CMSimple XSS Vulnerability 3xpl0it
* Persistent XSS vulnerability in CMSIMPLE 3.3
Google dork: Powered by CMSimple
published by: http://packetstormsecurity.org/files/author/8964/
After login to the demo with password=test, choose edit mode, and then, choose
html button in the toolbox, and write the below code, after clearing off the
existing code there. A pop up comes showing persistent xss vulnerability in the
PS: In the demo, as they have mentioned in the site, the write option to files
have been disabled, unlike fullversion. So, here we can only see the way the
script behaves in the layout which shows xss vulnerability, which shall be
persistent in the full version once the write permissions are allowed.
Thanks to side-effects for his valuable guidance and greets to taashu for her
love and support.