Getsimple CMS 3.3.1 – Persistent Cross-Site Scripting

• Exploit Database
• 131 阅读

• 作者： Jeroen - IT Nerdbox
  日期： 2014-03-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/32502/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57

  # Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting   # Google Dork: N/A   # Date: 24-03-2014   # Exploit Author: Jeroen - IT Nerdbox   # Vendor Homepage: http://get-simple.info/   # Software Link: http://get-simple.info/download/   # Version: v3.3.1   # Tested on: N/A   # CVE : N/A   #   ## Description:   #   # In the administrative interface, the users can change their personal settings. The parameters "name" and   # "permalink"do not properly sanitize its input and allows malicious code to be stored in the XML file.   #   ## PoC:   # Admin"><script>alert("1");</script>   # http://url/admin/settings.php   #   #   # The following parameters are vulnerable:   #   # 1. Permalink   # 2. Name   #   #   # More information can be found at: http://www.nerdbox.it/getsimple-cms-v3-3-1-vulnerabilities/