GetSimple CMS 3.3.1 - Persistent Cross Site Scripting

2014-07-01T00:00:00
ID SSV:85783
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                # Exploit Title: etSimple CMS v3.3.1 Persistent Cross Site Scripting

# Google Dork: N/A

# Date: 24-03-2014

# Exploit Author: Jeroen - IT Nerdbox

# Vendor Homepage: http://get-simple.info/

# Software Link: http://get-simple.info/download/

# Version: v3.3.1

# Tested on: N/A

# CVE : N/A

#

## Description:

#

# In the administrative interface, the users can change their personal
settings. The parameters "name" and 

# "permalink"  do not properly sanitize its input and allows malicious code
to be stored in the XML file.

#

## PoC:

# Admin"><script>alert("1");</script>

# http://url/admin/settings.php

#

#

# The following parameters are vulnerable:

#

# 1. Permalink

# 2. Name

#

#

# More information can be found at:
http://www.nerdbox.it/getsimple-cms-v3-3-1-vulnerabilities/