Re: Simple CMS
- From: Volker Tanger <vtlists@xxxxxxx>
- Date: Thu, 3 Aug 2006 11:58:45 +0200
On 2 Aug 2006 11:14:43 -0000
daaan@xxxxxxxxx wrote:
The cms from http://www.cms-center.com/ uses no security at all, just
a boolean "isloggedin". If you submit "loggedin=1" in the URL of any
of the admin pages, you get full controll.
Proof:
1. Google for "powered by php mysql simple cms"
2. type "admin/config_pages.php?loggedin=1" behind the url
3. Done. It works on every admin page that uses the so called
auth.php.
*sigh*
Another one of those.
Solution:
Set PHP to register_globals = off
At a *very* brief glance at SimpleCMS it looks as if it should run with
register_globals = off as it's using $_GET and $_POST to access parameters.
Thus it is not even a SimpleCMS-induced bug (as in: requires that
setting) in the PHP configuration, but simply plain ignorance or
stupidity of the webserver admin.
Bye
Volker
--
Volker Tanger http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@xxxxxxx PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
- Follow-Ups:
- RE: Simple CMS
- From: David Schwartz
- RE: Simple CMS
- References:
- Simple CMS
- From: daaan
- Simple CMS
- Prev by Date: Automatic MIME type detection in Internet Explorer 6.x allowed
- Next by Date: Re: Automatic MIME type detection in Internet Explorer 6.x allowed
- Previous by thread: Simple CMS
- Next by thread: RE: Simple CMS
- Index(es):
Relevant Pages
|
|
