Skip to content
Permalink
dbd10a47b0
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
27 lines (15 sloc) 1.35 KB

GetSimpleCms-3.3.16 XSS vulnerability

DESCRIPTION

GetSimple CMS is a flatfile CMS that works fast and efficient and has the best UI around, it is written in PHP.

Official Website - http://get-simple.info/ Github - https://github.com/GetSimpleCMS/GetSimpleCMS

GetSimple CMS XSS vulnerability verification

http://127.0.0.1/GetSimpleCMS-3.3.16/admin/settings.php Website URL: "siteURL" parameter has XSS vulnerability. image-20210706111219135

image-20210706183928602

Function TSL returns part of $path image-20210706144415747

$_POST collects the value of the "siteURL" from the form with method="post". Function TSL returns part of the $path. $siteURL contains JavaScript image-20210706144613886

<div class="rightsec">rendered javascript, XSS executed successfully

image-20210706163621034

Vulnerability executed successfully