Stored XSS via SVG File in flatpressblog/flatpress
Oct 4th 2022
flatpresshas a feature to upload file "uploader" and display from "media manager". By uploading SVG files, the users can perform Stored XSS attack. Copy the following code and save as filename.svg.
Proof of Concept
- login to http://demos4.softaculous.com/FlatPresseidiiohclz/admin.php?p=uploader&action=default
- go to uploader and upload this svg file
- go to the media manager and click on the svg file or open from the direct link: http://demos4.softaculous.com/FlatPresseidiiohclz/admin.php?p=uploader&action=mediamanager http://demos4.softaculous.com/FlatPresseidiiohclz/fp-content/attachs/filename.svg
if you need more specific information, feel free to contact me.
If an attacker can execute the script in the victim's browser via SVG file, they might compromise that user by stealing its cookies.