We found vulnerability of CMS Made Simple

We found vulnerability of CMS Made Simple

Details about Made Simple CMS

CMS Made Simple (CMSMS) is a free, open source (GPL) content management system (CMS) to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management. (Source: wikipedia)

It is possible for an authenticated user with admin access to misuse XSS vulnerability in Admin panel and in extensions. The vulnerability exists due to insufficient filtration of user-supplied data. By exploiting this vulnerability, an attacker gains ability to execute own client-side code in context of another user. This can lead to taking actions under other admin user account. Also passwords are stored as salted MD5 hash.


XSS v Admin search
Payload: <script>alert(document.domain)</script>
Description: After insert of payload to input, it is needed to reload webpage to trigger payload
Stored XSS v manage shortcuts
Payload: <script>alert(document.domain)</script>
Parameter: name
Stored XSS v global settings, content editing settings, maintenance mode
Payload: <script>alert(document.domain)</script>
Stored XSS v global settings
Payload: <script>alert(1)</script>
Parameter: global metadata
Description: Also triggers in visitors site
Stored XSS in title of article
Payload: XSS <script>alert(document.domain)</script>
Description: Triggers in admin area and article content triggers also in visitors site. Here is needed to modify request with proxy, because website encodes few characters before sending.
Stored XSS v settings - content manager
Payload: <script>alert(document.domain)</script>

Because developers decided to not fix these vulnerabilities, best advice is to use another - regularly updated CMS, like Wordpress.

These vulnerabilities were discovered by Tomas Volny from Citadelo.

About the author

Citadelo is a firm of ethical hackers on your side. We think like hackers, but we don't abuse it. On the contrary, our main goal is to reveal vulnerabilities without causing damage. We have been conducting simulated attacks for our clients since 2006
Show more from author

Related blogs