Dmi3yy / modx.evo.custom

Welcome to the new evolution of MODX Evolution!
https://github.com/evolution-cms/
65 stars 56 forks source link

http://www.clippercms.com/forum/viewtopic.php?pid=1647 #298

Closed Dmi3yy closed 8 years ago

Dmi3yy commented 8 years ago

ClipperCMS 1.3.0: Code Execution http://blog.curesec.com/article/blog/do … on-93.html - This issue has not been fixed by the vendor. ClipperCMS 1.3.0: Code Execution Exploit http://blog.curesec.com/article/blog/Cl … it-96.html ClipperCMS 1.3.0: CSRF http://blog.curesec.com/article/blog/Cl … RF-97.html - This issue has not been fixed by the vendor. ClipperCMS 1.3.0: Path Traversal http://blog.curesec.com/article/blog/Cl … al-98.html - This issue has not been fixed by the vendor ClipperCMS 1.3.0: SQL Injection http://blog.curesec.com/article/blog/Cl … on-99.html - This issue has not been fixed by the vendor. ClipperCMS 1.3.0: XSS http://blog.curesec.com/article/blog/Cl … S-101.html - This issue has not been fixed by the vendor.

yama commented 8 years ago

https://blog.curesec.com/article/blog/ClipperCMS-130-XSS-101.html I checked this information. All tests are OK by Evo.

[XSS 1] CVSS ClipperCMS - NG Evo - OK

[XSS 2] CVSS ClipperCMS - NG Evo - OK

[XSS 3] CVSS ClipperCMS - NG Evo - OK

[XSS 4ff] CVSS ClipperCMS - NG Evo - OK

Dmi3yy commented 8 years ago

Thanks )

yama commented 8 years ago

https://blog.curesec.com/article/blog/ClipperCMS-130-SQL-Injection-99.html I checked this information. All tests are no problem by Evo.

SQL Injection 1 (Blind) ClipperCMS - NG Evo - No problem

SQL Injection 2 ClipperCMS - NG Evo - No problem

SQL Injection 3 ClipperCMS - NG Evo - No problem

yama commented 8 years ago

https://blog.curesec.com/article/blog/ClipperCMS-130-SQL-Injection-99.html I seem had problem ClipperCMS.

https://github.com/modxcms/evolution/commit/5711c318ec0f0db28723c1328d46a15e547827be This point. Evo has no problem. strpos($this->post['file'],'../')!==false

yama commented 8 years ago

https://blog.curesec.com/article/blog/ClipperCMS-130-CSRF-97.html No problem Evo.

https://blog.curesec.com/article/blog/ClipperCMS-130-Code-Execution-Exploit-96.html I can not test. Because development languages are different, I do not understand it.

https://blog.curesec.com/article/blog/dotclear-281-Code-Execution-93.html ??? dotclear?

yama commented 8 years ago

http://blog.curesec.com/article/blog/dotclear-281-Code-Execution-93.html I seem, this is wrong information.

Affected Product: dotclear 2.8.1 Fixed in: 2.8.2 Fixed Version Link: http://download.dotclear.org/latest.zip Vendor Website: http://dotclear.org/

dotclear is other product.

https://blog.curesec.com/article/blog/ClipperCMS-130-Code-Execution-95.html Maybe, this.