Search found 3 matches

by werybigmonk
Tue Jun 07, 2011 9:21 pm
Forum: Security
Topic: XSS vulnerability in 3.3, allows deface of website
Replies: 8
Views: 12080

Re: XSS vulnerability in 3.3, allows deface of website

Okay, it seems that attacker used some other method of getting access and disquised it as this method, or used this method to deface site after getting password from config file. Google pointed me at that vulnerability description and it did say "awaiting vendor solution". But I made a mistake when ...
by werybigmonk
Tue Jun 07, 2011 2:07 pm
Forum: Security
Topic: XSS vulnerability in 3.3, allows deface of website
Replies: 8
Views: 12080

Re: XSS vulnerability in 3.3, allows deface of website

I installed my CMSimple in february 2011 using latest version, 3.3 and still got hacked. If issue in that advisory had been fixed there is another... I did copy everything from hacked site before I wiped it and this "> in title was the only thing different from last backup copy. I'll try to find if ...
by werybigmonk
Tue Jun 07, 2011 1:32 pm
Forum: Security
Topic: XSS vulnerability in 3.3, allows deface of website
Replies: 8
Views: 12080

XSS vulnerability in 3.3, allows deface of website

There is a vulnerability in CMSimple 3.3 that allows to deface website using CMSimple. http://www.htbridge.ch/advisory/xss_vulnerability_in_cmsimple.html In short, passing "> to site_title field of the form disrupts adm.php in a way that other settings, including password, can be changed. My website...