header-logo
Suggest Exploit
vendor:
FlatPress
by:
ITSecTeam
7,5
CVSS
HIGH
Stored XSS
79
CWE
Product Name: FlatPress
Affected Version From: 0.909.1
Affected Version To: 0.909.1
Patch Exists: YES
Related CWE: N/A
CPE: a:flatpress:flatpress:0.909.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

FlatPress 0.909.1 Stored XSS

Unfiltered comment is used to create last comments block. An attacker can post any script as comment content which will be executed when the page is loaded.

Mitigation:

Input validation should be used to prevent malicious scripts from being stored in the database.
Source

Exploit-DB raw data:

##############################################################################
#Title:             FlatPress 0.909.1 Stored XSS                             #
#Vendor:            http://www.flatpress.org                                 #
#Dork:              "powered by FlatPress"                                   #
##############################################################################
#AUTHOR:            ITSecTeam                                                #
#Email:             Bug@ITSecTeam.com                                        #
#Website:           http://www.itsecteam.com                                 #
#Forum :            http://forum.ITSecTeam.com                               #
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability32.htm #
#Thanks:            r3dm0v3, Pejvak, am!rkh@n & everyone in the world :D     #
##############################################################################

#DESCRIPTION (by vendor):#####################################################
FlatPress is an open-source standard-compliant multi-lingual extensible 
blogging engine which does not require a DataBase Management System to work.


#BUG:#########################################################################
file fp-plugins/lastcomments/plugin.lastcomments.php:
 52:			$content .=	
 53:			"<li>
 54:			<blockquote class=\"comment-quote\" cite=\"comments.php?entry={$arr['entry']}#{$arr['id']}\">
 55:			{$arr['content']} //<-----vulnerable line!
 56:			<p><a href=\"".get_comments_link($arr['entry']).
 57:			"#{$arr['id']}\">{$arr['name']} - {$entry['subject']}</a></p>
 58:			</blockquote></li>\n";

Unfiltered comment is used to create last comments block!


#EXPLOIT:####################################################################
goto comments and post any script as comment content!

Navigation

Suggest Exploit

Services By CQR