Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 3 Jul 2015 13:27:27 +0530
From: Anirudh Anand <anirudhanand722@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: CVE Request: GetSimple CMS: Multiple Stored XSS

Hello,

GetSimple <http://get-simple.info/> is a stand-a-alone, fully independent
and lite Content Management System.

Recently I found that Getsimple CMS is vulnerable to Stored Cross site
scripting attack.

*POC:*

While creating a new page, give the page title as
*new"onmouseover="alert(1)";* and in the content, give *<svg
onload="alert(10)">*. Now save it and then go to *pages.php* and then hover
the mouse over the cross mark (which is used to delete the post). You can
see that XSS is triggered.

Now, go to *backups.php* and hover the mouse over it and again you can see
the XSS triggered. Now open the backup and you can see that *<svg>* is
triggered there. But since there is regex checking in the main pages, the
*<svg>* won't get triggered in the main page.

Any normal user has the ability to add new pages and each time when a post
is saved, it gets automatically saved into *backups.php*

*Date of reporting:* 3rd July, 2015

*Exploit Author:* Anirudh Anand

*Vendor Homepage*: http://get-simple.info/

*Software Link:* http://get-simple.info/download/

*Version affected: *Possibly all version <= 3.3.5

*Tested on:* Linux:- Ubuntu, Debian, PHP - 5.5


The issue has been reported to the vendor:
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1067

Is it possible to assign CVE identifier for the same ?

Thank you,

-- 

Anirudh Anand
bi0s@...ITA
www.securethelock.com

*"Those who Say it cannot be done, should not interrupt the people doing
it"*

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.