CMS Made Simple

web, cms, enum

Overview #

Open Source Content Management System : : CMS Made Simple

Version #

Credentials #

admin:
mysql> select user_id,username,password from cms_users;
+---------+----------+----------------------------------+
| user_id | username | password                         |
+---------+----------+----------------------------------+
|       1 | admin    | 9dfb6c17c8992e3a821c47b68fe8e76a |
|       2 | editor   | 5aee9dbd2a188839105073571bee1b1f |
# 62def4866937f08cc13bab43bb14e6f7 - hashed password
# 5a599ef579066807 - salt
hashcat -m 20 62def4866937f08cc13bab43bb14e6f7:5a599ef579066807 /usr/share/wordlists/rockyou.txt

Interesting URL Paths #

Reference: http://svn.cmsmadesimple.org/svn/cmsmadesimple/trunk/

Interesting Files #

config.php
# Example:
# CMSSESSID9d372ef93962=75gsp75a2vdo6ijapmnvqrkdb2
CMSSESSID*

Some Exploits #

# CVE-2019-9053 - change TIME to 2 for better result
searchploit -m php/webapps/46635.py

References #