Sorry, Brother Wu. Let's take a look at your website today!
World web site http://www.unnoo.com/, first read the home page, I feel pretty good, the typical CMS structure.
I feel a little familiar with the interface layout. The original uses CMS Made Simple, Official Website: http://www.cmpressesimple.org /.
Now that you know the products you are using, I found the vulnerabilities on the Internet and found the following:
2008-05-12 |
CMS Made Simple <= 1.2.4 (filemanager module) File Upload Exploit |
3898 |
R |
|
D |
|
Egix |
2007-12-30 |
CMS Made Simple <= 1.2.2 (tinymce module) SQL Injection vuln |
3143 |
R |
|
D |
|
Egix |
2007-09-21 |
CMS Made Simple 1.2 Remote Code Execution Vulnerability |
5755 |
R |
|
D |
|
Irk4z |
Okay, let's see if all the websites are in these versions, visit http://www.unnoo.com/doc/CHANGELOG.txt
Expected result
Version 1.4.1 "Spring Garden"
-----------------------------
-Fixes an issue with the "name" parameter being broken on the stylesheet tag
-Fixes an issue with changing group permissons on Windows Hosts
-Fixes an issue with Group Assignment
-Fixes a hard-coded table prefix in the CSS associations stuff
-Fixes a problem with request_uri not being set on IIS hosts (stupid windows)
-Tinymce: Fixed problem with cmslinker not allowing to select parentpages
Fixed a small bug which cocould cause invalid relative URLs to be generated
It seems that the latest version is used, and the security awareness is good.
Next, let's review the latest code vulnerabilities. This is purely physical, so we will not look down. One is to consider Angkor's face, and the other is Angkor's
The website was hacked by me, so I am too embarrassed.
Conclusion, in general, the security awareness is very strong, the most interesting is that the background address to http://www.unnoo.com/googlebaidu/login.php
But the defects can also be imagined, because the code is made public on the Internet, this gives others the opportunity to study the vulnerability, and the energy is still relatively safe to develop by themselves.