Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Simple CMS

From: Volker Tanger <vtlists () wyae de>
Date: Thu, 3 Aug 2006 11:58:45 +0200
On 2 Aug 2006 11:14:43 -0000
daaan () gmail com wrote:


The cms from http://www.cms-center.com/ uses no security at all, just
a boolean "isloggedin". If you submit "loggedin=1" in the URL of any
of the admin pages, you get full controll.

Proof:
1. Google for "powered by php mysql simple cms"
2. type "admin/config_pages.php?loggedin=1" behind the url
3. Done. It works on every admin page that uses the so called
auth.php.



*sigh*
Another one of those. 

Solution:
Set PHP to  register_globals = off

At a *very* brief glance at SimpleCMS it looks as if it should run with
register_globals = off as it's using $_GET and $_POST to access parameters.  

Thus it is not even a SimpleCMS-induced bug (as in: requires that
setting) in the PHP configuration, but simply plain ignorance or
stupidity of the webserver admin.

Bye

Volker 


-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB
Previous By Date Next
Previous By Thread Next

Current thread: