目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1110

100%
请我们喝杯咖啡

CVE-2025-25460 PoC — FlatPress 安全漏洞

来源
https://github.com/RoNiXxCybSeC0101/CVE-2025-25460
关联漏洞
标题:FlatPress 安全漏洞 (CVE-2025-25460)
Description:FlatPress是FlatPress社区的一个基于Php无需数据库支持的博客建站系统。 FlatPress 1.3.1版本存在安全漏洞,该漏洞源于Add Entry功能中TextArea字段输入未正确清理和转义。经过身份验证的攻击者利用该漏洞可以注入恶意JavaScript。
Description
Cross Site Scripting Vulnerability in Flatpress CMS
介绍
# FlatPress CMS Stored XSS in v1.3.1  
**CVE-2025-25460**  
**Author:** Athul S  

## Description  
A stored Cross-Site Scripting (XSS) vulnerability was identified in **FlatPress 1.3.1** within the "Add Entry" feature. This vulnerability allows **authenticated attackers** to inject malicious JavaScript payloads into blog posts, which execute when other users view the posts. The issue arises due to **improper input sanitization** of the **"TextArea" field** in the blog entry submission form.

## Attack Vectors  
- An **authenticated attacker** can inject a malicious **JavaScript payload** into the blog post entry.  
- The payload executes when an **admin or another user** visits the affected blog entry.  
- This could lead to **session hijacking, phishing, or other client-side attacks**.

## Proof of Concept (PoC)  

### Steps to Reproduce:  
1. **Login as an Admin** in FlatPress v1.3.1.  
2. Navigate to the **"Add Entry"** section.  
3. Insert the following **XSS payload** in the text area:  

   ```html
   <script>alert('XSS Payload Triggered');</script>
   ```
4. Save the Entry and View the Post

The JavaScript payload will execute when the page loads, triggering an **XSS alert box**.  

   


![Screenshot 2025-02-21 094902](https://github.com/user-attachments/assets/2559bfba-8b4b-4a1c-b6b1-f11eb9637743)

![Screenshot 2025-02-21 094915](https://github.com/user-attachments/assets/557a86fa-0cfe-462e-938b-c762abfbdfe0)

![Screenshot 2025-02-21 095029](https://github.com/user-attachments/assets/f17be1ca-52b4-4dd8-af48-6d7eed0523fc)

![Screenshot 2025-02-21 095046](https://github.com/user-attachments/assets/1d10f62a-797b-461d-8efb-b28ca8fa04fe)

![Screenshot 2025-02-21 095059](https://github.com/user-attachments/assets/b98c25e7-15e7-4192-8968-ba718113d68c)


## Impact  
- **Code Execution:** ✅ *(JavaScript execution in the victim's browser)*  
- **Potential Exploits:**  
  - **Session Hijacking** (stealing admin cookies).  
  - **Phishing Attacks** (redirecting users to malicious sites).  
  - **Defacement** (injecting unwanted content into the page).  

## Affected Product  
- **Product:** FlatPress  
- **Version:** 1.3.1  
- **Component:** Add Entry Feature (TextArea Field)  

## Mitigation  
- **Sanitize user inputs** before rendering.  
- **Implement Content Security Policy (CSP)** to block inline scripts.  
- **Update to FlatPress 1.4-dev**, where the issue is patched.  

## Vendor Contact  
- Contacted via email:  
  - [hello@flatpress.org](mailto:hello@flatpress.org)  
  - [frank.pcn@gmail.com](mailto:frank.pcn@gmail.com)  
- Vendor **confirmed** the issue on **January 12, 2025**.  
- The vulnerability is being patched in the **FlatPress 1.4-dev branch**.  

## References  
- [FlatPress Official Website](https://www.flatpress.org/)  
- [FlatPress GitHub Repository](https://github.com/flatpressblog/flatpress)  

## Discoverer  
**Athul S**
文件快照

 [4.0K]  /data/pocs/c22e5a54f9b5b6aeb76f83406bdcb9224510cd7f
└── [2.8K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →