/6Gr8X (Please don't delete the homepage.)

Username: admin

Password: pass

 

I just released the next major version of my CMS. I re-programmed from the start because the previous version had to many bugs. Can you test it for errors it would really help.

 

-Thanks

Link to comment
https://forums.phpfreaks.com/topic/259026-my-reprogrammed-cms-system/
Share on other sites

I'm not sure which point you are responding to, but it doesn't apply to either.

 

Using SQL Injection commands I am able to make your database throw an error, although I wasn't able to actually force a log in.

 

And I successfully exploited a CSRF vulnerability with the settings page in your admin panel, though it should apply everywhere as there is no CSRF protection. It doesn't matter if the user is not logged in, because that's not how CSRF works.

SQL Error:

http://2.0.demo.elematacms.com/?id='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1

 

SQL Error:

http://2.0.demo.elematacms.com/admin/index.php?action=edit&type=page&id='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1

 

SQL Error when deleting pages that don't exist:

http://2.0.demo.elematacms.com/admin/index.php?action=delete&true=1&id=2

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/delete.php on line 13

 

Full  Path Disclosure:

http://2.0.demo.elematacms.com/?s=%3Ch1%3Etest

Notice: Undefined variable: row_settings in /home/elemata/20demo/functions/global.php on line 55

 

Warning: include(themes//search.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/global.php on line 55

 

Warning: include(themes//search.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/global.php on line 55

 

Warning: include() [function.include]: Failed opening 'themes//search.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/functions/global.php on line 55

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/functions/replace.php

Warning: file_get_contents(includes/version.txt) [function.file-get-contents]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/replace.php on line 5

 

Warning: file_get_contents(includes/login.html) [function.file-get-contents]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/replace.php on line 5

 

Warning: file_get_contents(includes/clientip.php) [function.file-get-contents]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/replace.php on line 5

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/admin/content/dashboard.php

Fatal error: Call to undefined function stats_unique_today() in /home/elemata/20demo/admin/content/dashboard.php on line 4

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/admin/content/edit_page.php

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/edit_page.php on line 1

 

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/edit_page.php on line 1

 

Warning: include() [function.include]: Failed opening '../Connections/default.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/edit_page.php on line 1

Access Denied

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/admin/content/pages.php

Fatal error: Call to undefined function total_pages() in /home/elemata/20demo/admin/content/pages.php on line 3

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/admin/content/settings.php

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/settings.php on line 1

 

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/settings.php on line 1

 

Warning: include() [function.include]: Failed opening '../Connections/default.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/settings.php on line 1

 

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/settings.php on line 65

 

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/settings.php on line 67

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/admin/content/themes.php

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 4

 

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 4

 

Warning: include() [function.include]: Failed opening '../Connections/default.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/themes.php on line 4

 

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/themes.php on line 7

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'elemata'@'localhost' (using password: NO) in /home/elemata/20demo/admin/content/themes.php on line 8

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/elemata/20demo/admin/content/themes.php on line 8

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/elemata/20demo/admin/content/themes.php on line 9

 

Warning: include(../themes//info.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 12

 

Warning: include(../themes//info.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 12

 

Warning: include() [function.include]: Failed opening '../themes//info.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/themes.php on line 12

 

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/themes.php on line 36

 

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/themes.php on line 38

Access denied for user 'elemata'@'localhost' (using password: NO)

 

Directory Listing:

http://2.0.demo.elematacms.com/functions/

 

Directory Listing:

http://2.0.demo.elematacms.com/admin/content/

 

Directory Listing:

http://2.0.demo.elematacms.com/Connections/

  • 1 month later...
  • 1 year later...

Not necessarily related, but...

 

XSS via search box.  Search query is output onto the page without filtering.  SQL injection via home page URL.  index.php?id='

 

Couldn't help but try and see if you had an admin/ directory...and you did...and your username field is vulnerable to XSS

Edited by SocialCloud
  • 1 month later...
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.