Vulnerability Development mailing list archives
Re: Simple CMS
From: Volker Tanger <vtlists () wyae de>
Date: Thu, 3 Aug 2006 11:58:45 +0200
On 2 Aug 2006 11:14:43 -0000 daaan () gmail com wrote:
The cms from http://www.cms-center.com/ uses no security at all, just a boolean "isloggedin". If you submit "loggedin=1" in the URL of any of the admin pages, you get full controll. Proof: 1. Google for "powered by php mysql simple cms" 2. type "admin/config_pages.php?loggedin=1" behind the url 3. Done. It works on every admin page that uses the so called auth.php.
*sigh* Another one of those. Solution: Set PHP to register_globals = off At a *very* brief glance at SimpleCMS it looks as if it should run with register_globals = off as it's using $_GET and $_POST to access parameters. Thus it is not even a SimpleCMS-induced bug (as in: requires that setting) in the PHP configuration, but simply plain ignorance or stupidity of the webserver admin. Bye Volker -- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists () wyae de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
Current thread:
- Simple CMS daaan (Aug 02)
- Re: Simple CMS Volker Tanger (Aug 03)
- RE: Simple CMS David Schwartz (Aug 04)
- Re: Simple CMS Volker Tanger (Aug 03)