Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › Archive › PowerCMS › Security Issue - Server Asset Folder

Security Issue - Server Asset Folder

Thread began 8/26/2011 1:40 am by contactus306424 | Last modified 9/19/2011 8:21 am by Dave Buchholz | 3536 views | 8 replies |

8/26/2011 1:40 am | #1 contactus306424

Security Issue - Server Asset Folder

Are you aware that direct unsecure access can be made to the server asset area using the following URL (cms is the PowerCMS folder), you don't need a username or password to gain access.

index.php?lang=default&kfm_caller_type=fck&type=Image

Anyone else concerned about this?

8/26/2011 11:50 am | #2 Jason ByrnesWebAssist

This is fixed in Power CMS 2.1.1.

to fix it in earlier version. edit the HTMLEditor/editor/plugins/kfm/configuration.php file. change:

php:

<?php require_once( "../../../../Connections/PowerCMSConnection.php" ); ?>

<?php require_once( "../../../WA_Globals.php" ); ?>

to:

php:

<?php require_once( "../../../../Connections/PowerCMSConnection.php" ); ?>

<?php require_once( "../../../WA_Globals.php" ); ?>

<?php require_once( "../../../../WA_SecurityAssist/Helper_PHP.php" ); ?>

<?php

if (!WA_Auth_RulePasses("Administrator")){

    die();

}

?>

8/27/2011 1:33 am | #3 contactus306424

Great, thanks for your assistance...

8/28/2011 8:33 pm | #4 contactus306424

I get the following Errors with that modification

Warning: Cannot modify header information - headers already sent by (output started at /home/vanguard/public_html/cmscontrol/HTMLEditor/editor/plugins/kfm/configuration.php:4) in /home/vanguard/public_html/cmscontrol/HTMLEditor/editor/plugins/kfm/includes/session.class.php on line 31

Warning: Cannot modify header information - headers already sent by (output started at /home/vanguard/public_html/cmscontrol/HTMLEditor/editor/plugins/kfm/configuration.php:4) in /home/vanguard/public_html/cmscontrol/HTMLEditor/editor/plugins/kfm/index.php on line 73

8/29/2011 11:59 am | #5 Ray BorduinWebAssist

It looks like you might have an extra space character on line 4 of /HTMLEditor/editor/plugins/kfm/configuration.php.

That is just a guess... If you attach a copy of that page I can look into it further.

Did this help? Tips are appreciated...

8/31/2011 1:17 am | #6 contactus306424

Thanks ray, you are correct there was an extra space in there, all working fine now...

9/19/2011 6:37 am | #7 msummers194171

It appears that I have the same exploit going on my PowerStore site. But my configuration.php file has this content -

<?php require_once( "../../../../Connections/PowerStoreConnection.php" ); ?>
<?php require_once( "../../../../webassist/framework/library.php" ); ?>
<?php
/**
* KFM - Kae's File Manager

How should I implement this fix?

9/19/2011 8:11 am | #8 Jason ByrnesWebAssist

There is a fix for this available in the Known Issues section of the Power Store download center page.

9/19/2011 8:21 am | #9 Dave BuchholzBeta Tester

Jason, surely the fact that the fix is available should be publicised, I have a number of clients who have been affected by this issue and none of them were aware of this fix.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.