Which CMS? How to get in?

Hi,

does anyone know which cms this is?
I do have ftp access to the website but the owner doesn’t know the admin login details for the cms.
Anyone knows how to retrieve them from this particular cms?

Thanks.

Hi Yatsuba. Welcome to the forums.

Have you spoken to the person who set this up?

You will probably get a clue what CMS it is by looking at the files via FTP … assuming it’s not a custom CMS.

Hi,

I looked at the files but haven’t had a clue yet. Propably the passwords are somewhere in the database but I don’t know what to look for.
The company does no longer exits.

I just found the fucntions.php, but where can I find the passwords and how?

<?
	date_default_timezone_set("Europe/Paris");
	function login($userName,$userPassword){
		global $error, $erroruserName, $erroruserPassword;
		if(empty($userName)){
			$erroruserName = true;
			$error = true;
		}
		if(empty($userPassword)){
			$erroruserPassword = true;
			$error = true;
		}
		
		if(!$error){
			$query	=	"
				SELECT		*
				FROM		users
				WHERE		userName = '".$userName."'
				AND			userPassword = '".md5($userPassword)."'
			";
			$result = mysql_query($query) or die(mysql_error());
			if(mysql_num_rows($result)){
				$row = mysql_fetch_array($result) or die(mysql_error());
				
				$_SESSION["loggedin"] = true;
				$_SESSION["userName"] = $userName;
				$_SESSION["userLastLoginDate"] = $row["userLastLoginDate"];
			
				$updateuser = "
					UPDATE		users
					SET			userLastLoginDate = '".$row["userLastLoginTemp"]."'
					,			userLastLoginTemp = '".date('c')."'
					WHERE		userName = '".$userName."'
				";
				$resultuser = mysql_query($updateuser) or die(mysql_error());
				
			}
			else {
				$error = true;
				$erroruserPassword = true;
				$erroruserName = true;
			}
		}
	}
	
	function loguit() {
		session_destroy();
		header('Location: index.php');
	}
	
	function addProduct($categoryItemName,$categoryItemCategoryId,$categoryItemInformation,$itemInformationName1,$itemInformationInformation1,$itemInformationName2,$itemInformationInformation3,$itemInformationName3,$itemInformationInformation3,$categoryItemPrice,$itemImageName1,$itemImageName2,$itemImageName3,$itemImageName4){
	}
	
function resizeImage($originalImage,$toWidth,$toHeight){
    
    // Get the original geometry and calculate scales
    list($width, $height) = getimagesize($originalImage);
    $xscale=$width/$toWidth;
    $yscale=$height/$toHeight;
    
    // Recalculate new size with default ratio
    if ($yscale>$xscale){
        $new_width = round($width * (1/$yscale));
        $new_height = round($height * (1/$yscale));
    }
    else {
        $new_width = round($width * (1/$xscale));
        $new_height = round($height * (1/$xscale));
    }

    // Resize the original image
    $imageResized = imagecreatetruecolor($new_width, $new_height);
    $imageTmp     = imagecreatefromjpeg ($originalImage);
    imagecopyresampled($imageResized, $imageTmp, 0, 0, 0, 0, $new_width, $new_height, $width, $height);

    return $imageResized;
}
?>

From the looks of that code, I expect it’s a custom built CMS. Have you checked with the builtwith.com website? That often picks up common CMS systems but not always and definitely not if it’s a custom built setup.

What does the directory structure look like? Often you can detect the type of CMS based on the way they set up their directory structure.

Looking at that code user info is stored in the users table. The password and usernames are in columns userName and userPassword. The password is a md5 string.

			$query	=	"
				SELECT		*
				FROM		users
				WHERE		userName = '".$userName."'
				AND			userPassword = '".md5($userPassword)."'
			";

When you do a “view source”, is there anything in the HTML code that gives a clue as to what the CMS is? Is there a table for user groups and a table for recording what user groups a user is a member of? If the owner is already registered as a user of the CMS you could try to manually add them to whatever usergroup is made up of Administrators.

In any case I think you should consider migrating the site over to a new CMS because:

• That CMS is using the mysql_* extension which is now depreceated as of the current version of php, the mysql_* extension will very likely be removed from the next version of PHP. You should now be using either the mysqli_* extension or PDO (PDO is prefereable as it doesn’t tie you down so much to a given database server software).
• It appears that user submitted data is being plugged straight into a query, you should be sanitizing the contents of the user submiited data (in this case the username and possword) before allowing it anywhere near the database (either by use of the mysqli_real_escape_string() string function or more preferably by making use of [URL=“http://php.net/manual/en/mysqli.quickstart.prepared-statements.php”]prepared statements) otherwise your code will be vulnerable to an [URL=“http://php.net/manual/en/security.database.sql-injection.php”]SQL Injection attack. All user submitted data no matter how it’s being submitted (GET, POST or REQUEST arrays or a cookie) must always be considered unsafe untill it has been validated and sanitized.
• The md5 hashing function is no longer secure, it can be brute forced given enough computer processing power and it has been “rainbow tabled” to death. At the very, very minumum you should be using a strong salt when hashing a password. I’m recoding an app myself atm, and I’ve gone for sha512 and will have an individual salt for each user and a separate common salt with both salts being used (I need to look up the implications of that).

So I found the Username and MD5 hash (password) in the database, but is it even possible to decrypt in an easy way?
I think it’s a custom cms, I can’t find anything that points in the direction of common cms.
If i can’t decrypt it, how can I get access? Or you just can’t?

I am aware that the website should be updated, but the owner doesn’t want it at this time.

You will need to create an account manually. Hopefully that is as simple as creating a new record in the users table though it could be much more complex. The best thing to do is get a local copy and start playing with it. I wouldn’t recommend doing anything on the live server.

Have you found a reset password function or routine? If so, I would change the email address for the admin account and do a reset password, where if all goes well you should receive the password reset link or instructions.

Sadly, I’ve run into this issue numerous times and more and more often over the past 5 - 6 years. In most cases, I’ve found it most economical to whip together a duplicate of the site using a well supported CMS like Drupal and importing the content. If it’s a very complex site, you end up looking at a fairly involved build though. I just quoted on a pair of related websites that require this type of treatment and it’s not going to be cheap. On the upside, they’ll have a spanky new site in a fully documented CMS.

I agree, you should be able to create an account and hash the password using md5 and get access to the internals. You’ll want to see if there are any roles that provide you with more or less access and make sure you have a top level account but that should be quite doable.

How much control does the owner have over the configuration of the server? If they don’t any control over what version of PHP is installed you should explain to them that if however controls what version of PHP is on the server, installs the next version of PHP, there’s a strong possibility that the site could completely break if that version of PHP is one where the mysql_* extension has been removed.

With that screenshot in post #1 (login-screen?), can you please copy and paste the output of a view source into this thread? There might be something there that would give someone a clue as to what CMS it is.

What’s the general purpose of the CMS (eg; a blog, a forum, a wiki, etc)?

On the upside, they’ll have a spanky new site in a fully documented CMS.

You must not be talking about Drupal than. More than 50% of the time I find myself needing to crawl code to figure things out. Especially with contributed modules. Most contributed modules lack any form of documentation besides a worthless readme file. The Drupal ecosystem as a whole is pretty powerful for being free so it is a trade off. No developers enjoy writing documentation.

However, I will concur with what your saying if redevelopment of the site is practical given the clients budget.

If someone can’t even find the authentication credentials for a site what makes you think that they are interested or qualified to re-engineer a CMS. I completely agree that there are issues just looking at the code but it doesn’t sound like the client is interested nor service provider has the capabilities to redevelop/secure the system. So I don’t think it is worth dwelling on. Sounds like this is a case of letting the owner learn best through failure.

I saw some kind of CMS before, the one from the Vietnam, but I do not know what CMS it is.

Seeing “Gebruikersnaam” and “Wachwoord” on the log in image I would have guessed that if not a Localized English CMS it might be Dutch or German, but I certainly would never have quessed it was Vietnamese!

That’s dutch

Anyway, instead of creating a new account, you might also just update the password with a md5(‘new password’) for the admin through PHPMyAdmin (for example).

I think this Cms is wordpress.Sorry i don’t have idea how to acess other user.

Why do you think it’s WordPress?
Is there some telltale sign visible in the screenshot that clues you in?