huntr.dev
Open in
urlscan Pro
2600:9000:223d:6600:14:bb32:5f00:93a1
Public Scan
URL:
https://huntr.dev/bounties/4b880868-bd28-4fd0-af56-7686e55d3762/
Submission: On March 08 via api from US — Scanned from DE
Submission: On March 08 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
huntr
Open menu
/
Bounties 524 Community More
Responsible disclosure policy
FAQ
Contact us
Hacktivity
Leaderboard
Submit report Login
Logout
huntr
Close menu
/
--------------------------------------------------------------------------------
Bounties
Find your next target
Submission
Submit a report
Hacktivity
Browse public reports
Leaderboard
Our leaderboard
--------------------------------------------------------------------------------
Policy FAQ Contact us
Login
STORED XSS IN MULTIPLE MENUS IN FLATPRESSBLOG/FLATPRESS
0
Valid
Reported on
Dec 21st 2022
--------------------------------------------------------------------------------
DESCRIPTION
The demo website is affected of stored XSS at multiple menus.
PROOF OF CONCEPT 01
#1. Access to the demo website http://demos4.softaculous.com/
#2. Login with admin user they provide, press on menu Uploader, in Uploader tab,
try to upload whichever file then choose Media manager tab.
#3. We can see that the file is uploaded there and the web app allows us to add
new gallery. Write a payload xss there and press Add button (In this scenario, I
used payload "><img src=x onerror=alert("XSS")>
#4. The payload will be triggered immediately.
LINK:
HTTPS://DRIVE.GOOGLE.COM/FILE/D/1VPZVGUIL0HC-ZK-QUD4ZAFVSY38OQUMU/VIEW?USP=SHARING
PROOF OF CONCEPT 02
#1. Access to the demo website and press on Entries menu.
#2. Choose the tab "Write Entry", in Textarea, write xss payload "><img src=x
onerror=alert("XSS")>
#3. Press "Save & Continue" and the payload xss will be trigged in some places.
(Watch PoC video for detail)
LINK:
HTTPS://DRIVE.GOOGLE.COM/FILE/D/12ZOYZQ4GWHW5QMIQ5NKIVIVAXPMRTQFD/VIEW?USP=SHARING
Note: This happen the same with menu Statics.
IMPACT
Be able to steal user's cookies.
We are processing your report and will contact the flatpressblog/flatpress team
within 24 hours. 3 months ago
Chuu modified the report
3 months ago
Chuu modified the report
3 months ago
We have contacted a member of the flatpressblog/flatpress team and are waiting
to hear back 2 months ago
A flatpressblog/flatpress maintainer validated this vulnerability 2 months ago
Part 1 is valid, thanks for reporting. Part 2 is "as designed": Site admin is
able to put custom HTML and JS into entries.
Chuu has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
A flatpressblog/flatpress maintainer marked this as fixed in 1.3 with commit
d3f329 2 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Mar 1st 2023
Chuu
commented 2 months ago
Researcher
--------------------------------------------------------------------------------
thank you so much ! have a good day
A flatpressblog/flatpress maintainer published this vulnerability 8 days ago
Sign in to join this conversation
CVE
CVE-2023-1107 (published)
Vulnerability Type
CWE-79: Cross-site Scripting (XSS) - Stored
Severity
Medium (6.5)
Attack vector Network
Attack complexity Low
Privileged required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None
Open in visual CVSS calculator
Registry
Other
Affected Version
1.2.1
Visibility
Public
Status
Fixed
Found by
Chuu
@uonghoangminhchau
pro
This report was seen 177 times.
We are processing your report and will contact the flatpressblog/flatpress team
within 24 hours. 3 months ago
Chuu modified the report
3 months ago
Chuu modified the report
3 months ago
We have contacted a member of the flatpressblog/flatpress team and are waiting
to hear back 2 months ago
A flatpressblog/flatpress maintainer validated this vulnerability 2 months ago
Part 1 is valid, thanks for reporting. Part 2 is "as designed": Site admin is
able to put custom HTML and JS into entries.
Chuu has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
A flatpressblog/flatpress maintainer marked this as fixed in 1.3 with commit
d3f329 2 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Mar 1st 2023
Chuu
commented 2 months ago
Researcher
--------------------------------------------------------------------------------
thank you so much ! have a good day
A flatpressblog/flatpress maintainer published this vulnerability 8 days ago
Sign in to join this conversation
2022 © 418sec
HUNTR
* home
* hacktivity
* leaderboard
* FAQ
* contact us
* terms
* privacy policy
PART OF 418SEC
* company
* about
* team
Chat with us