Questions tagged [cms]

A Content Management System (CMS) is a platform used to build websites that are easily edited by multiple users.

CMS is an acronym for Content Management System. A CMS is a platform used to build websites that are easily edited by multiple users, without requiring large amounts of expertise in web development.

These platforms can also

extend their functionality through plugins for calendars, blogs, galleries and more
allow novice users to modify content through the use of editors similar to word processors
handle user access for viewing, modifying and promoting content

29 questions

vote

0 answers

Reusing content-encryption key in cms enveloped data

OpenSSL keeps the structure CMS_ContentInfo opaque and in the case of enveloped data generates and manages the content-encryption key completely by itself. It is not possible to provide a content-encryption key generated by yourself. In contrast to…

asked Oct 19 '20 at 07:41

phlipsy

vote

2 answers

How to encode a CMS or S/MIME PEM file with OpenSSL not encrypted or digitally signed?

We developed an application that reads a CMS encoded PEM file with this command: $ openssl cms -verify -in filepath -inform PEM -noverify The file is digitally signed, but we don't care about it, as we only want to extract the contents inside (it…

openssl cms pem

asked Nov 13 '19 at 13:35

pragmatic_programmer

vote

0 answers

Magento site hacked by unknown vulnerability

Home page of my Magento site is hacked. A hacker put his javascript and html code in design/head/includes of table core_config_data. Somehow he updated value of design/head/includes from NULL to his script that's why home page of the site is showing…

vulnerability cms

asked May 11 '17 at 14:38

Derek

vote

1 answer

What are the only possible cases for DB injection?

After reading a bit on DB injections (injecting malicious query code written in SQL, NoSQL, or of any DB querying language), I understand that there are only 3 possible cases for this kind of attack: When no Transform-To-Pure-Text mechanism is…

sql-injection cms

asked Dec 22 '16 at 20:55

user123574

vote

1 answer

Having http site load https content - Approach

My website is an information only website and all the information on it is available to all those who visit the website. There is no sensitive data and no user sessions\logins. The content on my http site is available over both http and https. All…

tls web-browser http cms

asked Aug 03 '16 at 23:04

Chillax

vote

1 answer

Logout CSRF Protection

I am making a CMS and I have a CSRF protection in settings, new article. Should I also put this protection in the logout ?

php csrf cms

asked Dec 27 '15 at 20:56

Thomas Wilson

vote

1 answer

Trying to get a grasp of approximate risk level of CMS admin logins over http

Forgive me for a potentially obvious question--and I know the safe answer is "Always use https!"--but I'm trying to get a grasp on how necessary it is to use https for anyone accessing the backend on CMSes like Drupal, WP, etc. I was wondering if…

tls cms

asked Oct 05 '15 at 16:20

rrr45

votes

0 answers

Strip CMS Signature from file (using openssl?)

I have a lot of binary files that contain some data that is signed using CMS. The files have the form: $ openssl cms -inform DER -in test.cms -cmsout -print CMS_ContentInfo: contentType: pkcs7-signedData (1.2.840.113549.1.7.2) d.signedData: …

openssl digital-signature cms

asked Mar 31 '22 at 07:21

Niklas

votes

1 answer

MongoDB NoSQLi in Cockpit CMS - use of $func?

Please explain how this recent Cockpit CMS exploit works, specifically using the $func operator of the MongoLite library, in more detail. How does it exactly make the PHP code behave? As I understand it, the PHP code uses MongoLite to connect to…

php exploit mongodb cms

asked Aug 18 '21 at 10:16

Nils Deschrijver

votes

1 answer

OpenSSL: how to get matching subject_hash from a CMS SignerInfo?

So OpenSSL can calculate a hash value for X509 certificates that uniquely identifies this certificate: https://www.openssl.org/docs/man1.0.2/man1/x509.html (argument -hash or -subject_hash) now, if I have a CMS file…

certificates hash openssl cms pkcs7

asked Feb 04 '21 at 21:39

matthias_buehlmann

votes

1 answer

LFI to RCE through User-Agent

I'm doing a pentest on a FreeBSD machine running CuppaCMS. Already managed to login into the CMS with admin privilege, but it only takes me to a manager menu, with some options to change some tables and stuff like that, no RCE visible escalation. So…

cms reverse-shell remote-code-execution freebsd lfi

asked Jun 24 '20 at 19:51

mat80n2012 cerqueira

votes

1 answer

what can you do in sql login details and encryption key is available

I am practicing pen testing in a protected box and I have a vulnerable Magento website and I managed to get its MySQL config file which is app/etc/local.xml. In this file there is information such as: …

exploit sql-injection mysql sql-server cms

asked Sep 24 '19 at 17:45

Danny

votes

2 answers

Full protection from shell-script injections (like a "Bash injection") - Is it even possible?

Assume there's a website built with some FOSS CMS (like Drupal) and the websites' directory is owned and grouped by root (instead www-data as common in Apache in Nginx) and a friend of the site's owner mistakenly sees that and tells the…

injection bash cms

asked Jan 03 '17 at 08:01

user123574

votes

2 answers

Prestashop + mod_security concerns

Running a shared hosting service, a client contacted me if I could disable mod_security for their webapp. The thing is, there is this patchwork webshop CMS called Prestashop with some hair-raising solutions (I'm not here to complain about that), and…

mod-security cms

asked Jan 02 '17 at 02:40

Rápli András

2,124
11
24

Prev 1