Home > Others

Watch the world's website security

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Sorry, Brother Wu. Let's take a look at your website today!

World web site http://www.unnoo.com/, first read the home page, I feel pretty good, the typical CMS structure.

I feel a little familiar with the interface layout. The original uses CMS Made Simple, Official Website: http://www.cmpressesimple.org /.

Now that you know the products you are using, I found the vulnerabilities on the Internet and found the following:

2008-05-12 CMS Made Simple <= 1.2.4 (filemanager module) File Upload Exploit 3898 R D Egix
2007-12-30 CMS Made Simple <= 1.2.2 (tinymce module) SQL Injection vuln 3143 R D Egix
2007-09-21 CMS Made Simple 1.2 Remote Code Execution Vulnerability 5755 R D Irk4z

Okay, let's see if all the websites are in these versions, visit http://www.unnoo.com/doc/CHANGELOG.txt

Expected result

Version 1.4.1 "Spring Garden"
-----------------------------
-Fixes an issue with the "name" parameter being broken on the stylesheet tag
-Fixes an issue with changing group permissons on Windows Hosts
-Fixes an issue with Group Assignment
-Fixes a hard-coded table prefix in the CSS associations stuff
-Fixes a problem with request_uri not being set on IIS hosts (stupid windows)
-Tinymce: Fixed problem with cmslinker not allowing to select parentpages
Fixed a small bug which cocould cause invalid relative URLs to be generated

It seems that the latest version is used, and the security awareness is good.

Next, let's review the latest code vulnerabilities. This is purely physical, so we will not look down. One is to consider Angkor's face, and the other is Angkor's

The website was hacked by me, so I am too embarrassed.

Conclusion, in general, the security awareness is very strong, the most interesting is that the background address to http://www.unnoo.com/googlebaidu/login.php

But the defects can also be imagined, because the code is made public on the Internet, this gives others the opportunity to study the vulnerability, and the energy is still relatively safe to develop by themselves.

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
get the permalink website security plugin hacked security cameras website php website security website security features website security threats godaddy website security basic

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More