Exploits / Vulnerability Discovered : 2020-10-01 |
Type : webapps |
Platform : php
This exploit / vulnerability Getsimple cms 3.3.16 persistent crosssite scripting (authenticated) is for educational purposes only and if it is used you will do on your own risk!
1. Description:
----------------------
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page.
3. Affected parameter:
----------------------
'permalink' on /admin/settings.php
3. Exploitation steps:
----------------------
1: Create a new page
2: Go to Settings on the right top of the page
3: Add XSS payload to "Custom Permalink Structure" text field
4: Save Settings
5: Go to the tab 'pages' to trigger the XSS alert popup
3: Example payload:
----------------------
"><img src=x onerror=alert('XSS')>
4: Burp Request:
----------------------
POST /GetSimpleCMS-3.3.16/admin/settings.php HTTP/1.1