Jump to content

Archived

This topic is now archived and is closed to further replies.

ryanfilard

My Reprogrammed CMS System

Recommended Posts

Verification: http://goo.gl/yVLKm

 

Website: http://goo.gl/2aiey

 

Frontend Demo: http://goo.gl/UwHqS

 

Dashboard Demo: http://goo.gl/6Gr8X (Please don't delete the homepage.)

Username: admin

Password: pass

 

I just released the next major version of my CMS. I re-programmed from the start because the previous version had to many bugs. Can you test it for errors it would really help.

 

-Thanks

Share this post


Link to post
Share on other sites

I didn't spend too much time on this but you are definitely vulnerable to CSRF attacks and I'm pretty sure SQL injection as well.

Share this post


Link to post
Share on other sites

I'm not sure which point you are responding to, but it doesn't apply to either.

 

Using SQL Injection commands I am able to make your database throw an error, although I wasn't able to actually force a log in.

 

And I successfully exploited a CSRF vulnerability with the settings page in your admin panel, though it should apply everywhere as there is no CSRF protection. It doesn't matter if the user is not logged in, because that's not how CSRF works.

Share this post


Link to post
Share on other sites

SQL Error:

http://2.0.demo.elematacms.com/?id='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1

 

SQL Error:

http://2.0.demo.elematacms.com/admin/index.php?action=edit&type=page&id='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1

 

SQL Error when deleting pages that don't exist:

http://2.0.demo.elematacms.com/admin/index.php?action=delete&true=1&id=2

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/delete.php on line 13

 

Full  Path Disclosure:

http://2.0.demo.elematacms.com/?s=%3Ch1%3Etest

Notice: Undefined variable: row_settings in /home/elemata/20demo/functions/global.php on line 55

 

Warning: include(themes//search.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/global.php on line 55

 

Warning: include(themes//search.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/global.php on line 55

 

Warning: include() [function.include]: Failed opening 'themes//search.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/functions/global.php on line 55

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/functions/replace.php

Warning: file_get_contents(includes/version.txt) [function.file-get-contents]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/replace.php on line 5

 

Warning: file_get_contents(includes/login.html) [function.file-get-contents]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/replace.php on line 5

 

Warning: file_get_contents(includes/clientip.php) [function.file-get-contents]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/replace.php on line 5

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/admin/content/dashboard.php

Fatal error: Call to undefined function stats_unique_today() in /home/elemata/20demo/admin/content/dashboard.php on line 4

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/admin/content/edit_page.php

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/edit_page.php on line 1

 

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/edit_page.php on line 1

 

Warning: include() [function.include]: Failed opening '../Connections/default.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/edit_page.php on line 1

Access Denied

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/admin/content/pages.php

Fatal error: Call to undefined function total_pages() in /home/elemata/20demo/admin/content/pages.php on line 3

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/admin/content/settings.php

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/settings.php on line 1

 

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/settings.php on line 1

 

Warning: include() [function.include]: Failed opening '../Connections/default.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/settings.php on line 1

 

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/settings.php on line 65

 

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/settings.php on line 67

 

Full Path Disclosure:

http://2.0.demo.elematacms.com/admin/content/themes.php

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 4

 

Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 4

 

Warning: include() [function.include]: Failed opening '../Connections/default.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/themes.php on line 4

 

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/themes.php on line 7

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'elemata'@'localhost' (using password: NO) in /home/elemata/20demo/admin/content/themes.php on line 8

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/elemata/20demo/admin/content/themes.php on line 8

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/elemata/20demo/admin/content/themes.php on line 9

 

Warning: include(../themes//info.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 12

 

Warning: include(../themes//info.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 12

 

Warning: include() [function.include]: Failed opening '../themes//info.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/themes.php on line 12

 

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/themes.php on line 36

 

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/themes.php on line 38

Access denied for user 'elemata'@'localhost' (using password: NO)

 

Directory Listing:

http://2.0.demo.elematacms.com/functions/

 

Directory Listing:

http://2.0.demo.elematacms.com/admin/content/

 

Directory Listing:

http://2.0.demo.elematacms.com/Connections/

Share this post


Link to post
Share on other sites

I am currently working on a newer version with a few other programmers. We fixed a lot of bugs and added a few features. It's not available for download yet but if you would like to see the progress http://elemata.com

Share this post


Link to post
Share on other sites

Not necessarily related, but...

 

XSS via search box.  Search query is output onto the page without filtering.  SQL injection via home page URL.  index.php?id='

 

Couldn't help but try and see if you had an admin/ directory...and you did...and your username field is vulnerable to XSS

Share this post


Link to post
Share on other sites

Thanks for pointing the injection out so I guess now I will add strip_tags to those form fields.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.