CMSimple 5.2 – ‘External’ Stored XSS

• Exploit Database
• 113 阅读

• 作者： Quadron Research Lab
  日期： 2021-04-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49751/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

  # Exploit Title: CMSimple 5.2 - 'External' Stored XSS # Date: 2021/04/07 # Exploit Author: Quadron Research Lab # Version: CMSimple 5.2 # Tested on: Windows 10 x64 HUN/ENG Professional # Vendor: https://www.cmsimple.org/en/   [Description] The CMSimple 5.2 allow stored XSS via the Settings > CMS > Filebrowser > "External:" input field.   [Attack Vectors] The CMSimple cms "Filebrowser" "External:" input field not filter special chars. It is possible to place JavaScript code. The JavaScript code placed here is executed by clicking on the Page or Files tab.   [Proof of Concept] https://github.com/Quadron-Research-Lab/CVE/blob/main/CMSimple_5.2_XSS.pdf