Textpattern CMS 4.9.0-dev – ‘Excerpt’ Persistent Cross-Site Scripting (XSS)

• Exploit Database
• 14 阅读

• 作者： Tushar Vaidya
  日期： 2021-03-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49617/

• # Exploit Title:Textpattern CMS 4.9.0-dev - 'Excerpt' Persistent Cross-Site Scripting (XSS)
  # Date: 2021-03-04
  # Exploit Author: Tushar Vaidya
  # Vendor Homepage: https://textpattern.com
  # Software Link: https://textpattern.com/start
  # Version: v 4.9.0-dev
  # Tested on: Windows
  
  Steps-To-Reproduce:
  1. Login into Textpattern CMS admin panel.
  2. Now go to the *Content > Write > ** Excerpt*.
  3. Now paste the below payload in the URL field.
  
  Ba1man”><img src=x onerror=confirm(document.cookie)>
  
  4. Now click on the *Save* button.
  5. Now go to the *articles* page
  5. The XSS will be triggered.