Textpattern 4.8.7 is affected by cross-site scripting (XSS) in the Body parameter.

#Exploit Title: Textpattern CMS v4.8.7 “Content>Write>Body” — Stored Cross-Site Scripting
# Exploit Author: Tanmay Bhattacharjee
# Vendor Homepage: https://www.textpattern.co
# Software Link: https://textpattern.com/start
# Version: 4.8.7
# Tested on: Ubuntu

Vulnerable Parameters: Body.

Attack Vector:
This vulnerability can results attacker to inject the XSS payload into the body parameter.
any user will go to that URL, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.

Steps-To-Reproduce:
1. Login into Textpattern CMS admin panel.
2. Now go to the Content > Write > Body.
3. Now paste the below payload in the URL field.
“/><script>alert(document.domain)</script>
4. Now click on publish button and click on view button. Boom Boom Boom
5. The XSS triggered

In above scenario if you check I will capture this request as HTTP POST method.

So it is stored XSS or persistent XSS.

No bruteforcing, happy with manual testing.

Have a nice day.

Thanks,

Tanmay

Penetration Tester@⠎⠓⠁⠗⠍⠊⠞⠁⠝⠍⠁⠽

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

NuNet - KYC Guide

{UPDATE} Escape Games Hack Free Resources Generator

How to accept USDT as payment on your webpages?

accept tether payments

Whatsapp Business Review, Release Date, Prices & Lies

Outages have affected several high-profile websites, including HSBC and Airbnb

How to add CTR token to Trust Wallet

Atomic Hunting with Atomic Red Team: Starting Your Threat Hunting Journey

Secure your NFTs by avoiding these common digital threats

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tanmay Bhattacharjee

Tanmay Bhattacharjee

Penetration Tester@⠎⠓⠁⠗⠍⠊⠞⠁⠝⠍⠁⠽

More from Medium

My experience with CKAD(certified Kubernetes Application Developer) exam

CORS vs CSRF vs XSS, from a web developer’s view

How to Use Waler to Inspect Your Docker Image?

Wordpress and SQL pod on the top of K8S using ansible.