Skip to content

Latest commit

 

History

History
25 lines (21 loc) · 1013 Bytes

CVE-2020-35241.md

File metadata and controls

25 lines (21 loc) · 1013 Bytes

CVE-2020-35241 - FlatPress 1.0.3 - 'Blog Content' Stored Cross-Site Scripting

Exploit Title: FlatPress 1.0.3 - 'Blog Content' Stored Cross-Site Scripting

Date: 04-12-2020

Exploit Author: Hemant Patidar (HemantSolo)

Version: 1.0.3

Tested on: Windows 10/Kali Linux

Stored Cross-site scripting(XSS): Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.

Vulnerable Parameters: Admin Page and Blog Content.

Steps-To-Reproduce:

  1. Go to the FlatPress admin page.
  2. Now go to the Entries - Write Entry.
  3. Now enter any subject.
  4. Put the below payload in Content: "<script>alert(document.cookie)</script>"
  5. Now click on Save&Continue button.
  6. The XSS will be triggered.

POC: alt text