Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL Injection in "module" parameter of phpWebSite CMS #293

Open
PauloChoupina opened this issue Mar 21, 2017 · 6 comments
Open

SQL Injection in "module" parameter of phpWebSite CMS #293

PauloChoupina opened this issue Mar 21, 2017 · 6 comments

Comments

@trf000
Copy link
Collaborator

trf000 commented Mar 21, 2017

These are incredibly old instances of phpWebsite. In some cases over a decade old.

@PauloChoupina
Copy link
Author

How can you tell?

@trf000
Copy link
Collaborator

trf000 commented Mar 21, 2017

Well, a few have copyright dates of 2006. Pagemaster isn't a module anymore and the position= references layout positioning from phpWebsite pre 1.x

Those sites are Ooooold. So very old.

@PauloChoupina
Copy link
Author

ok
In another point. I have tried to setup a copy of my own to test but I couldn't get it to work properly.

I deploy a new vps, then wget the master.zip, unzip, intall lamp (via tasksel), mv diretory to /html access via browser and I get this error: http://pastebin.com/MtsBZ48u

So i did something i can't recall with composer, and somehow i got a new page, sying phpwebsite couldn't install because you need to compile GK something..
I gave up there..

Could you point me any instrucions ?

@jlbooker
Copy link
Contributor

@PauloChoupina You need to run composer install from the command line in the project's root directory. This will install the Composer autoload.php file that the error message is referring to.

@PauloChoupina
Copy link
Author

Got it. I will get back to it when i got the time. Thank you and sorry about about the worng perception.

btw, I registed a cve and did a exploit request to exploit-db, so if this is a old dated version, this is going to create some confusion.. xD i will try to cancel the publishing of the exploit

Sorry guys xD

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants