Download
2013-01-12, 01:05:43
Agreed this really is no threat to a standard install of GS312
Code as published will not work on a standard install of GetSimple 3.1.2
I have been able to get something working but I've had to delete the authorization.xml file and turn off GSNOCSRF in gsconfig and add the missing cookies and POST variables.
Author of the exploit also has some changes made to php.ini on his local build to turn off some security settings to help with his security testing. Quote: 'for example display_error or register_globals (etc,etc) set to 'On' (to get more errors durning pentest/src audit).'
AS for executing a command I've been unable to do this either. I have been able to include a rouge PHP file, but i'd have to have access to your server first to be able to do this.
So all in all I'm unconvinced that this 'exploit' poses any threat to GetSimple.
Code as published will not work on a standard install of GetSimple 3.1.2
I have been able to get something working but I've had to delete the authorization.xml file and turn off GSNOCSRF in gsconfig and add the missing cookies and POST variables.
Author of the exploit also has some changes made to php.ini on his local build to turn off some security settings to help with his security testing. Quote: 'for example display_error or register_globals (etc,etc) set to 'On' (to get more errors durning pentest/src audit).'
AS for executing a command I've been unable to do this either. I have been able to include a rouge PHP file, but i'd have to have access to your server first to be able to do this.
So all in all I'm unconvinced that this 'exploit' poses any threat to GetSimple.
