CMSimple 5.2 – ‘External’ Stored XSS

Exploit Database
81 阅读

作者： Quadron Research Lab

日期： 2021-04-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49751/

# Exploit Title: CMSimple 5.2 - 'External' Stored XSS
# Date: 2021/04/07
# Exploit Author: Quadron Research Lab
# Version: CMSimple 5.2
# Tested on: Windows 10 x64 HUN/ENG Professional
# Vendor: https://www.cmsimple.org/en/

[Description]
The CMSimple 5.2 allow stored XSS via the Settings > CMS > Filebrowser > "External:" input field.

[Attack Vectors]
The CMSimple cms "Filebrowser" "External:" input field not filter special chars. It is possible to place JavaScript code. 
The JavaScript code placed here is executed by clicking on the Page or Files tab.

[Proof of Concept]
https://github.com/Quadron-Research-Lab/CVE/blob/main/CMSimple_5.2_XSS.pdf

last Exploits
CMSimple 5.2 – ‘External’ Stored XSS的更多信息

HRSALE 1.1.8 – Cross-Site Request Forgery (Add Admin)：
osCommerce 2.3.4.1 – Remote Code Execution：
EyouCMS 1.4.6 – Persistent Cross-Site Scripting：
Geonetwork 4.2.0 – XML External Entity (XXE)：
CMSsite 1.0 – ‘search’ SQL Injection：
Kentico CMS 9.0-12.0.49 – Persistent Cross Site Scripting：
Citrix ADC NetScaler – Local File Inclusion (Metasploit)：
ICSiteBuilder 1.1 – SQL Injection：