Jump to content

Recommended Posts

Hi,

I've been working on this little project on and off for a while now and time has come where I could do with a pier review. Having no formal education in programming this is a first for me, but... There's an online version here http://www.rawstar7.co.uk and is available for download here http://www.rawstar7.co.uk/projects/v0_13.html.

 

There's lot's to do and you should take the documentation with a pinch of salt (only revision is true to..).

 

My main concern is the login system as i'm about to move onto a https system. I haven't used $_SERVER variables but use mysql entries.

 

Be aware it's still quite bloated and makes too many sql calls, all admin code will be sectioned off soon, and the dynamic js tree menu has been revised but needs a full rework which will be tackled soon...

 

Anyway, enough for now... Thanks for any help...

Link to comment
https://forums.phpfreaks.com/topic/68679-cms-beta-tests-please/
Share on other sites

Full Path Disclosure:

There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value.

http://www.rawstar7.co.uk/site/comp/linux/security/tut_ssh.html

Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/rawstar7/public_html/monkey/users.php on line 56

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/rawstar7/public_html/monkey/users.php:56) in /home/rawstar7/public_html/monkey/users.php on line 56

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/rawstar7/public_html/monkey/users.php:56) in /home/rawstar7/public_html/monkey/users.php on line 56

 

Includes Directory:

http://www.rawstar7.co.uk/monkey/mods/

 

Includes Directory:

http://www.rawstar7.co.uk/monkey/res/

 

User Enumeration:

http://www.rawstar7.co.uk/~rawstar7/

Link to comment
https://forums.phpfreaks.com/topic/68679-cms-beta-tests-please/#findComment-345592
Share on other sites

Considering the number of additional hits i've had since posting here I sort of expected more responses, even if it's just a bsic pass. Many thanks to agentsteal for the time and feedback, all except the user enumeration are now sorted (I believe!).

 

The new version of cmsmonkey also disallows proxy logins, catches certain other anomalies (still testing) and has new search capabilities in the admin logging section. However the log view for frequency checking may not be reporting as it should (this is different to actual frequency checking and blocking, which does work fine). There are also new admin page controls for controlling frequency checking.

 

In addition js menus have been updated to conform to W3C standards. Non admin areas all now conform to W3C html loose standard and W3C CSS 3. Logo's have not been applied since this area is still being improved and certain admin zones need work.

 

Anyway, for those who did have a monkey around with it thanks and hope you all have fun...

 

New link...

http://www.rawstar7.co.uk/projects/cmsmonkey.html

 

GOING BANANAS!

Link to comment
https://forums.phpfreaks.com/topic/68679-cms-beta-tests-please/#findComment-348973
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.