flatpressblog / flatpress

FlatPress is a lightweight, easy-to-set-up flat-file blogging engine.
https://flatpress.org
GNU General Public License v2.0
185 stars 57 forks source link

Flatpress- 1.2.1 - Reflected XSS on page parameter #153

Closed s4n-h4xor closed 1 year ago

s4n-h4xor commented 2 years ago

Severity: Medium

Description: Cross-site scripting (XSS) vulnerabilities arise when an attacker sends malicious code to the victim's browser, mostly using JavaScript. A vulnerable web application might embed untrusted data in the output, without filtering or encoding it. In this way, an attacker can inject a malicious script into the application, and the script will be returned in the response. This will then run on the victim's browser. It is observed that the page parameter does not sanitize input properly which leads to reflected XSS attacks.

Technical Impact: It is possible to steal or manipulate customer sessions and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter the blog.

Suggested Remediation:

  1. Application should encode data on output.
  2. Application should filter input on page parameters.

Steps to Reproduce:

  1. Login to the application 1

  2. Entre the below payload in the URL and observe XSS payload getting executed. Payload: http://server/flatpress/admin.php?p=static&action=write&page=%22onfocus%3d%22alert%28document.cookie%29%22autofocus%3d%22zr4da

2

Opening issue here, Got no reply from [hello@flatpress.org] for 2 months

azett commented 2 years ago

Confirmed. Sorry for being late!

Fraenkiman commented 1 year ago

Hello all,

laborix has created a solution in the forum.

With best regards Frank

azett commented 1 year ago

Fixed with 0a7ad2c, thank you very much for reporting!