GetSimple Authenticated Stored Cross-Site Scripting(XSS)
Description
Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate, but vulnerable, website or web application.GetSimple CMS does not filter the content correctly at the "content" module, resulting in the generation of stored XSS.
Affects CMS
GetSimple CMS
https://github.com/GetSimpleCMS/GetSimpleCMS
Author
Proof of Concept
-
Login the CMS.
-
Open Page http://127.0.0.1:8086/admin/edit.php
-
Put XSS payload (<script>alert(111)</script>) in the content box and click on save page to publish the page
-
Use "burp" to capture and change packages
-
Viewing the successfully published page,We can see the alert.



