Vulnerablities in CMS Made Simple 1.6.6?

[Maarten]

Hi I just came across a Vulnerablities claim targetted on CMS Made Simple 1.6.6. I tried to reproduce it myself but I was unsuccesfull. Maybe because of the secure server configuration.

################################################################

#      .___            __          _______      .___        #

#    __| _/____ _______|  | __ ____ \  _  \    __| _/____    #

#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \  #

#  / /_/ | / __ \|  | \/    \_____  /\_____|\____\  #

#        \/                  \/            \/                #

#                  ___________  ______  _  __                #

#                _/ ___\_  __ \_/ __ \ \/ \/ /                #

#                \  \___|  | \/\  ___/\    /                #

#                  \___  >__|    \___  >\/\_/                  #

#      est.2007        \/            \/  forum.darkc0de.com  #

################################################################

# Greetz to all Darkc0de ,AI,ICW, AH Memebers

# Shoutz to r45c4l,j4ckh4x0r,silic0n,smith,baltazar,d3hydr8,FB1H2S, lowlz,Eberly,Sumit,

#

# Author: Beenu Arora

#

# Home  : www.BeenuArora.com

#

# Email : beenudel1986@gmail.com

#

# Share the c0de!

#

################################################################

#

# Exploit: Multiple Vulnerablities in cmsmadesimple

#

# AppSite: http://www.cmsmadesimple.com/

#

# Tested Version : 1.6.6

# XSS

#

# POC:-http://localhost/cmsmadesimple/index.ph ... ert('XSS')

#

#

#

# Multiple Local File Inclusion

#

# Sample URL:

# POC:-http://server/cmsmadesimple/index.php?m ... eturnid=39

#

#

################################################################

[RonnyK]

Maarten,

thanks for the info.. The modifications for these fixes were already made in SVN last Friday, as the report was known by then. So an 1.6.7 is to be released soon, to handle these 2 reported vulnerabilities..

Ronny

[Maarten]

Good to hear that vulnerabilities are taken care of with such speed! Thanks for the quick update!

[mw]

Maarten,

thanks for the info.. The modifications for these fixes were already made in SVN last Friday, as the report was known by then. So an 1.6.7 is to be released soon, to handle these 2 reported vulnerabilities..

Ronny

Looking at the sample url it contains "boot.ini" in the string, can I assume this exploit is limited to a windows installation?

[iNSiPiD]

Hiya, just downloaded 1.6.7 and 1.6.6 to perform a slipstream install from 1.6.5.

In extracting cmsmadesimple-base-diff-1.6.6-1.6.7.tar there appear to be some redundant files. All are 0kb in size and look like they were accidetnally included in root?

• action.savetoolbar.php
  function.admin_toolbar.php
  safari
  toolbarpanel.tpl

Would appreciate some confirmation before I proceed with the upgrade.

Thank you.

iNSiPiD

[reneh]

Yes these files is leftovers and a bug in make release script included these. (should be ok for future releases)
So these files are harmless.
I'm not sure if you find other problems with this packet - if so you can use one of the other packets for upgrade...
As far I know its ONLY the cmsmadesimple-base-diff-1.6.6-1.6.7.tar.gz that contains thes extra files.

[reneh]

New diff files are available now

http://forum.cmsmadesimple.org/index.ph ... w.html#new

[iNSiPiD]

Cheers, reneh. Ever vigilant.