Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross Site Scripting(XSS) Vulnerability via upload in Latest Release 3.3.16 admin/upload.php #1336

Open
Cyc1e183 opened this issue Mar 19, 2021 · 2 comments

Comments

@Cyc1e183
Copy link

Cyc1e183 commented Mar 19, 2021

Affected version : GetSimpleCMS before 3.3.16.

Vulnerable file : /admin/upload.php.

Vulnerability type : Cross Site Scripting(XSS)

The file content filtering in upload.php is not comprehensive. Adding comments or jpg and other file header information in the file content can lead to the successful upload of files such as xla, pages, gzip, etc. that contain HTML code. If an attacker adds malicious js scripts to the HTML code, it may trigger cross-site scripting (XSS) vulnerabilities and threaten user information.
image-20210319213534957
image-20210319213004647
image-20210319213212954
image-20210319213336645

Repair suggestion: Filter sensitive characters in uploaded files, such as <script>, etc.

@Cyc1e183
Copy link
Author

I think this is also an important security issue, which is mainly caused by the security rules of GetSimpleCMS. The security rules should be repaired.

@tablatronix
Copy link
Member

This requires priv escalation, its not guest uploads, so threat is low. An attacker with admin pass and hash already would have full access to everything..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants