https://blog.qife122.com/tags/flatpress/ Recent content in FlatPress on 办公AI智能小助手 Hugo zh-cn qife Fri, 26 Sep 2025 04:44:19 +0800 https://blog.qife122.com/p/flatpress-1.4.1%E5%AD%98%E5%82%A8%E5%9E%8Bhtml%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ Fri, 26 Sep 2025 04:44:19 +0800 https://blog.qife122.com/p/flatpress-1.4.1%E5%AD%98%E5%82%A8%E5%9E%8Bhtml%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ <h1 id="漏洞标题存储型html注入---flatpressv141">漏洞标题：存储型HTML注入 - flatpressv1.4.1</h1> <h1 id="日期092025">日期：09/2025</h1> <h1 id="漏洞作者andrey-stoykov">漏洞作者：Andrey Stoykov</h1> <h1 id="版本141">版本：1.4.1</h1> <h1 id="测试环境debian-12">测试环境：Debian 12</h1> <h1 id="博客httpsmsecureltdblogspotcom202509friday-fun-pentest-series-41-storedhtml">博客：https://msecureltd.blogspot.com/2025/09/friday-fun-pentest-series-41-stored.html</h1> <p>存储型HTML注入：</p> <p>复现步骤：</p> <ul> <li>使用管理员用户登录并访问&quot;Main&quot; &gt; &ldquo;New Entry&rdquo; &gt; &ldquo;Write Entry&rdquo;，在描述中输入载荷&quot;[html]<div style="border:2px solid red;padding:20px;margin:20px;background:yellow"><h2>SECURITY ALERT</h2><p>Your account has been compromised. Please login again:</p>