CMSimple 4.6.2 Cross Site Scripting

CMSimple 4.6.2 Cross Site Scripting: Posted May 31, 2016; Authored by Manuel Garcia Cardenas; CMSimple versions 4.6.2 and below suffer from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 81de68bdf9a7b279cdc44cfd72219c6809d4b4491086e1b683f57281cbc6f591; Download | Favorite | View

CMSimple 4.6.2 Cross Site Scripting

=============================================
MGC ALERT 2016-004
- Original release date: May 28, 2016
- Last revised:  June 1, 2016
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
-------------------------
Reflected XSS in CMSimple <= v4.6.2

II. BACKGROUND
-------------------------
CMSimple is a php based Content Managemant System (CMS) , which requires no
database. All data are stored in a simple file system.

III. DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in Admin Panel of CMSimple,
that allows the execution of arbitrary HTML/script code to be executed in
the context of the victim user's browser.

The code injection is done through the parameter "subdir" in the page
"userfiles".

IV. PROOF OF CONCEPT
-------------------------
Malicious Request:
/cmsimple/?userfiles&subdir=userfiles/<XSS injection>

Example:
/cmsimple/?userfiles&subdir=userfiles/<script>alert(1)</script>

V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted user's
browser, this can leverage to steal sensitive information as user
credentials, personal data, etc.

VI. SYSTEMS AFFECTED
-------------------------
CMSimple <= v4.6.2

VII. SOLUTION
-------------------------
Update to version 4.6.3

VIII. REFERENCES
-------------------------
http://www.cmsimple.org/

IX. CREDITS
-------------------------
This vulnerability has been discovered and reported
by Manuel Garcia Cardenas (advidsec (at) gmail (dot) com).

X. REVISION HISTORY
-------------------------
May 28, 2016 1: Initial release
June 1, 2016 2: Last revision

XI. DISCLOSURE TIMELINE
-------------------------
May 28, 2016 1: Vulnerability acquired by Manuel Garcia Cardenas
May 28, 2016 2: Send to vendor
May 30, 2016 3: New version that includes patched code
http://cmsimple.org/downloadcounter/dlcount/count.php?id=31
June 1, 2016 4: Sent to lists

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.

XIII. ABOUT
-------------------------
Manuel Garcia Cardenas
Pentester

Top Authors In Last 30 Days

Red Hat 246 files
indoushka 169 files
Jay Turla 150 files
Ubuntu 73 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,120)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,166)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,794)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,837)
UNIX (9,454)
UnixWare (188)
Windows (6,768)
Other

CMSimple 4.6.2 Cross Site Scripting

CMSimple 4.6.2 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

CMSimple 4.6.2 Cross Site Scripting

Share This

CMSimple 4.6.2 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems