2013-01-11, 01:06:06
shawn_a: thanks for checking all of it. Very good job!
Now your answers:
- I'm doing a lot of webapplication penetration testing, bug hunting, etc etc, and once uppon a day I found at sourceforge 'GetSimple CMS', when I was looking for 'php mysql cms'.
- next was checking if this version from sourceforge = your-latest-version at this site (get-simple.info).
- next when I confirmed that this is 'latest' once, I've downloaded it, and install on my Ubuntu 12.04 box (with Apache and PHP - if you need version I can check it too, but it was default ubuntu installation).
- next: cache/history/cookies was cleared, firefox was restarted.
- exploit(s) work fine ;P
Let me know if you need more details. Mike has a directly contact to me, so you can also mail me (because, from now to tommorow I'll be offline).
Also: as my post at blog was about 'vulnerability' - let me know when patched version will be available cuz I want to add to post information about your work (as I described it for example for Concrete5 CMS or Joomla, etc etc...)
Cheers,
Jakub o/
Now your answers:
- I'm doing a lot of webapplication penetration testing, bug hunting, etc etc, and once uppon a day I found at sourceforge 'GetSimple CMS', when I was looking for 'php mysql cms'.
- next was checking if this version from sourceforge = your-latest-version at this site (get-simple.info).
- next when I confirmed that this is 'latest' once, I've downloaded it, and install on my Ubuntu 12.04 box (with Apache and PHP - if you need version I can check it too, but it was default ubuntu installation).
- next: cache/history/cookies was cleared, firefox was restarted.
- exploit(s) work fine ;P
Let me know if you need more details. Mike has a directly contact to me, so you can also mail me (because, from now to tommorow I'll be offline).
Also: as my post at blog was about 'vulnerability' - let me know when patched version will be available cuz I want to add to post information about your work (as I described it for example for Concrete5 CMS or Joomla, etc etc...)
Cheers,
Jakub o/
(2013-01-11, 00:21:51)shawn_a Wrote: HauntIT, I appreciate your assistance finding anything else.
I would love to know how your test setup got to this state that it is missing the salt.
Was this a fresh install, an upgrade from x -> x, I would like to nail down or at least identify who might be at risk.
Did you wipe your data directories at some point ?
Is this windows, do we have a path slash issue on install.php.
There are many variables and your exploit post does not detail configuration.