Simple CMS

From: daaan@xxxxxxxxx
Date: 2 Aug 2006 11:14:43 -0000

The cms from http://www.cms-center.com/ uses no security at all, just a boolean "isloggedin". If you submit "loggedin=1" in the URL of any of the admin pages, you get full controll.

Proof:

1. Google for "powered by php mysql simple cms"
2. type "admin/config_pages.php?loggedin=1" behind the url
3. Done. It works on every admin page that uses the so called auth.php.

I tried to contact the author, but i was unable to find ANY contact info.

Follow-Ups:
- Re: Simple CMS
  - From: Volker Tanger

Prev by Date: Re: "Moving" Stack: my poor return address!
Next by Date: Re: "Moving" Stack: my poor return address!
Previous by thread: EEYE: research.eeye.com
Next by thread: Re: Simple CMS
Index(es):
- Date
- Thread

Relevant Pages

Re: Encoding für Umlaute
... lieber bei Microsoft schreibe. ... Das erste Posting könnte man ja über Google ... Was kann denn der Proxy hervorrufen, dass die Zeichen nicht richtig rüber ... Bzw. was muss ich den Admin fragen? ...
(microsoft.public.de.german.entwickler.dotnet.asp)
Re: owner name as user, how do i...
... somehow this response is not as i expected. ... > ...and an admin should know how to google, ...
(microsoft.public.windowsxp.help_and_support)
Re: owner name as user, how do i...
... somehow this response is not as i expected. ... > ...and an admin should know how to google, ...
(microsoft.public.windowsxp.setup_deployment)
Re: owner name as user, how do i...
... somehow this response is not as i expected. ... > ...and an admin should know how to google, ...
(microsoft.public.windowsxp.basics)
Re: Content Management System question
... Using a CMS allows many other things than just allow the user to update the ... there are plenty on the web (see Google). ... FCKEditor and HTMLArea are very good, and they both work in Firefox ...
(comp.lang.php)