citadelo logo

All news

26 January 2018 / 2 minutes of reading

We found vulnerability of CMS Made Simple

CMS Made Simple is a free, open source CMS to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management.


Details about Made Simple CMS

CMS Made Simple (CMSMS) is a free, open source (GPL) content management system (CMS) to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management. (Source: wikipedia)

It is possible for an authenticated user with admin access to misuse XSS vulnerability in Admin panel and in extensions. The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains ability to execute own client-side code in context of another user. This can lead to taking actions under other admin user account. Also passwords are stored as salted MD5 hash.

Vulnerabilities

XSS v Admin search

Payload: <script>alert(document.domain)</script>
Description: After insert of payload to input, it is needed to reload webpage to trigger payload

Stored XSS v manage shortcuts

Payload: <script>alert(document.domain)</script>
Parameter: name

Stored XSS v global settings, content editing settings, maintenance mode

Payload: <script>alert(document.domain)</script>

Stored XSS v global settings

Payload: <script>alert(1)</script>
Parameter: global metadata
Description: Also triggers in visitors site

Stored XSS in title of article

Payload: XSS <script>alert(document.domain)</script>
Description: Triggers in admin area and article content triggers also in visitors site. Here is needed to modify request with proxy, because website encodes few characters before sending.

Stored XSS v settings - content manager

Payload: <script>alert(document.domain)</script>

 

Because developers decided to not fix these vulnerabilities, best advice is to use another - regularly updated CMS, like Wordpress.

These vulnerabilities were discovered by Tomas Volny from Citadelo.

logo
Member of Boltonshield

Sign up for our newsletter for all the important cybersecurity and ethical hacking news.

Home

GDPR

Contacts

Code of ethics

News

© 2024 citadelo AG. All rights reserved.

facebooklinkedinxyoutube