Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross Site Scripting Vulnerability in GetSimple CMS v-3.3.13 #1293

Closed
riteshgupta1993 opened this issue Aug 11, 2018 · 10 comments
Closed

Cross Site Scripting Vulnerability in GetSimple CMS v-3.3.13 #1293

riteshgupta1993 opened this issue Aug 11, 2018 · 10 comments

Comments

@riteshgupta1993
Copy link

Vulnerability name-Cross SIte Scripting.
Severity: High
Submitted By: Ritesh Kumar
Email: riteshreapers@gmail.com
Vendor of Product: GetSimple CMS
Version: 3.1.13
Attack type: remote

Description:
Hello,
I would like to report a vulnerability that I discovered in GetSimple CMS-v3.3.13, which can be exploited to perform Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization in the "Add New Page" parameter. The exploitation example below uses the "alert()" JavaScript function to display "XSS" as alert text.

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source; the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

STEPS TO REPRODUCE:

1.Login to GetSimple CMS

2.Open the URL

" http://127.0.0.44/admin/pages.php".

3.Click on Create New Page button then it will be redirected to http://127.0.0.44/admin/edit.php

4.enter the malicious java script “><svg/onload=alert(“XSS”)> into Add New Page parameter and add some text in body part then save the page.

5.Now view that page by clicking on view button, xss will be get executed and XSS will be reflected on the browser.

PROOF OF CONCEPT:

1: Enter the malicious java script “><svg/onload=alert(‘xss’)> into Add New Page and add some text in body part then click on save button.
simple2

2: click on view and view that page.
simple3

3: After clicking on VIEW button our XSS payload will bet get executed.
simple4

@tablatronix
Copy link
Member

Thanks, this was fixed in 3.4 and not implemented in 3.3.x yet.

@attritionorg
Copy link

@tablatronix Can you link to the fixing commit? Thanks!

@tablatronix
Copy link
Member

I am deferring it to 3.3.15 hotfix
No commit yet

@attritionorg
Copy link

@tablatronix gotcha, thanks!

@tablatronix tablatronix added this to the 3.3.15 milestone Aug 28, 2018
@fgeek
Copy link

fgeek commented Sep 7, 2018

Does this vulnerability have CVE?

@tablatronix tablatronix modified the milestones: 3.3.15, 3.3.16 Sep 7, 2018
@riteshgupta1993
Copy link
Author

riteshgupta1993 commented Sep 8, 2018

yes,it have cve

@fgeek
Copy link

fgeek commented Sep 9, 2018

Seems to be CVE-2018-15843

@riteshgupta1993
Copy link
Author

riteshgupta1993 commented Sep 10, 2018 via email

@tablatronix
Copy link
Member

I cannot reproduce this now, hmm

@tablatronix
Copy link
Member

tablatronix commented May 22, 2019

nm, I got it, had syntax issue, had to fix quotes
“><svg/onload=alert('XSS')>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants