ryanfilard Posted March 15, 2012 Share Posted March 15, 2012 Verification: http://goo.gl/yVLKm Website: http://goo.gl/2aiey Frontend Demo: http://goo.gl/UwHqS Dashboard Demo: http://goo.gl/6Gr8X (Please don't delete the homepage.) Username: admin Password: pass I just released the next major version of my CMS. I re-programmed from the start because the previous version had to many bugs. Can you test it for errors it would really help. -Thanks Link to comment Share on other sites More sharing options...
scootstah Posted March 16, 2012 Share Posted March 16, 2012 I didn't spend too much time on this but you are definitely vulnerable to CSRF attacks and I'm pretty sure SQL injection as well. Link to comment Share on other sites More sharing options...
ryanfilard Posted March 16, 2012 Author Share Posted March 16, 2012 Before processing any sql if the user is not logged in it will not load the page. Link to comment Share on other sites More sharing options...
scootstah Posted March 16, 2012 Share Posted March 16, 2012 I'm not sure which point you are responding to, but it doesn't apply to either. Using SQL Injection commands I am able to make your database throw an error, although I wasn't able to actually force a log in. And I successfully exploited a CSRF vulnerability with the settings page in your admin panel, though it should apply everywhere as there is no CSRF protection. It doesn't matter if the user is not logged in, because that's not how CSRF works. Link to comment Share on other sites More sharing options...
Coreye Posted March 17, 2012 Share Posted March 17, 2012 SQL Error: http://2.0.demo.elematacms.com/?id=' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1 SQL Error: http://2.0.demo.elematacms.com/admin/index.php?action=edit&type=page&id=' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1 SQL Error when deleting pages that don't exist: http://2.0.demo.elematacms.com/admin/index.php?action=delete&true=1&id=2 Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/delete.php on line 13 Full Path Disclosure: http://2.0.demo.elematacms.com/?s=%3Ch1%3Etest Notice: Undefined variable: row_settings in /home/elemata/20demo/functions/global.php on line 55 Warning: include(themes//search.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/global.php on line 55 Warning: include(themes//search.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/global.php on line 55 Warning: include() [function.include]: Failed opening 'themes//search.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/functions/global.php on line 55 Full Path Disclosure: http://2.0.demo.elematacms.com/functions/replace.php Warning: file_get_contents(includes/version.txt) [function.file-get-contents]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/replace.php on line 5 Warning: file_get_contents(includes/login.html) [function.file-get-contents]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/replace.php on line 5 Warning: file_get_contents(includes/clientip.php) [function.file-get-contents]: failed to open stream: No such file or directory in /home/elemata/20demo/functions/replace.php on line 5 Full Path Disclosure: http://2.0.demo.elematacms.com/admin/content/dashboard.php Fatal error: Call to undefined function stats_unique_today() in /home/elemata/20demo/admin/content/dashboard.php on line 4 Full Path Disclosure: http://2.0.demo.elematacms.com/admin/content/edit_page.php Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/edit_page.php on line 1 Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/edit_page.php on line 1 Warning: include() [function.include]: Failed opening '../Connections/default.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/edit_page.php on line 1 Access Denied Full Path Disclosure: http://2.0.demo.elematacms.com/admin/content/pages.php Fatal error: Call to undefined function total_pages() in /home/elemata/20demo/admin/content/pages.php on line 3 Full Path Disclosure: http://2.0.demo.elematacms.com/admin/content/settings.php Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/settings.php on line 1 Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/settings.php on line 1 Warning: include() [function.include]: Failed opening '../Connections/default.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/settings.php on line 1 Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/settings.php on line 65 Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/settings.php on line 67 Full Path Disclosure: http://2.0.demo.elematacms.com/admin/content/themes.php Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 4 Warning: include(../Connections/default.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 4 Warning: include() [function.include]: Failed opening '../Connections/default.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/themes.php on line 4 Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/themes.php on line 7 Warning: mysql_query() [function.mysql-query]: Access denied for user 'elemata'@'localhost' (using password: NO) in /home/elemata/20demo/admin/content/themes.php on line 8 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/elemata/20demo/admin/content/themes.php on line 8 Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/elemata/20demo/admin/content/themes.php on line 9 Warning: include(../themes//info.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 12 Warning: include(../themes//info.php) [function.include]: failed to open stream: No such file or directory in /home/elemata/20demo/admin/content/themes.php on line 12 Warning: include() [function.include]: Failed opening '../themes//info.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/elemata/20demo/admin/content/themes.php on line 12 Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/themes.php on line 36 Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/elemata/20demo/admin/content/themes.php on line 38 Access denied for user 'elemata'@'localhost' (using password: NO) Directory Listing: http://2.0.demo.elematacms.com/functions/ Directory Listing: http://2.0.demo.elematacms.com/admin/content/ Directory Listing: http://2.0.demo.elematacms.com/Connections/ Link to comment Share on other sites More sharing options...
plznty Posted April 27, 2012 Share Posted April 27, 2012 I found a lot. Took around 10 minutes. Link to comment Share on other sites More sharing options...
ryanfilard Posted April 29, 2013 Author Share Posted April 29, 2013 I am currently working on a newer version with a few other programmers. We fixed a lot of bugs and added a few features. It's not available for download yet but if you would like to see the progress http://elemata.com Link to comment Share on other sites More sharing options...
MDCode Posted May 1, 2013 Share Posted May 1, 2013 (edited) Not necessarily related, but... XSS via search box. Search query is output onto the page without filtering. SQL injection via home page URL. index.php?id=' Couldn't help but try and see if you had an admin/ directory...and you did...and your username field is vulnerable to XSS Edited May 1, 2013 by SocialCloud Link to comment Share on other sites More sharing options...
ryanfilard Posted May 1, 2013 Author Share Posted May 1, 2013 (edited) Thanks for pointing the injection out so I guess now I will add strip_tags to those form fields. Edited May 1, 2013 by ryanfilard Link to comment Share on other sites More sharing options...
darkfreaks Posted June 30, 2013 Share Posted June 30, 2013 you still have XSS injection i suggest you output everything with htmlspecialchars() Link to comment Share on other sites More sharing options...
Recommended Posts